Software Reference Manual - Allied Telesis
Software Reference Manual - Allied Telesis
Software Reference Manual - Allied Telesis
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
AT-RG600 Residential Gateway<br />
<strong>Software</strong> reference manual – release 2-0-2
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
i<br />
AT-RG600 series Residential Gateway – <strong>Software</strong> reference manual<br />
STRE_SRM_AT-RG6xx_2-0-2_A1<br />
Copyright © 2004 <strong>Allied</strong> <strong>Telesis</strong> KK<br />
All rights reserved. No part of this publication may be reproduced without prior<br />
written permission from <strong>Allied</strong> <strong>Telesis</strong>.<br />
<strong>Allied</strong> <strong>Telesis</strong> reserves the right to make changes in specifications and other<br />
information contained in this document without prior written notice. The<br />
information provided herein is subject to change without notice. In no event shall<br />
<strong>Allied</strong> <strong>Telesis</strong> be liable for any incidental, special, indirect, or consequential<br />
damages whatsoever, including but not limited to lost profits, arising out of or<br />
related to this manual or the information contained herein, even if <strong>Allied</strong> <strong>Telesis</strong> has<br />
been advised of, known, or should have known, the possibility of such damages.<br />
All trademarks are the property of their respective owners.
Contents<br />
Preface.....................................................................................................................xvi<br />
Purpose of this <strong>Manual</strong> .....................................................................................................xvi<br />
Intended Audience........................................................................................................... xvii<br />
Standards and Protocols..................................................................................................... 1<br />
Background Reading .......................................................................................................... 2<br />
Publicly Accessible Documents .......................................................................................... 2<br />
Conventions used in command definitions ......................................................................... 3<br />
CHAPTER 1 System Management.................................................................................. 4<br />
Logging into the CLI............................................................................................................4<br />
Serial Connection................................................................................................................ 4<br />
TCP/IP connection.............................................................................................................. 4<br />
Command Line Interface and Console ............................................................................... 5<br />
Webserver........................................................................................................................... 5<br />
File System ......................................................................................................................... 6<br />
Boot code............................................................................................................................ 6<br />
System configuration information........................................................................................ 6<br />
Run-time images.................................................................................................................6<br />
Access permissions to the CLI............................................................................................ 7<br />
System Configuration Management.................................................................................... 7<br />
System Command <strong>Reference</strong>............................................................................................. 9<br />
System CLI commands....................................................................................................... 9<br />
system add user................................................................................................................ 10<br />
system add login............................................................................................................... 11<br />
system config CREATE .................................................................................................... 11<br />
system config DELETE ..................................................................................................... 12<br />
system config GET............................................................................................................ 12<br />
system config LIST ........................................................................................................... 13<br />
system config restore FACTORY...................................................................................... 13<br />
system config SET............................................................................................................ 14<br />
system config SHOW........................................................................................................ 15<br />
system delete login ........................................................................................................... 15<br />
system delete user............................................................................................................ 16<br />
system info........................................................................................................................ 16<br />
system list errors............................................................................................................... 16<br />
system list openfiles.......................................................................................................... 17<br />
system list users ...............................................................................................................17<br />
system list logins............................................................................................................... 18<br />
system log......................................................................................................................... 19<br />
system log enable|disable................................................................................................. 19<br />
system log list ................................................................................................................... 20<br />
system name.....................................................................................................................21<br />
system restart ................................................................................................................... 21<br />
system set login access .................................................................................................... 22<br />
system set login mayconfigure.......................................................................................... 22<br />
system set login maydialin ................................................................................................ 23<br />
system set user access..................................................................................................... 23<br />
system set user mayconfigure .......................................................................................... 23<br />
system set user maydialin................................................................................................. 24<br />
User Command <strong>Reference</strong> ............................................................................................... 25<br />
User CLI commands ......................................................................................................... 25<br />
user logout ........................................................................................................................ 25<br />
user password...................................................................................................................25<br />
user change ...................................................................................................................... 25<br />
Web Server Command <strong>Reference</strong>.................................................................................... 27<br />
Web Server CLI commands.............................................................................................. 27<br />
webserver clear stats........................................................................................................ 27<br />
ii
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
iii<br />
webserver enable|disable ................................................................................................. 27<br />
webserver set interface..................................................................................................... 28<br />
webserver set managementip........................................................................................... 28<br />
webserver set port ............................................................................................................ 29<br />
webserver set upnpport .................................................................................................... 29<br />
webserver show info ......................................................................................................... 29<br />
webserver show stats ....................................................................................................... 30<br />
Console Access Command <strong>Reference</strong> ............................................................................. 31<br />
Console access CLI commands ....................................................................................... 31<br />
console enable..................................................................................................................31<br />
console process................................................................................................................ 31<br />
Console command - exit ................................................................................................... 32<br />
CHAPTER 2 Switch.......................................................................................................... 33<br />
Introduction ....................................................................................................................... 33<br />
Switch Core Functional Overview ..................................................................................... 33<br />
Address Look-up............................................................................................................... 33<br />
Learning............................................................................................................................ 34<br />
Migration ........................................................................................................................... 34<br />
Aging................................................................................................................................. 34<br />
Forwarding........................................................................................................................ 34<br />
Switching engine............................................................................................................... 35<br />
Rate limiting support ......................................................................................................... 35<br />
Ingress Filtering limiting support ...................................................................................... 35<br />
Layer 3 routing rate limiting............................................................................................... 36<br />
Class of Service and Differentiated Services.................................................................... 36<br />
802.1p Traffic Priority........................................................................................................ 36<br />
Differentiated Services Code Point (DSCP)...................................................................... 37<br />
Switch Command <strong>Reference</strong> ............................................................................................ 39<br />
switch CLI commands....................................................................................................... 39<br />
switch disable ageingtimer................................................................................................ 39<br />
switch disable learning...................................................................................................... 40<br />
switch disable port ............................................................................................................ 40<br />
switch enable ageingtimer ................................................................................................ 40<br />
