3Com OfficeConnect 812 manual

http://www.3com.com/ ® Of ficeConnect ® Remote 812 ADSL Router CLI User’ s Guide Release 2. 0 Part Number 10043337 AA[...]

ii 3Com Corporation 5400 Bayf ront Pla za Santa Clara, Ca lifor nia 95052-8145 Copyright © 2001 3Com Corporation. All rights reserved. No part of this documentation ma y be repr oduced in any form or by any means or used to make any derivative work (such as translation, transformat ion, or adaptation) without written permission from 3Com Corporati[...]

iii Table of Contents 1 A CCESSING THE C ONFIG URATION I NTERFACE Establis hing C ommunica tions w ith th e OfficeConne ct Remot e 812 1 -1 Local Conn ection 1 -1 IBM-PC Compat ible Comp uters 1 -1 Macintos h Comput ers 1 -1 UNIX-B ased Computer s 1 -2 Remote Co nnection 1 -2 2 CLI C OMMAN D C ONVENTIO NS AND TERMINOLOGY Command St ructure 2 -1 For[...]

iv Quick Setup Script In structions 4 -2 Quick Setup Script 4 -2 Do you want to co ntinue Quick Set up? 4 -2 Passwor d Pr otection 4 -2 Which p ortion s of the ne twork do you w ant to confi gure? 4 -2 Quick Set u p Ide n tificati on Information 4 -3 Quick S etup Ma nagement Inform ation 4 -3 TELNET inf o rmatio n 4 -4 Quick Set u p IP In formation[...]

v Setting Up a V irtua l Privat e Netw ork (VP N) T unnel 6 -5 T unn el En cryption 6 -5 VPN T unnel ing Over view 6 - 6 Before Y ou Begin 6 -6 Initia ting a VPN T unn el 6 - 6 Enab ling and Disa bling a VPN T unnel 6 -7 Display ing VPN T unnel Inform ation 6 -7 Creating a V PN T unnel Usin g 812 D efault V alues 6 -7 T unn el Co mmand s 6 -8 Creat[...]

vi Config uring the DHCP Relay 6 -29 Moni toring the DH CP Rela y 6 - 29 DNS 6 -29 Conf iguring DNS 6 -30 DNS Host Entri es 6 -30 Managi ng th e DN S Proxy 6 - 30 Access Lists 6 -31 IPX Rou ting 6 -31 Enabli ng IPX Routi ng 6 -32 Con fig uri ng IP X fo r th e LA N 6 -3 2 Confi guring IPX fo r Remote Site Co nnecti ons 6 - 32 Confi guring IPX St ati[...]

vii IP RIP Packet Filter ing Usi ng CLI 6 -50 IPX So urce and Dest inati on Netw ork Fil terin g Using C LI 6 -51 IPX So urce and De stin ation H ost Fi ltering Usin g CL I 6 -51 IPX So urce and De stinat ion S ocket N umbe r Filte ring Us ing C LI 6 - 51 IPX RI P Packe t Fil terin g Using C LI 6 -52 IPX SA P Pac ket F ilte ring Using CLI 6 -52 Bri[...]

viii B CLI C OMMAND D ESCRIPTION CLI Co mmand s B -1 ADD B -1 add a ccess <ip su bnet address> B -1 add auto_f ilter eth _blk_dst B -1 add auto_f ilter vc_blk_ netbios B -1 add bri d ge netw ork <network_n ame> B -1 add dn s host <host_nam e> address <ip_address> B - 2 add dns serve r <domain_ name> B -2 add filter <[...]

ix delete ipx service <se rvice_name> B -11 delete pat tcp vc <vc_name> B -11 delete pat udp vc <vc_name> B -11 delete n at [dynamic | static ] vc <vc name> publi c_pool _start <address> B -12 delet e network s ervice <ser vice_name> B -12 delete s nmp communi ty <name > B -12 delet e snmp trap_commu nity &[...]

x enable i p rip B -15 enable ip r outing B -15 enable ip x network <n etwork_name> B -15 enable lan access B -15 enable lin k_traps interface <interface_nam e> B -16 enable net work service <servi ce _name> B -16 enable secu rity_option r emote_user ad ministration B -16 enabl e security _optio n snmp us er_access B -16 enable sn[...]

xi list se rvice s B -21 list sn mp commu nities or list snm p trap_ commun ities B -21 list sys log B -21 list tc p connecti ons B - 22 list tf tp clients B -22 list ud p liste ners B -22 list t unnel B -22 list us ers B -2 2 list vc B -22 logi n_r equir ed B -22 password B - 22 P AUS ED C OMMA NDS B -2 2 PING B -2 3 ping <ip_ name_o r_addr>[...]

xii set sys tem B -34 set sy slog <ip_ address> lo glevel [ level] B -34 set time <ti me> B -34 set tun nel <tunne l_name > B -34 set u ser < user_n am e> B -35 set vc <vc_name> B -36 set vc <vc_name> atm B -38 SHOW B -39 show access B -39 show atm status B -39 show ad sl stati stics B -40 show adsl performance B[...]

xiii show memory B -50 show ne twork <name > sett ings B -50 show network < name> coun ters B -50 show ppp on vc <vc_name> co unters B -51 show ppp on vc <vc_name> s ettings B -51 show ppp on interfa ce <nam e> counters B -51 COUNTER S for PPP BUNDLE 1 B -51 COUNTER S for PPP LINK 1 - 5 B -51 show ppp on interf ace <[...]

xiv POSITIO NAL HELP B -57 Comma nd Compl etion B -57 Output Pause B -58 Comm and Kill B -58 Comments B -58 3C OM C OR PORAT ION L IMITED W ARRANTY FCC C LASS A V ERIFICATION S TA TEMENT FCC C LASS B S TATE MENT FCC D ECLARATION OF C ONFORM ITY[...]

1 A CCESSING THE C ONFIGU RATION I NTERFACE This chapte r explains how to at tach to the configur ation interf ace locally via the consol e port or remotely via a T elne t session . This chapte r also introduces you to the capabi lities and conventi ons associated with manag ement of your Office Connect â Remote 81 2. Establishing Commun icat ions[...]

1-2 C HAPTER 1: A CCESSING THE C ONFIGURATI ON I NTERFACE UNIX-Based Computers Kermit , min i com and tip are typica l terminal emul ation pr ograms for UNIX- based computer s. Dependin g on the platfo rm you ’ re usin g, y ou ma y ne ed to m odify a config uration fil e for vt100 sett ings. Remote Connection I f you w ant to atta ch to the OCR 8[...]

2 CLI C OMMAND C ONVENTIONS AND TERMINOLOGY This chapte r describes the comm and syntax, conventions and terminolo gy used within the C ommand Line Inter face. Reviewing and under standing thi s chapter is essenti al for you to under stand subsequ ent chapter s. Command Structure Format Commands can be foll owed by values and/o r parameters and val[...]

2-2 C HAPTER 2: CLI C OMMAND C ONVENTIONS AND TERMINOLOGY The type of val ue you enter must match the typ e requested. Numb ers ar e either deci mal or hexadecimal . T ext can be eit her a string that you cr eate, or it may be a list of opt ions you must choos e fr om. When choosing an op tion, type the text o f the opt ion exactly . Names or Strin[...]

Command Stru cture 2-3 Help is most usefu l during configur ation: query the li s t of pos sible parameter s by typin g ? and, when you find t he value you nee d, type it witho ut losing your place in the argume nt. Just be sur e to leave a space between the keywor d and the question mark. Conventions Most command s ar e not case sen sitive. As a r[...]

[...]

3 C ONFIGUR ATION M ETHODS The OCR 812 C LI offers three setup ch oices, all of which ar e described in this section: the auto mated, Quic k Se tup me thod, t he QuickVC Se tup meth od, and the manual method . Review the capabil ities of each bel ow and decide which configu r ation method best sui ts your needs, then proceed to the appr opriat e ch[...]