switch enable learning ...................................................................................................... 41<br />
switch enable port............................................................................................................. 41<br />
switch reset ....................................................................................................................... 41<br />
switch set ageingtimer ...................................................................................................... 42<br />
switch set port ................................................................................................................... 42<br />
switch set priority .............................................................................................................. 45<br />
switch set qos ................................................................................................................... 45<br />
switch set routing-limit....................................................................................................... 46<br />
switch show....................................................................................................................... 46<br />
switch show fdb.................................................................................................................47<br />
switch show port ............................................................................................................... 49<br />
switch show qos................................................................................................................ 52<br />
CHAPTER 3 VLAN .......................................................................................................... 53<br />
INTRODUCTION.................................................................................................................... 53<br />
VLAN TAGGING.................................................................................................................. 53<br />
VLAN SUPPORT ON AT-RG600 RESIDENTIAL GATEWAY ....................................................... 56<br />
VLAN definition and port tagging ...................................................................................... 56<br />
VLAN versus IP Interface.................................................................................................. 57<br />
VLAN Command <strong>Reference</strong> ............................................................................................. 60<br />
vlan CLI commands .......................................................................................................... 60<br />
vlan add port ..................................................................................................................... 60<br />
vlan add vid....................................................................................................................... 61<br />
vlan delete......................................................................................................................... 61<br />
vlan show .......................................................................................................................... 62
CHAPTER 4 Emergency.................................................................................................. 64<br />
INTRODUCTION.................................................................................................................... 64<br />
Emergency configuration .................................................................................................. 64<br />
Layer 2 vlan configuration................................................................................................. 64<br />
Layer 3 IP configuration.................................................................................................... 65<br />
Save and activate emergency configuration. .................................................................... 65<br />
Emergency command reference....................................................................................... 66<br />
Emergency CLI commands............................................................................................... 66<br />
EMERGENCY ADD .......................................................................................................... 67<br />
EMERGENCY CREATE ................................................................................................... 67<br />
EMERGENCY DELETE.................................................................................................... 68<br />
EMERGENCY SET DHCP................................................................................................ 69<br />
EMERGENCY SET IPINTERFACE GATEWAY ............................................................... 69<br />
EMERGENCY SET IPINTERFACE IPADDRESS ............................................................ 70<br />
EMERGENCY SHOW....................................................................................................... 70<br />
EMERGENCY UPDATE ................................................................................................... 71<br />
CHAPTER 5 IP .................................................................................................................. 72<br />
INTRODUCTION.................................................................................................................... 72<br />
THE INTERNET .................................................................................................................... 72<br />
ADDRESSING ...................................................................................................................... 74<br />
Subnets............................................................................................................................. 76<br />
IP SUPPORT ON AT-RG6XX RESIDENTIAL GATEWAY SERIES ................................................. 77<br />
Adding and attaching IP interfaces ................................................................................... 77<br />
IP stack and incoming packets ......................................................................................... 78<br />
Locally received packets................................................................................................... 78<br />
Forwarding packets........................................................................................................... 78<br />
Unconfigured interfaces.................................................................................................... 78<br />
Unnumbered interfaces..................................................................................................... 79<br />
Unconfigured interfaces v unnumbered interfaces ........................................................... 79<br />
Configuring unnumbered interfaces.................................................................................. 79<br />
Creating a route ................................................................................................................80<br />
Virtual Interfaces............................................................................................................... 80<br />
Configuring virtual interfaces ............................................................................................ 80<br />
Similarities between virtual interfaces and real interfaces ................................................ 81<br />
Differences between virtual interfaces and real interfaces ............................................... 81<br />
Secondary IP addresses................................................................................................... 82<br />
Configuring secondary IP addresses................................................................................ 82<br />
Functionality of secondary IP addresses .......................................................................... 83<br />
IP Quality of Service ......................................................................................................... 83<br />
Expedited class.................................................................................................................83<br />
Example of use of Prioritization ........................................................................................ 83<br />
Quality of Service support................................................................................................. 84<br />
Packet Classification......................................................................................................... 84<br />
Configuring Flow Qualifiers............................................................................................... 84<br />
Link bandwidth prioritization.............................................................................................. 85<br />
CPU prioritization ..............................................................................................................85<br />
TCP/IP Command <strong>Reference</strong> ........................................................................................... 87<br />
IP Tracing commands....................................................................................................... 87<br />
IP CLI commands ............................................................................................................. 87<br />
ip add defaultroute gateway.............................................................................................. 89<br />
ip add defaultroute interface ............................................................................................. 89<br />
ip add interface ................................................................................................................. 90<br />
ip add route....................................................................................................................... 91<br />
ip attach ............................................................................................................................ 92<br />
ip attachvirtual................................................................................................................... 93<br />
ip clear arpentries .............................................................................................................94<br />
ip clear interfaces.............................................................................................................. 94<br />
ip clear riproutes ............................................................................................................... 94<br />
iv
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
v<br />
ip clear routes ................................................................................................................... 94<br />
ip delete interface.............................................................................................................. 95<br />
ip delete route ................................................................................................................... 95<br />
ip detach interface.............................................................................................................96<br />
ip interface add fq codepoint............................................................................................. 96<br />
ip interface add fq protocol................................................................................................ 97<br />
ip interface add fq srcaddr codepoint................................................................................ 98<br />
ip interface add fq srcaddr protocol................................................................................... 99<br />
ip interface add proxyarpentry ........................................................................................ 100<br />
ip interface add proxyarpexclusion ................................................................................. 101<br />
ip interface add secondaryipaddress .............................................................................. 102<br />
ip interface clear fqs........................................................................................................ 103<br />
ip interface clear proxyarpentries.................................................................................... 104<br />
ip interface clear secondaryipaddresses......................................................................... 104<br />
ip interface delete fq........................................................................................................ 105<br />
ip interface delete proxyarpentries.................................................................................. 106<br />
ip interface delete proxyarpexclusion.............................................................................. 106<br />
ip interface delete secondaryipaddress .......................................................................... 107<br />
ip interface list fqs ........................................................................................................... 108<br />
ip interface list proxyarpentries ....................................................................................... 108<br />
ip interface list secondaryipaddresses ............................................................................ 109<br />
ip list arpentries............................................................................................................... 110<br />
ip list connections............................................................................................................ 110<br />
ip list interfaces ............................................................................................................... 111<br />
ip list riproutes................................................................................................................. 111<br />
ip list routes..................................................................................................................... 112<br />
ip ping ............................................................................................................................. 112<br />
ip set interface dhcp........................................................................................................ 113<br />
ip set interface ipaddress................................................................................................ 113<br />
ip set interface mtu.......................................................................................................... 114<br />
ip set interface netmask.................................................................................................. 115<br />
ip set interface rip accept ................................................................................................ 116<br />
ip set interface rip multicast ............................................................................................ 117<br />
ip set interface rip send................................................................................................... 117<br />
ip set interface tcpmssclamp........................................................................................... 118<br />
ip set rip advertisedefault ................................................................................................ 119<br />
ip set rip authentication ................................................................................................... 120<br />
ip set rip defaultroutecost................................................................................................ 120<br />
ip set rip hostroutes......................................................................................................... 121<br />
ip set rip password.......................................................................................................... 121<br />
ip set rip poison............................................................................................................... 122<br />
ip set route cost............................................................................................................... 122<br />
ip set route destination.................................................................................................... 123<br />
ip set route gateway........................................................................................................ 124<br />
ip set route interface ....................................................................................................... 125<br />
ip show............................................................................................................................ 125<br />
ip show interface............................................................................................................. 126<br />
ip show route................................................................................................................... 127<br />
CHAPTER 6 Transports ................................................................................................ 128<br />
Transports CLI commands.............................................................................................. 129<br />
transports clear ............................................................................................................... 129<br />
transports delete ............................................................................................................. 129<br />
transports list................................................................................................................... 130<br />
transports show............................................................................................................... 130<br />
CHAPTER 7 Ethernet..................................................................................................... 132<br />
Ethernet CLI commands ................................................................................................. 132<br />
ethernet add transport..................................................................................................... 132<br />
ethernet clear transports................................................................................................. 133
ethernet delete transport................................................................................................. 133<br />
ethernet list ports ............................................................................................................ 134<br />
ethernet list transports .................................................................................................... 134<br />
ethernet show transport .................................................................................................. 134<br />
CHAPTER 8 Security & Firewall................................................................................. 136<br />
Introduction ..................................................................................................................... 136<br />
Application Gateway ....................................................................................................... 136<br />
Stateful Inspection .......................................................................................................... 137<br />
Security support on AT-RG6xx Residential Gateway series........................................... 137<br />
Security Interfaces .......................................................................................................... 138<br />
Dynamic Port Opening and Triggers............................................................................... 139<br />
Non-Activity Timeout....................................................................................................... 140<br />
Session Chaining............................................................................................................ 140<br />
Firewall............................................................................................................................ 141<br />
Policy .............................................................................................................................. 142<br />
Portifilter.......................................................................................................................... 142<br />
Validator.......................................................................................................................... 142<br />
Intrusion Detection.......................................................................................................... 143<br />
Security Command <strong>Reference</strong>........................................................................................ 145<br />
Security CLI commands.................................................................................................. 145<br />
security add interface...................................................................................................... 145<br />
security add trigger tcp|udp............................................................................................. 146<br />
security add trigger netmeeting....................................................................................... 147<br />
security clear interfaces .................................................................................................. 148<br />
security clear triggers...................................................................................................... 148<br />
security delete interface.................................................................................................. 148<br />
security delete trigger...................................................................................................... 148<br />
security............................................................................................................................ 149<br />
security list interfaces...................................................................................................... 150<br />
security list triggers ......................................................................................................... 150<br />
security set trigger UDPsessionchaining ........................................................................ 150<br />
security set trigger addressreplacement ......................................................................... 151<br />
security set trigger binaryaddressreplacement ............................................................... 152<br />
security set trigger endport ............................................................................................. 153<br />
security set trigger maxactinterval .................................................................................. 153<br />
security set trigger multihost ........................................................................................... 154<br />
security set trigger sessionchaining ................................................................................ 154<br />
security set trigger startport ............................................................................................ 155<br />
security show interface ................................................................................................... 155<br />
security show trigger....................................................................................................... 155<br />
security status................................................................................................................. 156<br />
Firewall Command <strong>Reference</strong> ........................................................................................ 158<br />
Firewall CLI commands .................................................................................................. 158<br />
firewall add policy............................................................................................................ 159<br />
firewall add portfilter........................................................................................................ 160<br />
firewall add validator ....................................................................................................... 162<br />
firewall clear policies ....................................................................................................... 164<br />
firewall clear portfilters .................................................................................................... 164<br />
firewall delete policy........................................................................................................ 165<br />
firewall delete portfilter.................................................................................................... 165<br />
firewall delete validator ................................................................................................... 166<br />
firewall enable|disable..................................................................................................... 166<br />
firewall enable|disable IDS.............................................................................................. 167<br />
firewall enable|disable blockinglog.................................................................................. 168<br />
firewall enable|disable Intrusionlog ................................................................................. 168<br />
firewall enable|disable sessionlog................................................................................... 168<br />
firewall list policies .......................................................................................................... 169<br />
firewall list portfilters........................................................................................................ 169<br />
firewall list validators ....................................................................................................... 170<br />
vi
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
vii<br />
firewall set IDS DOSattackblock ..................................................................................... 171<br />
firewall set IDS MaxICMP ............................................................................................... 171<br />