3-2 C HAPTER 3: C ONFIGUR ATION M ETHODS Manual Setup Instru ct ions Once you become familiar with the CLI interface, you might find it mor e ef ficient to mana ge the OCR 812 manually . Manual co nfigurati on is most versatil e in that you only ent er commands that need t o effectiv ely change fr om the curr ent config uration. Also , many of the [...]

4 Q UICK S ETUP This chapte r will describe i n detail the operat ions of the Quick Se tup progra m. It will id entify the requir ed info r matio n, steps involv ed, and sam ple output scri pts fr om the execution o f this pro gram. CLI Quick Setup Script Introduction The C LI Quick Setup pr ogram allows yo u to quickly conf igure LAN- side, global[...]

4-2 C HAPTER 4: Q UICK S ETUP Downgr ading the Rem o te 812 So ftware t o a Previo us V ersion Downgr ading the 812 softwar e to an older vers ion is not recomme nded (we suggest you upgrade to obt ain the latest and most r eliable softwa re availabl e). If you d o choose to downgr ade, we sugges t you delete y our existing c onfigura t ion before [...]

CLI Quick Setup Script 4-3 Quick S etup Iden tification I nformatio n Quick Setup Manage ment I nformatio n An SNMP comm unity names a group of systems t hat can manage your system vi a SNMP . It is a rudimentary for m of securi t y . Along wit h a community name, you can l i mit acces s to a specific manag ement station . "0.0. 0.0" mean[...]

4-4 C HAPTER 4: Q UICK S ETUP TELNET info rmation For TEL NET managemen t of the syste m, you need to cr eate a u ser name and passwor d to contr ol access. Quick Setup IP Informati on The OCR 812 us es a network name to i dentify the net work for futu re manageme nt commands. The IP mask can be spe cified either as a class ("A", "B&[...]

CLI Quick Setup Script 4-5 The OCR 812 can act as a DHCP s erver , provid ing IP addr esses to other st ations on the local LAN. It is possible to restrict access to the TF TP server to a specific system or a list of systems. Quick Se t up wil l allow you to enter one system that is allowed or allow access to all systems. IP setup is com pleted. Qu[...]

4-6 C HAPTER 4: Q UICK S ETUP Quick Setu p Brid ge Inform atio n The networ k name is used by t he OCR 812 to identi fy your bridg ing setup. The spannin g tree algor ithm is used to elimi nate loops in a network t hat is linked togethe r with brid ges. Wou ld you like to r eview your curr ent sett ings befor e executing [y es]? Sample Identifi cat[...]

CLI Quick Setup Script 4-7 Sampl e Output Display as Quick Set up Executes OCR-D SL> set syst em na me "na me" OCR-D SL>set sy stem l ocation " vienna" OCR-DSL>set system contact "jc" OCR-D SL>enable comm and passw ord “ password ” OCR-D SL>add snmp co mmuni ty public add ress 0.0.0.0 a ccess RW OCR-[...]

[...]

5 Q UICK VC S ETUP This chapte r will describe i n detail the operati ons of the OCR 812 Quick VC Setup W izar d prog ram. It will ident ify the requir ed info r matio n, steps inv olved, and sample out put scripts from th e execution of th is prog ram. CLI QuickVC Setup Script Introduction The CLI QuickVC Se tup progra m allows you to quic kly con[...]

5-2 C HAPTER 5: Q UICK VC S ETUP The Categ ory of Ser vice and cell rate paramete rs only affect data transm itted from the OC R 812 to the remote si te (up stream directio n). Th e defa ult value of U BR with a Peak Ce ll Rate of 0 will attem pt to use all avai lable upstrea m band width when tra nsmitting to the re mote site. The A TM Confi gurat[...]

CLI Quick VC Setup Script 5-3 The IP confi guration fo r VC “ name ” is no w complete. IP Confi gurati on (Netwo rk Serv ice RFC 1 483) Port Address T ranslation (P A T) allows a si ngle WAN-side IP addre ss to be ‘ sh ar ed ’ by multiple LAN-side devices. If yo u cho ose to run P A T the WAN interfac e mus t be Numbe red. (i .e., th ere mu[...]

5-4 C HAPTER 5: Q UICK VC S ETUP IPX Ro uting ( N etwo rk Servi ce PPP) The IP X configur ation fo r VC “ name ” is n ow com plete . IPX Ro uting ( N etwo rk Servic e RFC 1483) The IP X configur ation fo r VC “ name ” is n ow com plete . Brid ging The OCR 812 can be confi gured to sen d and recei ve the route d (IP and IPX) packets using br[...]

CLI Quick VC Setup Script 5-5 Sample I dentificatio n Information This section co ntains a samp le of possible settings . Encapsul ation type: PPP AT M i n f o r m a t i o n : VPI/VC I: 0/33 Category of Service: UBR Peak Cel l Rate: 0 IP: Enabl ed Local W AN IP Addr ess: Lear ned Remote W AN IP Addr ess: Learned W AN Inte rface T ype: Number ed Add[...]

[...]

6 M ANUAL S ET UP This chapt er describ es how to manually set up the OCR 812 for rout ing or brid ging. Configur ation Overview The foll owing steps pr ovide an outline t o follow when c onfiguring the OCR 812 t o rou te or bridge to r emote networ ks. 1 Deter min e ho w the OCR 81 2 w ill be use d (a s an IP , I PX R outer and/ or Br idge ) and g[...]

6-2 C HAPTER 6: M ANUAL S ETUP Remote Site Management Each r emote site that you want to conn ect to is accessed t hrough a sing le A TM Virtual C hannel connecti on. T o set up connecti ons over the W AN, a VC (r emote site ) profi le must be crea ted and edited. W ith this pr ofile, you speci fy A TM Virtual Channel info rmation, pr otocols , and[...]

Remote S ite Managem e nt 6-3 For example , if you want t o change the PPP authentic ation passwor d to testpassword for a pr ofile call ed I nternet you would do the foll owing: disab le vc Interne t set vc Internet send_passwor d testpassword enable vc Internet Configuri ng Network Service Informati on A Networ k Service define s the data enc aps[...]

6-4 C HAPTER 6: M ANUAL S ETUP When the N etwork Service i s set t o RFC 1483, the pr ofile ’ s IP WA N addresses can be dynamic ally learned with the DHCP pr otocol. T o enabl e DHCP on a Remo te Sit e prof ile: 1 Set the net w ork serv ice to RFC 1483: set vc <vc name > dyna mic_ip_a ddres sing dhcp_ client 2 Enable MAC encapsulated r out[...]

Sett ing Up a V irtu al Pri vat e Netw ork (V PN) T unnel 6-5 set vc name <vc name > atm vci <vci value> vp i <vpi va lue> Y ou should have bee n provided with Ca tegory Of Service par ameters. UBR - Uns pecified B it Rate; No li mit has been spe cified for the upstr eam data flow . CBR - Consta nt Bit Ra te; A c onstant r ate has[...]

6-6 C HAPTER 6: M ANUAL S ETUP VPN T unneling Overview A VPN t unnel is a priv ate virtual cir cuit tha t uses public wir es to connect two nodes. For example, it is common pr actice to crea te VPNs that use the I nter net as the public med ium over which privat e info rmatio n is sent an d received. T unnellin g is a technology that enab les one n[...]

Sett ing Up a V irtu al Pri vat e Netw ork (V PN) T unnel 6-7 Enab ling a nd Disa bling a VPN T u nnel T o enab le a VPN , ente r the enable tu nnel comma nd. T o disabl e a VPN, enter the disa ble t unne l command . Before you attempt to set or chan ge any param eter for a VC, you must first disable the VC usin g the DISAB LE VC <vc _name > [...]