firewall set IDS MaxPING ............................................................................................... 172<br />
firewall set IDS MaxTCPopenhandshake ....................................................................... 172<br />
firewall set IDS SCANattackblock ................................................................................... 173<br />
firewall set IDS blacklist .................................................................................................. 174<br />
firewall set IDS victimprotection ...................................................................................... 174<br />
firewall set securitylevel .................................................................................................. 175<br />
firewall show IDS ............................................................................................................ 177<br />
firewall show policy ......................................................................................................... 177<br />
Firewall show portfilter .................................................................................................... 178<br />
firewall show validator..................................................................................................... 179<br />
firewall status .................................................................................................................. 180<br />
CHAPTER 9 Network Address Translation - NAT ................................................. 181<br />
Network Address Translation.......................................................................................... 181<br />
Address conservation ..................................................................................................... 181<br />
Security........................................................................................................................... 182<br />
How does NAT work? ..................................................................................................... 182<br />
What about protocols other than UDP and TCP?........................................................... 184<br />
How can you let sessions into servers on the private LAN? ........................................... 184<br />
NAT support on AT-RG6xx Residential Gateway series ................................................ 185<br />
Global IP Address Pools................................................................................................. 185<br />
Reserved Mappings........................................................................................................ 186<br />
Application Level Gateways (ALGs) ............................................................................... 186<br />
Interactions of NAT and other security features.............................................................. 186<br />
Firewall filters and reserved mappings. .......................................................................... 186<br />
NAT and Dynamic Port Opening..................................................................................... 187<br />
NAT and secondary IP addresses .................................................................................. 187<br />
NAT Command <strong>Reference</strong>.............................................................................................. 188<br />
NAT CLI commands........................................................................................................ 188<br />
nat add globalpool........................................................................................................... 188<br />
nat add resvmap globalip................................................................................................ 190<br />
nat add resvmap interface name .................................................................................... 192<br />
nat clear globalpools....................................................................................................... 193<br />
nat clear resvmaps.......................................................................................................... 194<br />
nat delete globalpool....................................................................................................... 194<br />
nat delete resvmap ......................................................................................................... 195<br />
nat disable....................................................................................................................... 195<br />
nat enable ....................................................................................................................... 196<br />
nat iketranslation............................................................................................................. 197<br />
nat list globalpools .......................................................................................................... 198<br />
nat list resvmaps............................................................................................................. 199<br />
nat show globalpool ........................................................................................................ 200<br />
nat show resvmap........................................................................................................... 201<br />
nat status ........................................................................................................................ 201<br />
CHAPTER 10 IGMP snooping and IGMP proxy ....................................................... 203<br />
Multicasting Overview ..................................................................................................... 203<br />
Multicasting principles..................................................................................................... 203<br />
Group addresses ............................................................................................................ 203<br />
IGMP............................................................................................................................... 204<br />
Multicast MAC addresses ............................................................................................... 205<br />
IGMP snooping ............................................................................................................... 205<br />
IGMP snooping on AT-VP6x3 product family ................................................................. 206<br />
Multicast Router Port Discovery...................................................................................... 206<br />
Multicast Hosts Port Discovery ....................................................................................... 206<br />
Leaving a Group ............................................................................................................. 207<br />
Timeout interval expiring................................................................................................. 208<br />
IGMP proxy..................................................................................................................... 208
IGMP Snooping Command <strong>Reference</strong> ........................................................................... 209<br />
IGMP snooping CLI commands...................................................................................... 209<br />
igmp snooping disable .................................................................................................... 209<br />
igmp snooping enable..................................................................................................... 209<br />
igmp snooping set leavetime .......................................................................................... 210<br />
igmp snooping set queryinterval ..................................................................................... 210<br />
igmp snooping set timeout .............................................................................................. 210<br />
igmp snooping show ....................................................................................................... 211<br />
IGMP Proxy Command <strong>Reference</strong> ................................................................................. 212<br />
IGMP proxy CLI commands............................................................................................ 212<br />
igmp proxy set upstreaminterface................................................................................... 212<br />
igmp proxy show upstreaminterface ............................................................................... 212<br />
igmp proxy show status .................................................................................................. 213<br />
CHAPTER 11 Dynamic Host Configuration Protocol - DHCP................................ 214<br />
Introduction ..................................................................................................................... 214<br />
DHCP support on AT-RG6xx Residential Gateway series ............................................. 215<br />
DHCP server................................................................................................................... 215<br />
Example: ......................................................................................................................... 216<br />
DHCP client .................................................................................................................... 218<br />
Lease requirements and requests .................................................................................. 219<br />
Support for AutoIP .......................................................................................................... 219<br />
Additional DHCP client modes........................................................................................ 220<br />
Propagating DNS server information .............................................................................. 220<br />
Automatically setting up a DHCP server......................................................................... 220<br />
Example .......................................................................................................................... 221<br />
DHCP Relay.................................................................................................................... 222<br />
DHCP Server Command <strong>Reference</strong> ............................................................................... 223<br />
DHCP server CLI commands.......................................................................................... 223<br />
dhcpserver add fixedhost................................................................................................ 224<br />
dhcpserver add subnet ................................................................................................... 225<br />
dhcpserver clear fixedhost .............................................................................................. 225<br />
dhcpserver clear subnets................................................................................................ 226<br />
dhcpserver delete fixedhost ............................................................................................ 226<br />
dhcpserver delete subnet................................................................................................ 226<br />
dhcpserver enable|disable .............................................................................................. 227<br />
dhcpserver list fixedhost ................................................................................................. 227<br />
dhcpserver list options .................................................................................................... 228<br />
dhcpserver list subnets ................................................................................................... 229<br />
dhcpserver set allowunknownclients............................................................................... 230<br />
dhcpserver set bootp ...................................................................................................... 230<br />
dhcpserver set defaultleasetime ..................................................................................... 230<br />
dhcpserver set fixedhost ipaddress ................................................................................ 231<br />
dhcpserver set fixedhost macaddress ............................................................................ 231<br />
dhcpserver set fixedhost maxleasetime.......................................................................... 232<br />
dhcpserver set maxleasetime ......................................................................................... 232<br />
dhcpserver set subnet defaultleasetime ......................................................................... 233<br />
dhcpserver set subnet hostisdefaultgateway.................................................................. 233<br />
dhcpserver set subnet hostisdnsserver .......................................................................... 234<br />
dhcpserver set subnet maxleasetime ............................................................................. 235<br />
dhcpserver set subnet subnet......................................................................................... 235<br />
dhcpserver show............................................................................................................. 236<br />
dhcpserver show subnet ................................................................................................. 236<br />
dhcpserver subnet add iprange ...................................................................................... 237<br />
dhcpserver subnet add option......................................................................................... 238<br />
dhcpserver subnet clear ipranges................................................................................... 238<br />
dhcpserver subnet clear options ..................................................................................... 239<br />
dhcpserver subnet delete iprange................................................................................... 239<br />
dhcpserver subnet delete option..................................................................................... 240<br />
dhcpserver subnet list ipranges ...................................................................................... 241<br />
viii
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
ix<br />
dhcpserver subnet list options ........................................................................................ 241<br />
dhcpserver update .......................................................................................................... 242<br />
DHCP Client Command <strong>Reference</strong> ................................................................................ 243<br />
DHCP client CLI commands ........................................................................................... 243<br />
dhcpclient add interfaceconfig ........................................................................................ 244<br />
dhcpclient clear interfaceconfigs..................................................................................... 244<br />
dhcpclient delete interfaceconfig..................................................................................... 245<br />
dhcpclient interfaceconfig add requested option............................................................. 245<br />
dhcpclient interfaceconfig add required option ............................................................... 246<br />
dhcpclient interfaceconfig add sent option...................................................................... 247<br />
dhcpclient interfaceconfig clear requested options......................................................... 247<br />
dhcpclient interfaceconfig clear sent options .................................................................. 248<br />
dhcpclient interfaceconfig delete requested option......................................................... 249<br />
dhcpclient interfaceconfig delete sent option .................................................................. 250<br />
dhcpclient interfaceconfig list requested options ............................................................ 250<br />
dhcpclient interfaceconfig list sent options...................................................................... 251<br />
dhcpclient list interfaceconfigs ........................................................................................ 252<br />
dhcpclient set backoff ..................................................................................................... 253<br />
dhcpclient set interfaceconfig autoip............................................................................... 253<br />
dhcpclient set interfaceconfig clientid ............................................................................. 254<br />
dhcpclient set interfaceconfig defaultroute...................................................................... 255<br />
dhcpclient set interfaceconfig dhcpinform....................................................................... 256<br />
dhcpclient set interfaceconfig dhcpserverpoolsize.......................................................... 256<br />
dhcpclient set interfaceconfig dhcpserverinterface ......................................................... 257<br />
dhcpclient set interfaceconfig givednstoclient................................................................. 258<br />
dhcpclient set interfaceconfig givednstorelay ................................................................. 259<br />
dhcpclient set interfaceconfig interface........................................................................... 260<br />
dhcpclient set interfaceconfig noclientid ......................................................................... 260<br />
dhcpclient set interfaceconfig requestedleasetime ......................................................... 261<br />
dhcpclient set interfaceconfig server............................................................................... 262<br />
dhcpclient set reboot....................................................................................................... 262<br />
dhcpclient set retry.......................................................................................................... 263<br />
dhcpclient show .............................................................................................................. 263<br />
dhcpclient update............................................................................................................ 264<br />
DHCP Relay Command <strong>Reference</strong> ................................................................................ 265<br />
DHCP relay CLI commands............................................................................................ 265<br />
dhcprelay add server ...................................................................................................... 265<br />
dhcprelay clear servers................................................................................................... 265<br />
dhcprelay delete server................................................................................................... 266<br />
dhcprelay enable|disable ................................................................................................ 266<br />
dhcprelay list servers ...................................................................................................... 267<br />
dhcprelay show ............................................................................................................... 267<br />
dhcprelay update ............................................................................................................ 267<br />
CHAPTER 12 Domain Name System -DNS................................................................ 268<br />
Introduction ..................................................................................................................... 268<br />
DNS Relay ...................................................................................................................... 269<br />
DNS Client ...................................................................................................................... 269<br />
DNS Relay Command <strong>Reference</strong> ................................................................................... 270<br />
DNS Relay CLI commands ............................................................................................. 270<br />
dnsrelay add server ........................................................................................................ 270<br />
dnsrelay clear cache ....................................................................................................... 270<br />
dnsrelay clear landatabase ............................................................................................. 271<br />
dnsrelay clear servers..................................................................................................... 271<br />
dnsrelay delete server..................................................................................................... 271<br />
dnsrelay list servers ........................................................................................................ 272<br />
dnsrelay set landatabasefile ........................................................................................... 272<br />
dnsrelay show lanaddress .............................................................................................. 273<br />
dnsrelay show landomainname ...................................................................................... 273<br />
dnsrelay show landatabasefilename............................................................................... 273
DNS Client Command <strong>Reference</strong> ................................................................................... 274<br />
DNS Client CLI commands ............................................................................................. 274<br />
dnsclient add searchdomain ........................................................................................... 274<br />
dnsclient add server........................................................................................................ 274<br />
dnsclient clear searchdomains........................................................................................ 275<br />
dnsclient clear servers .................................................................................................... 275<br />
dnsclient delete searchdomain ....................................................................................... 275<br />
dnsclient delete server.................................................................................................... 276<br />
dnsclient list searchdomains........................................................................................... 276<br />
dnsclient list servers........................................................................................................ 276<br />
CHAPTER 13 SNTP ......................................................................................................... 278<br />
SNTP Features ............................................................................................................... 278<br />
Time Zones and Daylight Savings (Summer Time) Conversion ..................................... 279<br />
SNTP Command <strong>Reference</strong> ........................................................................................... 280<br />
SNTP CLI commands ..................................................................................................... 280<br />
sntpclient set clock.......................................................................................................... 280<br />
sntpclient set mode......................................................................................................... 280<br />
sntpclient set poll-interval................................................................................................ 281<br />
sntpclient set retries........................................................................................................ 282<br />
sntpclient set server........................................................................................................ 282<br />
sntpclient set timeout ...................................................................................................... 283<br />
sntpclient set timezone ................................................................................................... 283<br />
sntpclient show association ............................................................................................ 285<br />
sntp show status ............................................................................................................. 286<br />
sntpclient sync ................................................................................................................ 286<br />
CHAPTER 14 PPPoE ........................................................................................................ 287<br />
PPPoE support on the AT-RG6xx Residential Gateway series ...................................... 288<br />
Adding and attaching PPPoE connections ..................................................................... 289<br />
Negotiation of PPPoE connections................................................................................. 289<br />
PPPoE Command <strong>Reference</strong> ......................................................................................... 291<br />
PPPoE CLI commands ................................................................................................... 291<br />
pppoe add transport........................................................................................................ 291<br />
pppoe clear transports .................................................................................................... 293<br />
pppoe delete transport.................................................................................................... 293<br />