6-8 C HAPTER 6: M ANUAL S ETUP be blank (a ssigned with the value “” ). Y ou can chang e t he P ASSWORD and SEND_P ASSWORD using the SET TUNNEL [P ASSWORD | SEND_P ASSWORD ] command. Y ou mus t change th e SEND_P ASSWORD (to t he appropriate authenti cation password value expected b y the VPN Server ) using the SET TUNNEL < tunnel _name> [...]

Sett ing Up a V irtu al Pri vat e Netw ork (V PN) T unnel 6-9 For example , to change the SEND_P ASSWORD settings o f a tunnel named ZOOM to VPN, e nter the follo wing comm and: SET TUNNEL ZOOM SEND_PASSWORD VPN Y ou must disable t he tunnel using t he disabl e tunnel <t unnel_na me> command be fore you can change an y parame ters. Cr eating [...]

6-10 C HAPTER 6: M ANUAL S ETUP Confi guring Authenticatio n and Encr ypti on T o lear n ho w to use CLI co mmand s to config ure authentica tion and e ncrypti on for the OC R 812, please refer to the fo llow ing: T o configur e authentica tion par ameters, see set ppp r eceive_authent ication [ANY | AN Y_EXCEPT_MSCHAP | C HAP | MSCHAPV1 | MSCHAPV [...]

Sett ing Up a V irtu al Pri vat e Netw ork (V PN) T unnel 6-11 An adminis trator ma y also set up a Windows 2000 Server as a router with a privat e IP subnet set to 98.76 .54.0/C. T o add DHCP Services o n the Windows 2000 Server , an admini strator can use an y IP addr esses from 98.7 6.54.1 to 98.76.5 4.253 inc lusive. IP a ddresses for works tat[...]

6-12 C HAPTER 6: M ANUAL S ETUP vpdn- group 1 accept- dialin pr otocol l 2tp virtu al-t emp late 25 terminate -from hostname OfficeConnect local name c7 200 no l2tp tu nnel authe ntication sour ce-ip 192. 180.3.2 3 In Cis co route r co nfigura tion mode , e nter the fol lowin g com mand s to con figure the privat e network (LAN) i nterface: interfa[...]

Sett ing Up a V irtu al Pri vat e Netw ork (V PN) T unnel 6-13 ppp aut henticat ion pap 6 Ensur e RIP and IP Pool co nfiguration pa rameters ar e set to the foll owing values: RIP Conf igurati on ro uter rip ver 2 network 1 92.180.3. 0 IP Pool for L2TP T unn el ip local pool L2TP 192 .168.200.3 19 2.168.200. 10 At this poi nt, your L2TP tunn el sho[...]

6-14 C HAPTER 6: M ANUAL S ETUP Adding a Fra med R oute for a VPN T unnel If you wish to set up a route to a net work on the private ( LAN) side of a r emote site, use a f ramed rout e. T o add a framed ro ute for a VPN tunn el, enter the add framed_ route vc com mand or the add fram ed_route tunn el command a t the CLI prompt . For mor e informati[...]

IP Ro utin g 6-15 Enab ling IP Routing When th e OCR 8 12 is to be used f or IP Rout ing, IP forwar ding m ust be ena bled. This is a glo bal setting for the enti re ro uter . T o enable IP r outing, use t he command: enab le ip forwarding T o disa ble IP routi ng, use the comman d: disa ble ip forwarding IP For warding refers t o the r outing of I[...]

6-16 C HAPTER 6: M ANUAL S ETUP Y ou can obtain a li st of all confi gured net works using the command list networ ks . T o on ly list IP netwo rks, use list ip network s . By defaul t, the network is en abled when it is cr eated. Y ou can disable th e network using t he following comma nd: disa ble ip ne twork <network name > Y ou can del et[...]

IP Ro utin g 6-17 The IP addr ess associated with the l ocal side of the W AN connecti on can be specifie d by you, learned fr om the remote site (if you ar e using PPP as the Network Service for the connect ion), or the inte rface can be Unnumb ered. T o specify th e local IP address use the comma nd: set vc <v c name> lo cal_ ip_add ress &l[...]

6-18 C HAPTER 6: M ANUAL S ETUP If you ar e using address translatio n for a remote site connection (NA T) you must set ip_r outing to LISTE N or NONE. This is beca use you have set up a private LAN network and there fore do no t want to be broadcas ting inf ormation to other route r s. The OCR 812 will no t allow a profil e using address t ranslat[...]

Add ress Tran slati on 6-19 IP T ools The OCR 812 CLI pro vides a standa rd set of IP utilit y program s including Pin g, TELNET and RLOGIN. Address T ranslation Public IP ad dress es ar e regis tered and can be used wit hin a public netwo rk (e.g., the Internet). Due to the limit ation of IP version 4 addr ess space and th e growth of the Inte r n[...]

6-20 C HAPTER 6: M ANUAL S ETUP P A T allows mul tiple privat e IP addres ses to use one publi c IP addr ess by dynamical ly and static ally mapping ea ch private I P source ad dress and pr ivate IP source port to one public IP s ource addr ess and one publi c IP sour ce port. Super NA T shoul d be used to opti mize addr ess translat ion when the I[...]

Add ress Tran slati on 6-21 ther e is no existin g dynamic or stati c port mapping, the packet will be tran sl ated usin g t he P A T defa ult ad dress. Confi guring P A T T ypi cally , P A T only needs t o be enabled or disabled for a remote sit e connection. Use the foll owing command to co nfigur e P A T in a v c pro file: set vc <v c name>[...]

6-22 C HAPTER 6: M ANUAL S ETUP mem or y . I f yo u do n ot e nter the save all comma nd before a reboo t, unsaved changes made since the last save will be lost. Intelli gent P A T Enabled by d efault, Intel ligent P A T pro vides a “ best gues s ” as to where an incoming packet sh ould be d eliver ed when : A de fault P A T desti nation a ddre[...]

Add ress Tran slati on 6-23 Please al so note the foll owing: The “ bes t guess ” LAN workst ation will co ntinue to recei ve all non-addr essed packets sent by th is r e mote work stat ion un til a nd un less a new (dif fer ent) communicat ion pattern is de tected by Intel ligent P A T . When a new communi cation pattern is det ected, Intelli [...]

6-24 C HAPTER 6: M ANUAL S ETUP Confi guring NA T Stat ic and Dyna mic Mappi ngs If you do no t configur e static or dyna mic mappings fo r NA T (even if t hey have a defaul t P A T addres s), the foll owing erro r messa ge displays on th e CLI console when you enabl e the vc: When Netw ork Addre ss Translat ion (NA T , RFC 16 31) is en abled, Sta [...]

Add ress Tran slati on 6-25 If you choose ( optionall y) to add stati c or dynam ic mappings for Sup er NA T , do not use the public WAN po rt IP addres s of the OfficeCo nnect 812 as one of the Super NA T static or dynamic pu blic IP address es. T o confi gure OCR812 to use Super NA T , perform th e following steps : 1 Config ure a ll NA T and PAT[...]

6-26 C HAPTER 6: M ANUAL S ETUP Configur ing the 812 for SIP Phone Su pport The OCR 812 can be confi gured to use SIP phones. Overview A SIP phone (Se s sion Initia tion Pr otocol pho ne) is a network - capab le telephon e that uses Eth er net connectiv i ty to place an d receive call s over the Internet. SIP phones send and r eceive voic e data as[...]

DHCP 6-27 caller id entity (and fin ds, then connects to, the recip ient ’ s IP address ). The IP address o f the intended rec ipient is their (SIP) phone numb er . By cre ating and storing a call er identity , a proxy serve r enables pa rty A to call party B (and vi ce-versa), even if th e recipient ’ s IP addr ess (SI P phone numbe r) is not [...]