pppoe list transports........................................................................................................ 293<br />
pppoe set transport accessconcentrator......................................................................... 294<br />
pppoe set transport autoconnect .................................................................................... 295<br />
pppoe set transport autoconnect FILTER ADD .............................................................. 295<br />
pppoe set transport autoconnect FILTER delete ............................................................ 296<br />
pppoe set transport ENABLED/DISABLED .................................................................... 297<br />
pppoe set transport givedns client .................................................................................. 297<br />
pppoe set transport givedns relay................................................................................... 298<br />
pppoe set transport lcpechoevery................................................................................... 299<br />
pppoe set transport lcpmaxconf...................................................................................... 300<br />
pppoe set transport lcpmaxfail ........................................................................................ 300<br />
pppoe set transport lcpmaxterm ..................................................................................... 301<br />
pppoe set transport STATIC_IP/DYNAMIC_IP............................................................... 302<br />
pppoe set transport password......................................................................................... 302<br />
pppoe set transport servicename.................................................................................... 303<br />
pppoe set transport username........................................................................................ 304<br />
pppoe set transport welogin............................................................................................ 305<br />
pppoe show transport ..................................................................................................... 306<br />
CHAPTER 15 VoIP Analogue and Digital access ports ............................................ 309<br />
Introduction ..................................................................................................................... 309<br />
Analog Ports ................................................................................................................... 310<br />
Digital Ports..................................................................................................................... 310<br />
x
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
xi<br />
ISDN BRI Physical Layer ................................................................................................ 311<br />
ISDN Layer 2 - LAPD...................................................................................................... 312<br />
ISDN Layer 3 - Call Control ............................................................................................ 312<br />
Common ......................................................................................................................... 312<br />
Port configuration............................................................................................................ 313<br />
Digit Map......................................................................................................................... 313<br />
Dial Mask ........................................................................................................................ 315<br />
Voice Coder/Decoder...................................................................................................... 315<br />
Voice Quality Management............................................................................................. 317<br />
Volume Gain Control....................................................................................................... 318<br />
G.168 Line Echo Cancellation (8 ms – 32 ms tail length)............................................... 318<br />
Voice Activity Detection (VAD) / Comfort Noise Generation (CNG) ............................... 318<br />
Telecom Tones Management ......................................................................................... 319<br />
Country-specific Telecom Tones .................................................................................... 320<br />
Telecom Tones Customization ....................................................................................... 321<br />
Port enable/disable ......................................................................................................... 322<br />
VoIP EP Command <strong>Reference</strong> ....................................................................................... 323<br />
voip ep CLI commands ................................................................................................... 323<br />
voip ep create ................................................................................................................. 325<br />
voip ep delete.................................................................................................................. 326<br />
voip ep disable ................................................................................................................ 327<br />
voip ep enable................................................................................................................. 327<br />
voip ep list ....................................................................................................................... 328<br />
voip ep set cfwd .............................................................................................................. 328<br />
voip ep set cng................................................................................................................ 330<br />
voip ep set codecs .......................................................................................................... 331<br />
voip ep set country.......................................................................................................... 331<br />
voip ep set dialmask ....................................................................................................... 332<br />
voip ep set dialmode....................................................................................................... 333<br />
voip ep set digitmap........................................................................................................ 334<br />
voip ep set idt-critical ...................................................................................................... 334<br />
voip ep set idt-partial....................................................................................................... 335<br />
voip ep set jitterdelay ...................................................................................................... 336<br />
voip ep set lec................................................................................................................. 336<br />
voip ep set offhook-time.................................................................................................. 337<br />
voip ep set onhook-time.................................................................................................. 338<br />
voip ep set rxgain............................................................................................................ 338<br />
voip ep set txgain............................................................................................................ 339<br />
voip ep set vad................................................................................................................ 339<br />
voip ep show ................................................................................................................... 340<br />
voip ep signaling add ...................................................................................................... 341<br />
voip ep signaling create .................................................................................................. 342<br />
voip ep ignaling delete .................................................................................................... 344<br />
voip ep signaling list........................................................................................................ 344<br />
voip ep signaling remove ................................................................................................ 345<br />
voip ep signaling show.................................................................................................... 345<br />
VoIP Lifeline Command <strong>Reference</strong>................................................................................. 347<br />
voip lifeline CLI commands............................................................................................. 347<br />
voip LIFELINE DISABLE................................................................................................. 347<br />
voip LIFELINE ENABLE.................................................................................................. 347<br />
voip LIFELINE show ....................................................................................................... 348<br />
CHAPTER 16 VoIP SIP ................................................................................................... 349<br />
Introduction ..................................................................................................................... 349<br />
SIP Protocol.................................................................................................................... 349<br />
Protocol Components ..................................................................................................... 350<br />
SIP Messages................................................................................................................. 352<br />
AT-RG613, AT-RG623 and AT-RG656 Call Processes ................................................. 353<br />
Calls Involving Another Terminal .................................................................................... 353<br />
Calls Involving a Terminal and a SIP Endpoint............................................................... 354
VoIP SIP Servers, Users & Forwarding Database.......................................................... 355<br />
Introduction ..................................................................................................................... 355<br />
SIP Servers..................................................................................................................... 356<br />
Users............................................................................................................................... 357<br />
Forwarding Database (FDB)........................................................................................... 359<br />
VoIP SIP Command <strong>Reference</strong> ...................................................................................... 362<br />
VoIP sip protocol CLI commands.................................................................................... 362<br />
voip sip protocol disable.................................................................................................. 362<br />
voip sip protocol enable .................................................................................................. 363<br />
voip sip protocol restart................................................................................................... 363<br />
voip sip protocol set defaultport ...................................................................................... 363<br />
voip sip protocol set EXTENSION .................................................................................. 364<br />
voip sip protocol set NAT................................................................................................ 365<br />
voip sip protocol set NETINTERFACE............................................................................ 365<br />
voip sip protocol set roundtriptime .................................................................................. 366<br />
voip sip protocol set SESSIONEXPIRE .......................................................................... 366<br />
voip sip protocol show..................................................................................................... 366<br />
VoIP SIP Locationserver Command <strong>Reference</strong>.............................................................. 368<br />
voip sip locationserver CLI commands ........................................................................... 368<br />
voip sip locationserver create ......................................................................................... 368<br />
voip sip locationserver delete.......................................................................................... 369<br />