6-28 C HAPTER 6: M ANUAL S ETUP Conf igurin g the DHCP Serve r The OCR 812 ’ s DHCP Server has the foll owing fields that wil l need to be config ured: Host name Doma in Name IP Addr ess Pool, Start and End addre ss IP S ubnet addr ess mask Leas e per iod WINS S erver addr esses DNS Server addr esses The Hostname is th e base name assigned to the[...]

DNS 6-29 assigned , the corr esponding wor kstation MAC ad dresses , and r emaining time befor e the lease expir es. show dhcp server counters list dhcp se rver leases The DHCP Server configurati on is displayed wi th the show dhcp serv er settings command. Confi guring t he DHCP Relay The OCR 812 can r elay DHCP re quests to up to two Remote Se rv[...]

6-30 C HAPTER 6: M ANUAL S ETUP Configu ring DNS T o enable DN S function ality on the OCR 812, use th e command: enable dns T o disable DNS functio nality , use the command: disa ble dns Y ou can configur e three glo bal DNS para meters that contr ol the ope ration of th e DNS pr oxy . Numbe r of Ret ries : the num ber of ret ry attempts whe n acc[...]

IPX Routi ng 6-31 T o displa y the conte nts of the DNS Server tab l e, use the comman d: list dns servers T o delet e a domain entry , use the comma nd: delete dns serv er <doma in nam e> Access Lists Access lists enab le you to r estrict which Remote Subnet s are all o wed to access the Manageme nt services of the OCR8 12. T o add a r emote[...]

6-32 C HAPTER 6: M ANUAL S ETUP Remembe r to save y our configurat ion using the save al l command befo re reboot ing your OCR 812 so tha t your chang es will be wri tten to p ermanent FLAS H memory . Enabli ng IP X Routin g Unlike IP , there is no setting on th e OC R 812 that en ables or disables IPX routing functi onality on a glob al basis. Con[...]

IPX Routi ng 6-33 T o specif y t hat the in terface is Unnumbe red you must ente r 00000000 for th e <ipx netwo rk addres s> parameter . set vc <v c name> ipx_ad dress 00000 000 Conf igurin g IPX S tatic and Fra med Routes A stati c route i s a configur ed rout e that will r emain in the r outing tabl e until deleted. Static r outes d i[...]

6-34 C HAPTER 6: M ANUAL S ETUP Configuri ng IP X Static and Fram ed Servi ces The Serv ice t able co ntai ns IP X se rver nam es, t he ser vices they provide, their network addr esses and node add resses, and their relative di stances. Examples of services includ e file se rvers and pri nters. Note th e foll owin g: A static service entry i s a ma[...]

Bridging 6-35 dele te ipx_serv ice vc <vc name > nam e <service name> type <typ e> Remember t o disable and then re- enable the VC prof ile for the change to tak e effect. Conf iguring IPX R IP and SAP IPX RIP i s used to e xchange IPX r outing inf ormation wi th other IP X rout ers. SAP is a pro tocol used by IPX se rvers and r o[...]

6-36 C HAPTER 6: M ANUAL S ETUP The OCR 812 brid ge supports the Sp anning T ree Pr otocol (S TP). This featur e is used when tw o networks ar e joined by two bridg es forming a loope d network. STP pr events the data p ackets fro m circ ling the t wo net works. The OCR 812 pr ovides a Bri dge Firewall function which allows flex ible config uration[...]

Bridging 6-37 IP For warding refers t o the r outing of IP packets fro m one i nterface to anoth er . I t does no t affect commun icating to the OCR 812 itself. Even when IP Forwarding is disabl ed, you can perform no n-routing fu nctions such as us e a We b browser to manage the un it and use PING. T o see the curr ent IP Forwar ding status use th[...]

6-38 C HAPTER 6: M ANUAL S ETUP MAC-En capsul ated Routi ng Because r outers ba se their for warding de cision on netw ork-level ad dress es, packets tha t are r outed ove r a W AN are tr ansmitted witho ut MAC-layer ad dresses. Addit ionally , addr ess r esolution pr ocedur es that can be used t o determine th e destinati on MAC address for a pack[...]

System Admini stra tion 6-39 2 Forwar d Unicast Packets Only : If a pr otocol is con figure d for rou t ing, an d a packet for that pr otocol ty pe is received from the LA N that is not addresse d to the M AC ad dress of the OCR 812, it is bri dged. Addit ionally , ARP br oadcas ts for IP addr esses ot her than that of the OCR 812 ar e also bri dge[...]

6-40 C HAPTER 6: M ANUAL S ETUP Y ear (yyy) can be speci fied as 2 digits or as 4 digits (97 or 1997 ). For exampl e: set date 01-JAN- 1998 T o manually set the time , use the c omma nd set ti me (which sets the system ti me, and leav es the date unchange d). Set time command for mat is hh:mm:ss. The seconds (ss) field i s optional. Military time ([...]

System Admini stra tion 6-41 If mor e than one OCR 812 is installed in your network, eac h OCR 812 is assigned a di fferent primary NTP server (the assig nment of a pri mary NTP server to a give n OCR 812 is based on the uniqu e MAC addres s of that OCR 812 unit). T o specify a secon dary NTP server , use the follo wing command: set secondary_serv [...]

6-42 C HAPTER 6: M ANUAL S ETUP T o specify a time zon e for NTP , use the follo wing co mmand: set timezone <timezone_n ame> The de fault t ime zone is GM T . T o display NTP ti me zone settin gs, use the follo wing command: list tim ezone T o dis play NTP s etting s, us e the fol lowin g com mand : show n tp <s ettings > T o display N[...]

System Admini stra tion 6-43 Displaying Date, Time, and Syst em Uptime T o displ ay current date , current time, a nd system uptime (time elapsed since power -on), use the c ommand sho w d ate . Date and time inform ation displa ys in t he followi ng format: System D ate: 02-MAR-1998 05:17:0 0 System U pT ime: 2d 08:37:54 Settin g System Identifica[...]

6-44 C HAPTER 6: M ANUAL S ETUP Pro viding TF TP Access T rivial Fi le T ransfer Pr otocol (T F TP) pr ovides a simple way to transfe r files fr om one machine t o another . The OCR 812 ha s a TF TP server tha t allows yo u to copy file s to or fr om the uni t. All yo u have to d o is set up TF TP access on the OCR 812 and run a TF TP client pr ogr[...]

System Admini stra tion 6-45 After lo gging in to the CLI, you can exit the CLI with the co mmand: exit cli[...]

6-46 C HAPTER 6: M ANUAL S ETUP T o set the idle timeou t period, use the comm and: set co mmand idle _timeout <ti meout> wher e < timeo ut > specifies the idle timeout period in mi nutes. By de fault, ther e is no idle timeout peri od. This capa bility is usef ul for system admi nistrators or users who wish to r estrict access t o the [...]

Offic e Conn ect Remote 812 F iltering Capab ilities 6- 47 Packet fil ters contr ol inter -network d ata transmis sion by accepti ng or re jecting the passage of s pecif ic packets thr ough network interface s based on packet head er informat ion. When data packets ar e recei ved by a network inte rface such as an Ethernet LAN or W AN port, a packe[...]

6-48 C HAPTER 6: M ANUAL S ETUP Generic Filters Generic filt ers are pr otocol-i ndependent and are spec ified by byte and of fset values in a packet . Packets ar e filter ed by comparing each packet ’ s of fset valu e and byte info rmation with th e values that you def ine in the filt er . The r outer will acce pt or re ject the packet ba sed on[...]

Creating Filters Using Command Line Interface 6-49 Filte r File Comp onents in CLI Y ou define the fi ltering rul es used by the r outer within filter files. Fi lter files ar e text files that ar e stor ed in the unit ’ s FLASH memory . Y ou can cr eate and modify fil ter files usin g an off-li ne text editor , then TF TPing the f inished fi le o[...]

6-50 C HAPTER 6: M ANUAL S ETUP the first match that occurs . If t here is no match, by defa ult the packet is accepted. For this reas on, you should or der your pr otocol rul es so that the rules you expect to be most f requent ly matched ar e in the beg inning of the sect ion. This r educes the amount of parsing ti me that occurs dur ing filteri [...]

Creating Filters Using Command Line Interface 6-51 Generic F ilter Rule The syntax for generi c filters is slightl y differ ent than that for other fil ters: <line #> <verb> GENERIC => ORIGIN = <FRAME > DA T A>/OFFSET = <# of bytes>/ LENG TH = <# o f bytes>/MASK = < 0x M ask>/V ALUE = <0x v alue> ORI [...]

6-52 C HAPTER 6: M ANUAL S ETUP IP So urce and Des tination Netwo rk Filte ring Using C LI Sour ce and desti nation addr ess filt ering is gener ally used t o limit permit ted access to trus ted hosts and netw orks only , to explici tly deny access to host s and networks that are no t trusted , or to limit ex ter nal access to a gi ven hos t (for e[...]

Creating Filters Using Command Line Interface 6-53 If the r outer is lis tening for , or br oadcasting RI P messages, you s hould allow them to pass i n the appr opriate di rectio n(s). Y ou define IP RIP filte ring rule s in the IP-R IP pro tocol section of the filter fi le. For exa mple, if you w an t to f ilt er al l routes exc ep t the one spe [...]

6-54 C HAPTER 6: M ANUAL S ETUP IPX: 1 ACCEP T sr c-socket = 0x001; 999 DE NY ; IPX RIP Pa cket Fil tering Using CLI Routin g Information Pr otocol (RI P) packets ar e used to identify al l attached network s as well as the n umber of route r hops r equir ed to r each them. The re sponses ar e used to update a r outer's r outing tab le. Y ou d[...]

Creating Filters Using Command Line Interface 6-55 3 ACCEP T generic=>origin=FRAME/offset=12/l e ngth=2/mask=0 xFFFF/value=0x8136; 4 ACCEP T generic=>origin=FRAME/offset=12/l e ngth=2/mask=0 xFFFF/value=0x8137; 999 DE NY ; Step by Step Gu ide to Cr eating Filt er Files Usin g CLI Y ou can create f ilter files usin g any text editor . Once the[...]

For exampl e, fr om the workstation command line en ter: tftp <OfficeConnect Remote 812 IP addr ess> put <filter filename> 12 The r outer does not r ecognize a filter file sto red in its FLASH memory until you add it to th e mana ged filte r tabl e. T o n otify the u nit abou t the fi lter f ile for the first time, yo u must issue the C[...]

Applying F ilters Us ing CLI 6-57 Most import antly , the rout er does not know which in terface an outgoin g packet came in thr ough. If a potent ial intruder forges a pack et with a false sour ce address (in or der to appea r as a tr usted host or n etwork), th ere is no way for an out put filter to t ell if that packet came in thr ough the wro n[...]

Confi guring Fi lters for a VPN T unnel T o configur e filters f or a VPN tunnel, us e the following com mands: set tunnel <tunn e l name> inpu t_filter <filter_name > set tunnel <tunn e l name> output_ filter <filter_name > For mor e informati on about config uring a VPN T unnel (i ncluding inf ormation abou t conf iguri ng[...]

Managi ng Filters Using CL I 6-59 It may be help ful to use the list files command to see files successfully stored in the FLASH memory . Removi ng a Filter fr om an Interface U sing CLI T o r emove a filter that is assigned to an in t erfac e, use the f ollowing comma nd: set interfa ce <interface nam e> input_filter " " set interf[...]

6-60 C HAPTER 6: M ANUAL S ETUP[...]

A OFFICECONNEC T REMOTE 812 SAMPLE CONFIGURA TION Sample Configu ration Overview This sect ion describes a samp le configurat ion that ill ustrates the f ollowing OCR 812 f eatures: Address T ranslation Internal DHCP Server and DNS Proxy . Multi ple R emote S ites, with different routi ng an d brid ging c onfig uration s. Our sampl e SOHO net work,[...]

A-2 A PPENDIX A: OFFICECONNECT REMOT E 812 SAMPLE CONFIGURATION Confi guring the Sample Network The foll owing section s discu ss the six steps r equir ed to confi gure our sample network . Global C onfigurati on IP LAN Networ k DHCP a nd DNS IPX LAN N etwork Bridge LAN Network Remote Sites Global Config uration Gl obal conf igur ation in clud es s[...]

Configur ing the Sample Network A-3 set dhcp server dns1 192. 168.200. 254 dns2 0.0.0.0 set dhcp server wins1 0.0.0.0 wins2 0. 0.0.0 add dns host o crdsl-3com.com ad dr 192.168.200 .254 add dns server MyC orp.co m primary 192.168 .1.253 add dns server * vc Inte r net enab le dn s When a D NS request is r eceived from a locally attached workstat ion[...]

A-4 A PPENDIX A: OFFICECONNECT REMOT E 812 SAMPLE CONFIGURATION dynamical ly lear n the addr esses for two r emote DNS Servers . The login name for this acc ount is “ interne t-user ” and the passw ord is “ 1a 2b3c ” . Port Addr ess T ranslation will be ena bled, allowing all the workstati ons on our local LAN to shar e one publi c IP addre[...]

Configur ing the Sample Network A-5 set vc corp-net ip_r outing both set vc corp-net ipx_ address 0 ip x_routin g all enable vc corp-net[...]

[...]

B CLI Command Description CLI Command s ADD Use the ADD com mand to defi ne: Networks yo u will conne ct to Hosts you need to access SNMP communi t ies Users who will dia l out, dial in, acce s s the net work, or use the CLI Note that som e paramete rs have default val ues. add access <ip su bnet address> The access list d efines which Remote[...]

B-2 A PPENDIX B: CLI C O MMAND D ESCRIPTION Y ou must use add us er to create a network type user for thi s comman d, and set user to spec ify the pr otocol and ot her parameters rela ted to bridgi ng. add dns host <host_name> addr ess <ip_addr ess> Adds the named ho st to the Local Host T able. When the system ne eds to resolv e an add[...]

CLI Command s B-3 Y ou must corr ect the filte r file in a text edi tor , use TF TP to export the updat ed file to the system ’ s FLASH file system, and use the verify filt er command t o check the filt er ’ s syntax. add framed_r oute vc <name> ip_r oute [ip _addr ess] metric [nu mber] Adds a fram ed (static) network to the VC pr ofile f[...]

B-4 A PPENDIX B: CLI C O MMAND D ESCRIPTION add ip ne twork <netw ork_ nam e> addr ess [i p_net_ad dress] frame [ETHER NET_II | SNAP | LOOPBACK] { interface [eth:1] } { enable d [yes] } Adds an IP network to the list of IP networks ava ilable over the sp ecified interfa ce. add ip route <ip_ net_addr ess> gatewa y [gateway_ad dr] metri [...]

CLI Command s B-5 add ipx route <ipx_net_a ddress> gateway [ipx_h ost_addr ess] metric [metric_nu mber] ticks [tick_nu mber] Adds an IPX stat ic route (for the LAN) t o the system ’ s IPX Rout e table, which defines s tatic r outes to re mote IPX networ ks. The command list ip x ro utes displays cu rrently def ined stat ic routes. add ipx s[...]

B-6 A PPENDIX B: CLI C O MMAND D ESCRIPTION Belo w is a part ial list of th e IPX ser vic es ava ilabl e: add ipx_ route vc <name > ipx_ne t [ipx _address ] metri c [hop_cou nt] ticks [t ick_number] Adds an IPX rout e for the a user over the W AN. add ipx_ service vc <name > ipx_ne t [ipx _address ] hops [number] name [na me] node [ int[...]