voip sip LOCATIONSERVER list .................................................................................... 369<br />
voip sip locationserver SET MASTER ............................................................................ 370<br />
VoIP SIP Proxyserver Command <strong>Reference</strong> .................................................................. 371<br />
voip sip proxyserver CLI commands............................................................................... 371<br />
voip sip proxyserver create............................................................................................. 371<br />
voip sip PROXYSERVER delete..................................................................................... 372<br />
voip sip PROXYSERVER list .......................................................................................... 372<br />
voip sip PROXYSERVER SET MASTER ....................................................................... 373<br />
VoIP SIP User Command <strong>Reference</strong>.............................................................................. 374<br />
voip sip user CLI commands........................................................................................... 374<br />
voip sip user add............................................................................................................. 374<br />
voip sip user create......................................................................................................... 375<br />
voip sip user delete......................................................................................................... 376<br />
voip sip user list .............................................................................................................. 377<br />
voip sip user remove....................................................................................................... 378<br />
voip sip user show .......................................................................................................... 378<br />
VoIP SIP FDB Command <strong>Reference</strong> .............................................................................. 380<br />
voip sip fdb CLI commands............................................................................................. 380<br />
voip sip fdb create........................................................................................................... 380<br />
voip sip fdb delete........................................................................................................... 381<br />
voip sip fdb list ................................................................................................................ 382<br />
voip sip fdb show ............................................................................................................ 382<br />
CHAPTER 17 VoIP H323................................................................................................. 384<br />
Introduction ..................................................................................................................... 384<br />
H.323 Protocols .............................................................................................................. 384<br />
H.323 Components......................................................................................................... 385<br />
Terminals ........................................................................................................................ 385<br />
Gateways........................................................................................................................ 385<br />
Gatekeepers ................................................................................................................... 385<br />
Multipoint Control Units................................................................................................... 386<br />
Protocols Specified by H.323.......................................................................................... 386<br />
Audio CODEC................................................................................................................. 386<br />
Video CODEC................................................................................................................. 386<br />
H.225 Registration, Admission, and Status .................................................................... 387<br />
H.225 Call Signaling ....................................................................................................... 387<br />
H.245 Control Signaling .................................................................................................. 387<br />
Real-Time Transport Protocol......................................................................................... 387<br />
Real-Time Transport Control Protocol ............................................................................ 387<br />
xii
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
xiii<br />
Terminal Characteristics ................................................................................................. 388<br />
Gateway and Gatekeeper Characteristics ...................................................................... 388<br />
Gateway Characteristics ................................................................................................. 388<br />
Gatekeeper Characteristics ............................................................................................ 389<br />
AT-RG613, AT-RG623 and AT-RG656 Call Processes ................................................. 389<br />
Calls Involving Another Terminal .................................................................................... 389<br />
Calls Involving a Terminal and a H.323 Endpoint ........................................................... 390<br />
VoIP H323 Users ............................................................................................................ 391<br />
Introduction ..................................................................................................................... 391<br />
Users............................................................................................................................... 392<br />
VoIP H323 Command <strong>Reference</strong> ................................................................................... 394<br />
VoIP h323 protocol CLI commands ................................................................................ 394<br />
voip h323 protocol disable .............................................................................................. 394<br />
voip h323 protocol enable............................................................................................... 395<br />
voip H323 protocol set alias............................................................................................ 395<br />
voip h323 protocol set connect ....................................................................................... 396<br />
voip H323 protocol set gatekeeper ................................................................................. 396<br />
voip H323 protocol set netinterface ................................................................................ 397<br />
voip H323 protocol set q931port ..................................................................................... 397<br />
voip H323 protocol set rasport ........................................................................................ 398<br />
voip h323 protocol set registration.................................................................................. 398<br />
voip h323 protocol set response ..................................................................................... 399<br />
voip H323 protocol set secondarygatekeeper................................................................. 399<br />
voip h323 protocol show ................................................................................................. 400<br />
VoIP H323 User Command <strong>Reference</strong>........................................................................... 401<br />
voip H323 user CLI commands....................................................................................... 401<br />
voip h323 user add ......................................................................................................... 401<br />
voip h323 user create ..................................................................................................... 402<br />
voip h323 user delete...................................................................................................... 403<br />
voip h323 user list ........................................................................................................... 403<br />
voip h323 user remove ................................................................................................... 404<br />
voip h323 user show....................................................................................................... 405<br />
VoIP H323 FDB Command <strong>Reference</strong> ........................................................................... 406<br />
voip h323 fdb CLI commands ......................................................................................... 406<br />
voip h323 fdb create ....................................................................................................... 406<br />
voip h323 fdb delete........................................................................................................ 407<br />
voip h323 fdb list............................................................................................................. 407<br />
voip h323 fdb show......................................................................................................... 408<br />
CHAPTER 18 VoIP MGCP ............................................................................................. 409<br />
Introduction ..................................................................................................................... 409<br />
Connections & Endpoints................................................................................................ 409<br />
MGCP Protocol Commands............................................................................................ 411<br />
NotificationRequest......................................................................................................... 411<br />
Notify............................................................................................................................... 411<br />
CreateConnection........................................................................................................... 411<br />
ModifyConnection ........................................................................................................... 412<br />
DeleteConnection ........................................................................................................... 412<br />
AuditEndpoint.................................................................................................................. 412<br />
AuditConnection.............................................................................................................. 413<br />
RestartInProgress........................................................................................................... 413<br />
MGCP Command reference ........................................................................................... 414<br />
MGCP commands........................................................................................................... 414<br />
voip mgcp protocol disable ............................................................................................. 414<br />
voip mgcp protocol enable .............................................................................................. 415<br />
voip mgcp protocol restart............................................................................................... 415<br />
voip mgcp protocol set defaultport .................................................................................. 415<br />
voip mgcp protocol set nat .............................................................................................. 416<br />
voip mgcp protocol set netinterface ................................................................................ 416<br />
voip mgcp protocol set profile ......................................................................................... 417
voip mgcp protocol show ................................................................................................ 418<br />
voip mgcp callagent create ............................................................................................. 418<br />
voip mgcp callagent delete ............................................................................................. 419<br />
voip mgcp callagent list................................................................................................... 419<br />
CHAPTER 19 VoIP QoS and Media ............................................................................. 421<br />