CLI Command s B-7 Y ou must supp ly the name, inte r nal ipx network nu mber , node number , socket, and ty pe of servic e for this serv ice. The user mu st also supp ly gateway in formation to indica te the next r outer hop. Below is a parti al list of the IPX servi ces available: add ne twork service <service_na me> status server_t ype [ser[...]

B-8 A PPENDIX B: CLI C O MMAND D ESCRIPTION clos e_act ive_c onnec tions [T RUE | F A LSE] This con f igur es a network list ener proce ss that pr ovides a certa in type of service. T o see the available serve r types, use lis t service s . The table below shows conf igurable parameter s f or TELNET ser vices, which are specifi ed with th e data pa[...]

CLI Command s B-9 Adds to t he list of S NMP author ized users. The communit y name and IP a ddress of SNMP req uests from man agers on the networ k must match the list, which you can see using list snmp communiti es . add snmp trap_community <name> address [ip_ad dress] Adds to the list of community na me/IP addr ess pairs that ar e allowed [...]

B-10 A PPENDIX B: CLI C OMMAND D ESCRIPTION add user [name] passwor d [password] {enabl ed [ye s]} Adds a T elnet user to the local user table. The li st users command di splays these paramete rs for all users. add vc [name] Create s a virtual channel (VC) pr ofile. Each pr ofile r epresent s a connect ion to a remote site. The list vc command disp[...]

CLI Command s B-1 1 delete dns host <host_ nam e> Dele tes the specifie d host from the DNS Local Host T able . Use list DNS hosts to view the DNS Local Host table . After dele tion, re quests for that host will be pro cessed thr ough a DNS ser ver , instead o f locally . Use list DNS ser vers to see which servers are defined. delete dns serv[...]

B-12 A PPENDIX B: CLI C OMMAND D ESCRIPTION delete nat [dynam ic | s tatic ] vc <vc name> public_p ool_start <addr ess> publi c_addr ess <ip_ addr ess> Deletes th e s tatic NA T mapping to this publi c IP address for the associated V C. publi c_pool_s tart <ip_ad dress > Delete s the dynamic NA T mapping to th is pool of pub[...]

CLI Command s B-1 3 DIAL dial <vc_name> Generates an outgo ing connection to t he location specif ied by the vc name. Y ou can use l i st vcs to list th e defined vc prof iles, and thei r curr ent status. DISABLE disable a ccess Disables the Access List f eature. Whe n disabled, all hosts ar e permitted to acce ss the Rou ter ’ s manageme n[...]

B-14 A PPENDIX B: CLI C OMMAND D ESCRIPTION disabl e lan acces s When the access list is enabled, this command d isables access to Hosts on the local LAN in terface. When disa bled, all frames r eceived on the LAN interfac e are subject to the ac cess list check. If the co r r esponding LAN subnet is not in the access list, the frame is silently di[...]

CLI Command s B-1 5 ENABLE enable a ccess Enables the Access Li st featur e. When enables, on ly Remote Hosts in the access l ist are p ermitted access to the Router ’ s management services. enable bridge network <network_name> Ena bles br idgi ng ove r the spec ifie d netwo rk. Y ou mus t have previousl y run add bridg e network to add br [...]

B-16 A PPENDIX B: CLI C OMMAND D ESCRIPTION enable link_ traps inte rface <interfac e_name> This comma nd tells SNMP to sen d linkup and li nkdown traps for th e specified interf ace. Y ou can see i f the interface i s current ly enabled for tr aps using the show interface settin gs command. enable network servic e <service _name> Enabl[...]

CLI Command s B-1 7 hangup vc <vc_name> C auses the con nection for the speci f ied VC to dr op. Y ou can see which VC s have active co nnections us ing lis t vcs . Also see disable vc , which causes a VC ’ s session to dro p, and preve nts new sessions whi ch use that VC fr om being estab lished. HELP help <command> Pr ovides informa[...]

B-18 A PPENDIX B: CLI C OMMAND D ESCRIPTION mgmt - unk nown, but filt ering inform ation exist s RxPkt - N umber of pac kets receive d from this MA C station RxOctets - No. of byte s (octe ts) received from th is MA C station Fltr - Number of pa ckets received f rom this MAC stati on that were f iltered out (di scarded ) Fwd - Number of packe ts re[...]

CLI Command s B-1 9 list i nte rfac es D isplays t he installe d interfa ces, alon g with their operat ional status, a dministr ation status , and interfa ce index. If an in terface is do w n, you can use enable inte rface to try to bring it up. Th e co mman d lists : Inde x - number used t o identify th e interfaces posit ion in the tabl e Nam e -[...]

B-20 A PPENDIX B: CLI C OMMAND D ESCRIPTION Pr ot - LO CAL or RIP NextHop - addr ess of the gate way used to reach this r oute Metric - number of r outer hops away this r oute is fr om the system If - interfa ce that th e route uses list ipx network s Di splay s the IPX netw orks that you previou sly defi ned using the add ipx network com mand. It [...]

CLI Command s B-2 1 Ty p e - ST A TIC or DY NAMI C networ k Netw ork Addr ess - ad dress of the network lis t proc esses Displays all processes running on the system. Inde x - a refer ence numbe r in the pr ocess table Nam e - designa tion of th e process (e.g.: Do main Name System) Ty p e - SYSTEM, APPL ICA TION, FORW ARDER or DRIVER Status - ACTI[...]

B-22 A PPENDIX B: CLI C OMMAND D ESCRIPTION list t cp connections Displays i nformation about al l TCP connectio ns. Connection st atus is defined i n RFC-79 3. Local Addr ess - IP addr ess of the lo cal host for this con nection Local Port - TCP port number used by the loc al connectio n Remo te Addr ess - IP addr ess of the r emote host for this [...]

CLI Command s B-2 3 PING ping <ip_name_or_addr> output [ou tput_file name] coun t [count] interval [interva l] tim eout [tim eout_ value ] Sends an IC MP echo req uest to a rem ote IP host. A r eply fr om the pinged address indicates success. QUICKVC Runs th e Q uickVC Setup progr am to easily configu re a virtual channel connecti on (r emote[...]

B-24 A PPENDIX B: CLI C OMMAND D ESCRIPTION SA VE save all Saves all changes you h ave made dur ing your ses sion with the C LI. It is a good idea to save your changes frequen tly , jus t as you shou ld with any type of edito r . SET set a dsl r e se t Resets the ADSL interface. set adsl wir e [pair] Override s the a uto-direction of in ner and out[...]

CLI Command s B-2 5 set date <date> Sets the system date, an d leaves the time unc hanged. Use show date to see what the curr ent settings ar e. The format is: dd- mmm-yyyy . The month should be th e first th ree character s of the month name . The year can be eith er 2 or 4 digit s (97 or 1997 ). set dhcp mode <m ode> Sets t he DHCP mo[...]

B-26 A PPENDIX B: CLI C OMMAND D ESCRIPTION set dhcp s erver DNS1 <IP_ address> DNS2 <IP_ad dress> doma in <stri ng> end_add ress <IP_ addr ess > hostn ame <st ring> lease < seconds> mask <IP _ad dress> router <IP _ad dress> start_ address <I P_addr ess> WINS1 <I P_a ddress> WINS2 <I P_[...]

CLI Command s B-2 7 set faci lity <fac ility _nam e> loglevel [ level] Sets the severi ty r eporting level f or a facility . The hosts that will receiv e the error log e ntries a re defi ned usi ng add syslog lo glevel . Use li st facil ities to see what the cur rent logl evel is for eac h fac ility . The levels : CRIT ICAL - a serious system[...]

B-28 A PPENDIX B: CLI C OMMAND D ESCRIPTION Sets the br oadcast algori thm, the maximum size used for re assembling fragme nting packet s, the R IP authent ication st ring, RI P policie s , and the r outing pr otocol for the speci fied interf ace. The only r equir ed parameter fo r this command is <name >. All ot her paramete rs are opti onal[...]

CLI Command s B-2 9 set ip r outing auto nomous_syst em_number [nu mber] table_ maximum_siz e [number] metric_ma ximum_entrie s [number] rip_flag s [METRICS, SEND_REQUEST] router_i d [router_i d] Sets parame ters for I P routin g to the specif ied IP rout er addre ss, which is the gateway t o an Auto nomous System . Parameter Description <ne two[...]

B-30 A PPENDIX B: CLI C OMMAND D ESCRIPTION set ipx network <network_name> dela y_ticks [ number] diagnostics [DISABLE | ENABLE] maximum_ learning_r etries [nu mber] netbios [ENABLE | DISABLE] netbi os_name_ cache [DIS ABLE | ENABLE ] netbios_cach e_timer [secon ds] netbio s_max_ hops [ numb er] packe t_maximum_ size [number ] rip [BOTH | DIS[...]

CLI Command s B-3 1 set ipx system prio rity [prio rity le vel] default_gate way [ipx _host_add] init ial_po ol_add ress [ipx_addr] pool_me mbers [n umber] Sets parame ters for dy namic IPX netwo r ks. set netw ork service <admin_name> server_t ype [server_typ e] socket [socket_number] data [ “ string ” ] close_act ive_connecti ons [TRUE [...]

B-32 A PPENDIX B: CLI C OMMAND D ESCRIPTION set ppp rec eive_authen tication [ANY | ANY_EXCEPT_MSCHAP | CHAP | MSCHAPV1 | MSCHAPV2 | NONE | P AP] Sets the ty pe of inbound authe ntication t o be used when establi shing PPP connecti ons for PPTP and L2T P tunnels. For in-dep th informatio n about CHAP and P AP , see RFC 1334. A VPN tunnel can only b[...]

CLI Command s B-3 3 set tunnel <tunnel_ name> encryptio n_algor i thm [AUTO | MICROSOF T_128BIT | MICROSOF T_40BIT | MICROSOF T_56BIT | NONE | REQUIRED] Sets encryp tion for a PPTP or L2TP tunnel. Encryption can be set to any of the parame ters shown in th e T able below . However , a tunne l can only be conf igured fo r Micros oft 40-bit , 5[...]

B-34 A PPENDIX B: CLI C OMMAND D ESCRIPTION set system name [ “ name ” ] location [ “ loca tion ” ] contact [ “ contact info ” ] transmit_authentica tion_name [ name] Specifi es system contact information, which is displayed usin g show system . The user name is the remote acc ount name. Location , name and contact na mes are limited to[...]

CLI Command s B-3 5 set user <user_ n ame> message [ “ me ssage ” ] passwor d [p asswor d] session_timeout [se co nds] tcp_por t [tcp_port] ter mina l_type Modifie s user parameters . SEND_P ASSWORD <pas sword> The SE ND_P ASSWORD must ma tch the authentic ation passwor d on the VPN se rver . Y ou must change the defa ult SEND_P ASS[...]

B-36 A PPENDIX B: CLI C OMMAND D ESCRIPTION set vc <vc_name> addr ess_selectio n [negotiat e | assign | spec ified] brid ging [ena ble | dis able] defau lt_ro ute_opt ion [enabl e | disable] destination_addr ess [ip address] end_time [ HH:MM:SS ] header _compre ssion [none | TCPI P] idle_ timeo ut [seco nds] input_filte r [filter_name] ip [ e[...]

CLI Command s B-3 7 Parameter Description <vc_name> VC profile name . addres s_ select ion Determines h ow the IP address will be assigned for remote IP network connecti ons. NEGOTIATE - learn the remot e IP address. SPECIFIE D - uses IP address set in rem ote_I P_address value bridging Enables/disables bridging ac ross this link. default_rou[...]

B-38 A PPENDIX B: CLI C OMMAND D ESCRIPTION set vc < vc_name> atm set [num ber] category_of_service [Un specified (UBR) | V ariable (VBR)] pcr [ number] scr [num ber] type [PVC | SV C] vci [nu mber] vpi [n umber] manage ment_ip_ addre ss Seconda ry IP address on the VC for Manage ment purposes o nly. If the Mana geme nt IP ad dres s is c onfi[...]

CLI Command s B-3 9 Sets A TM pa rameter s for VCs. SHOW Show commands display details about system entities. show access Displays the curr ent status of the access list featu re. Administra tion Status - Indicates status of the access list feature. Options are Enabled or Disabled . LAN Access - Indicat es whether all fr ames received on the LAN in[...]

B-40 A PPENDIX B: CLI C OMMAND D ESCRIPTION show adsl statistics Statist ics for both near end and f ar end ADSL/A TM link. Count ers include corrected frames, CRC errors, and HEC errors for the Fast and Interlea ved path. show adsl performance Field s: Number o f link d o wn event s T o tal time since syste m reboot (hours, minutes, seconds) T ota[...]

CLI Command s B-4 1 show bri dge set tings Displays the settings for all b ridge ne tworks. U se set bridge to modify these values. Base Agin g Ti me - time to ag e out a kno wn MA C address, d efault 3 00 Spanni ng T ree Forw ard Delay - delay after coming up befor e learning, default is 15 Spanni ng T re e Priori ty - this br idge ’ s bid to be[...]

B-42 A PPENDIX B: CLI C OMMAND D ESCRIPTION History Depth: 10 Curr ent Pr ompt: OCR-D SL> Local P rompt: OCR-DSL > show config uratio n Displays a vari ety of system informat ion including: Syst em Identificati on, Authenti cation Rem ote, R emote Accoun ting, Inte rfaces, I P forwarding, IPX Defaul t Gateway , Bridge Spannin g T r ee, and DN[...]

CLI Command s B-4 3 show dhcp relay Displays the cur rent con figuration and count ers for both the pri mary and secondary DHCP relay server . IP Ad dress - IP add ress of th e DHC P Serv er . Max Ho ps - maximum hops to g et to thi s server . Status - enabled or disab led. Requ est Sent to S erver - n umber of r equests sent to server . Response s[...]

B-44 A PPENDIX B: CLI C OMMAND D ESCRIPTION DNS #1 - IP ad dress of t he primary D NS server that the DHCP server will util ize wh en resolvin g nam es. DNS #2 - IP addr ess of the secondary DNS server t hat the DHCP server will util ize wh en resolvin g nam es. WINS #1 - IP add ress of the prim ary W INS server that t he DHC P se rver w ill util i[...]

CLI Command s B-4 5 BR-E TH - CALL - Et her net brid ge call filter rules IP - I P data filter rul es IP-C ALL - IP call filter ru les IP-R IP - IP RIP a dvertise ment fil ter rule s show icmp counters Shows the Input and Output Counte rs for ICMP . T wo types of I C MP mess ages - error an d query messages - are sent to syslog hosts. ICMP CO UNTER[...]

B-46 A PPENDIX B: CLI C OMMAND D ESCRIPTION Echos - sum of ICMP Echo (request) messages sent Echo Replie s - sum of these messages sen t Timest amps - sum of these messages sent Time stamp Re plies - sum of these messages sent Address Masks - sum of these messages sent Addr ess Mas k Replie s - sum of these messages sent show interfa ce <interfa[...]

CLI Command s B-4 7 show ip counters D isplays system wide IP network statistics. INP UT COUN TERS T otal I nput Datagra ms - sum o f IP data grams received Bad Head ers - number of da tagram s with bad heade rs Bad A ddresses - numb er of datagr ams with bad addr esses Forw arded Pac kets - number of packets forwarded Bad Pr otocol - number of pac[...]

B-48 A PPENDIX B: CLI C OMMAND D ESCRIPTION Br oadcast Algorithm - broadcast al gorithm u sed fo r this ne twork Max Reasse mbly Size - maximu m packet size al lowed to be re assembled from fragmen ts IP Ro uting Pr otocol - routi ng proto col used IP RIP Ro uting Po licies - r outing pol icies used by RI P IP RIP Au thentication Key - text string [...]

CLI Command s B-4 9 RIP In Pac kets - sum of RI P packets r eceived SAP Out Packets - sum of SAP packets trans mitted SAP In Packet s - sum of S AP pac kets receiv ed show ipx netw ork <netwo rk_name> settings Displays p arameter settings for the specified IPX n etwork. Y ou can mod ify most of these values using the set i px network command.[...]

B-50 A PPENDIX B: CLI C OMMAND D ESCRIPTION show i px s ap settings counters Displays in forma tion ab out SA P for IPX . show ipx s ettings Displays settings for dynamic IPX net works. Y ou can modify these values u sing the set ipx system command. Default Gatewa y - defa ult IPX r outer addr ess Max Open So ckets - maximum allowed numbe r of open[...]

CLI Command s B-5 1 show ppp on vc <vc_name > counte rs This sh ows counte rs for th e Point -to-Poi nt Pr otocol on t he Virtual Cir cuit. show ppp on vc <vc_name> settin g s This shows t he setting s for the Point-to -Point Protocol o n the V irtual Ci rcuit. show ppp on interfa ce <name> coun ters Displ ays statisti cs for PPP [...]

B-52 A PPENDIX B: CLI C OMMAND D ESCRIPTION SETTINGS for PPP BUNDLE 1 Opera tional Sta tus - opened or not opened Number Acti ve Links - number of l inks active on t his PPP bundle User Pr ofile - user whose parameters wer e used in cr eating li nks Local MMRU - MRU the r emote entit y uses when sendi ng packets to loca l PPP enti ty . D efault: 1 [...]

CLI Command s B-5 3 Remote T o Loc al ACC Compr ession - In dicates whether the r emote PPP entity will use Address and Con t r ol Compr ession when sending pa ckets to the lo cal PPP enti ty . Def ault: ENABLE D. SETTINGS for PPP LINK 1 - 5 AUTHENTICA T ION Opera tional Sta tus - not opene d or opened Loc al T o Re mote Co mpressio n Protocol - au[...]

B-54 A PPENDIX B: CLI C OMMAND D ESCRIPTION T otal Set MIB Ob jects - sum of MI B objects alter ed successf ully as the re sult of re ceiving valid SNMP Se t-Request PDUs Get Request PDUs - sum of SN MP G et-Re qu est PD Us ac cept ed an d pr ocessed Get Next Requ est PDUs - sum of SNMP Ge t-Next PDUs ac cepted and pr ocessed Set Reques t PDUs - su[...]

CLI Command s B-5 5 show teln et Displays the status of the TEL N ET escap e featur e (ENA BLED or DI SABLED). It is set using the disable an d enable TELNET escape commands . show tc p coun ters Displays system-wide TC P st atistic s. TCP COUNTER S Active Open s - number of times TCP conn ections have made a dir ect transition to the SYN-SEN T sta[...]

show user <name> settings Displays the parameters de fined for the specif ied TELNET user . Y ou can use list users to s ee which users ar e defined. show vc <vc _name> settings Displays the parameters defined for the speci fied VC. Y ou can use li st vc to see which vi rtual chann els ar e defined. TELNE T TELNET commands ar e availabl[...]

CLI Exit Comma nds B-57 set_escape <string> Allows changin g the TELNET e scape charact er fro m ^] to something else. Contr ol characte rs are specif ied using the carat characte r foll owed by another charact er . For example, t o set the TELNET escape char acter to control - X, type set_ e sca pe ^X . stat us Displays the IP addr ess of th[...]

B-58 A PPENDIX B: CLI C OMMAND D ESCRIPTION Output Pause The output wi ll pause when ther e is more than 24 l ines of outpu t. T ype ‘ more ’ (or press CR) to co ntinue , or ‘ quit ’ to st op. Command Kill T o disconti nue the curr ent command actio n, and flush a ny commands which have been typed ahea d, use ^C (contr ol-C). Comments ; Not[...]

i INDEX A Add co mmand 2 -2 Address filtering, source and destination 6 -44 Address T ranslation Configuri ng NA T 6 -23 Configuri ng P A T 6 -21 Configuri ng Super NA T 6 -24 Monitoring NA T 6 -24 Monitori ng P A T 6 -23 Monitori ng Super NA T 6 -25 Network A ddress T ran slati on (NA T) 6 -23 Overview 6 -19 ADSL re se t B -2 4 Advertisement Filte[...]

ii D data filter ing, Input and o utput 6 -44 Data Filters 6 -45 Defaults 4 -2, 4 -7 DHCP Configuratio n set DHCP mode B -25 set DHCP rela y se rver1 B -25 set DHCP rela y se rver2 B -25 set DHCP server B -26 Ove rview 6 -2 7 Relay 6 -29 Server 6 -28 Statis tics show dhcp s erver counters B -43 show dhcp server settings B -43 DHCP Relay Statis tics[...]

iii I Input a nd Output filters contrasted 6 -54 Input da ta filters 6 -45 Input Fil ters 6 -54 Interface 1 -1, 2 -3 Interface Filters 6 -54 Interfaces disable in te rface B -13 disable li nk_traps interface B -14 enable interface B -15 list active interfaces B -17 list interfaces B -19 list lan inte rfaces B -20 Internet, v iewing We b resour ces [...]

iv IP Routing Fram ed R oute s 6 - 18 Static Ro utes 6 -18 IP Sour ce and Des tination Network Filtering Using CL I 6 -50 IP Sour ce and De stination Port Filtering Usin g CLI 6 -50 IPX Configuratio n ad d ipx netw ork B -4 delete ipx ne tw ork B -11 disable ipx network B -13 enab le ip x netwo rk B -15 set ipx network B -30 show ipx netwo rk setti[...]

v N Network A ddress T ran slati on (NA T) 6 -23 Network Se rvice, confi guring 6 -3 Network user 2 -2, 2 -3, 4 -4 , 4 -5, 4 -6 O Output da ta filters 6 -45 Output F ilters 6 -54 P Pack age, what ’ s included 1 -1 Packet fil ters 6 -44 Passwor d 2 -2, 2 - 3 password B -22 Passwor d Pr otection 6 -43 passwor d pr otection 4 -2 Passw ords add us er[...]

vi S Sample Configurat ion A -1 Scrip ts CLI do (run CL I script) B -14 Security CLI Access disable security_o ption remote_ u ser administration B -14 enable security_option remote_user administratio n B -16 Dial-in disable us er B -14 enable u ser B -16 TELNE T disab le tel net esc ape B -14 enable t elnet es cape B -16 Virtual Channel disable VC[...]

vii T TELNET a ccess 6 -4 2 TF TP access 6 -42 U Unconfi gured state (booting 812 in) 4 -1 Unconfi gured state (restoring 812 to) 4 -1 Users dele te us er B -1 2 show us er settings B -56 show vc settings B -56 V VC delete vc B -12 set vc B -36 VC/Re mote Site F ilters 6 -55 Virtual Chann e l (VC) 2 -3, 5 -1 Virtual Channel s set vc ppp atm B -39 V[...]

[...]

3Com Corporation L IMI TED W ARRANTY H ARDWARE 3Com warrants its hardware pro ducts to be free from def ects in wor kmanship and materials, under nor mal use and ser vice, for the fo llowing leng ths of t ime from th e date of pur chase from 3C om o r its Au thori zed Res eller: If a product does not o perate as warranted above during the applicabl[...]

FCC C LAS S B S TATEM ENT This device complies with Part 15 of the FCC Rules. Op eration is subject to the following two conditions: 1 This device may not cau se harmful interf erence, and 2 This device must a ccept any interferen ce received, including interference t hat may caus e undesired op eration. WA RN I N G : This eq uipment ha s been test[...]