Introduction ..................................................................................................................... 421<br />
QoS................................................................................................................................. 421<br />
Media .............................................................................................................................. 422<br />
VoIP QoS Command <strong>Reference</strong>..................................................................................... 423<br />
VoIP QoS CLI commands............................................................................................... 423<br />
voip qos set dscp ............................................................................................................ 423<br />
voip qos set tos............................................................................................................... 423<br />
voip qos SHOW .............................................................................................................. 424<br />
VoIP Media Command <strong>Reference</strong> .................................................................................. 425<br />
VoIP Media CLI commands ............................................................................................ 425<br />
voip media set portrange ................................................................................................ 425<br />
voip media set rtcp.......................................................................................................... 425<br />
voip MEDIA SET SESSIONTIMEOUT............................................................................ 426<br />
voip MEDIA SHOW......................................................................................................... 426<br />
CHAPTER 20 ZTC............................................................................................................ 429<br />
Introduction ..................................................................................................................... 429<br />
Functional blocks ............................................................................................................ 429<br />
ZTC Network Architecture............................................................................................... 430<br />
ZTC Client....................................................................................................................... 431<br />
Storing Unit Configuration............................................................................................... 432<br />
Pull-at-startup.................................................................................................................. 432<br />
Scheduled-pull ................................................................................................................ 433<br />
ZTC Command reference ............................................................................................... 435<br />
ZtcClient commands ....................................................................................................... 435<br />
ztcclient enable dynamic................................................................................................. 435<br />
ztcclient enable static...................................................................................................... 436<br />
ztcclient disable............................................................................................................... 436<br />
ztcclient show.................................................................................................................. 436<br />
ztcclient set ..................................................................................................................... 437<br />
ztcclient update ............................................................................................................... 437<br />
CHAPTER 21 <strong>Software</strong> Update ..................................................................................... 438<br />
Introduction ..................................................................................................................... 438<br />
FTP server ...................................................................................................................... 439<br />
TFTP server.................................................................................................................... 439<br />
Windows Loader.......................................................................................................... 440<br />
SwUpdate module........................................................................................................... 441<br />
Plug-and-play.................................................................................................................. 444<br />
xiv
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
xv<br />
List of figures<br />
Figure 1. IP Packet overview........................................................................................................................... 38<br />
Figure 2. Tagged frame format according to IEEE 802.3ac standard............................................................. 54<br />
Figure 3. VLAN and IP layer architecture (the greyed area surrounds the entities always available in the<br />
system) ..................................................................................................................................................... 58<br />
Figure 4. IP interface over VLAN - basic steps ............................................................................................... 59<br />
Figure 5. IP packet or datagram. ..................................................................................................................... 73<br />
Figure 6. Subdivision of the 32 bits of an Internet address into network and host fields for class A, B and C<br />
networks. .................................................................................................................................................. 75<br />
Figure 7. Security modules on AT-RG6xx Residential Gateway series. ....................................................... 138<br />
Figure 8. Security interfaces on AT-RG6xx Residential Gateway series. ..................................................... 139<br />
Figure 9. Firewall module and related objects............................................................................................... 143<br />
Figure 10. Address Conservation using NAT ................................................................................................ 182<br />
Figure 11. External access to an FTP server ................................................................................................ 185<br />
Figure 12. Domain Name System ................................................................................................................. 268<br />
Figure 13. PPP is used by Internet Service Providers (ISPs) to allow dial-up users to connect to the Internet.<br />
................................................................................................................................................................ 287<br />
Figure 14. ISDN Basic Access. ..................................................................................................................... 311<br />
Figure 15. VoIP subsystem configuration - basic steps. ............................................................................... 312<br />
Figure 16. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone................................ 354<br />
Figure 17. Phone --> AT-RG613/RG623 (A) --> SIP IP Phone................................................................. 355<br />
Figure 18. VoIP subsystem configuration - basic steps. ............................................................................... 356<br />
Figure 19. H.323 Terminals on a Packet Network......................................................................................... 385<br />
Figure 20. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone................................ 390<br />
Figure 21. Phone --> AT-RG613/RG623 (A) --> H323 IP Phone.............................................................. 391<br />
Figure 22. VoIP H323 subsystem configuration - basic steps....................................................................... 392<br />
Figure 23. ZTC network architecture............................................................................................................. 430<br />
Figure 24. Pull-at-Startup ZTC phase........................................................................................................... 433<br />
Figure 25. Scheduled-pull ZTC phase.......................................................................................................... 434<br />
Figure 26. Access to the Residential Gateway TFTP server......................................................................... 440<br />
Figure 27. The Windows Loader................................................................................................................ 441<br />
Figure 28. DHCPCONF like SwUpdate operation mode............................................................................... 442
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
Preface<br />
Purpose of this <strong>Manual</strong><br />
This manual is the complete reference to the configuration, management and<br />
operation of the AT-RG613, AT-RG623 and AT-RG656 Residential Gateway, and<br />
includes detailed descriptions of all management commands.<br />
AT-RG613, AT-RG623 and AT-RG656 are Customer Promise Equipment (CPE)<br />
designed to provide data and VoIP access for multiple users in Small Office/Home<br />
Office (SOHO), Small to Medium Enterprise (SME), Branch Offices or customer<br />
residence, wanting very fast download combining broadband access with Internet<br />
telephony services.<br />
Using these intelligent equipment the customer can use broadband integrated<br />
services for telephony, Internet and Internet Video.<br />
The VoIP residential gateway, fitted with a number of ports for interconnection of<br />
traditional domestic appliances (telephone, fax, personal computer), acts as an<br />
adapter for the conversion and management of all the necessary protocols for using<br />
advanced multimedia services:<br />
• Low cost telephony using Internet protocol (VoIP)<br />
• Fast Internet navigation<br />
• Video on demand<br />
• Interactive services<br />
The main features of the device are listed below:<br />
• one 10/100 BaseT Ethernet port for uplink (WAN port)<br />
• three 10/100 BaseT Ethernet ports for connecting user equipment (pc, printer, etc.)<br />
• two analog VoIP ports for connecting two analog telephones or faxes (AT-<br />
RG613TX(J) models) plus one analogue FXO port for connecting to PBX or to<br />
Local Exchange (AT-RG613TXJ model only)<br />
• two digital VoIP ports for connecting up to 8 digital telephones or faxes (AT-<br />
RG623TX model)<br />
• Switching function using the same analogue terminal from VoIP to PSTN
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong><br />
xvii<br />
• IEEE 802.1q tag based VLAN<br />
• QoS packet prioritization support: per port, 802.1p and DiffServ based<br />
• Programmable rate limiting, ingress port, egress port, per port basis.<br />
• IGMP v1/v2 snooping for multicast packet filtering<br />
• PPPOE<br />
• DHCP Server and Relay<br />
• DNS Relay<br />
• Compliant with SIP protocol and H323 v2 protocol<br />
• TFTP - Trivial File Transfer Protocol support<br />
• NTP - Network Time Protocol support<br />
Configuration and management of the device through:<br />
• Serial interface (CLI)<br />
• Telnet<br />
• SNMP<br />
• Zero Touch Configuration<br />
Moreover AT-RG613, AT-RG623 and AT-RG656 integrate advanced router features<br />
like:<br />
• Firewall<br />
• Dynamic Port Opening<br />
• Attack Detection and Blocking<br />
• Advanced Network Address Translation (NAT)<br />
Intended Audience<br />
This manual is intended for the system administrator, network manager or<br />
communications technician who will configure and maintain AT-RG613, AT-RG623<br />
and AT-RG656, or who manages a network of AT-RG613, AT-RG623 and AT-RG656<br />
Residential Gateways.<br />
It is assumed that the reader is familiar with:<br />
• The topology of the network in which the Residential Gateway is to be used.<br />
• Basic principles of computer networking, protocols and routing, and interfaces.<br />
• Administration and operation of a computer network.<br />
Most of the commands described in this manual require superuser privilege and can<br />
only be entered from a terminal or port, which has been logged with superuser<br />
privilege.<br />
<br />
For further information please refer to the “SNMP <strong>Reference</strong> <strong>Manual</strong>”
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 1<br />
Standards and Protocols<br />
Supported Standards and Protocols<br />
Table 1 lists the protocols and standards supported by the AT-RG613, AT-RG623<br />
and AT-RG656 Residential Gateway and the references where these protocols and<br />
standards are defined.<br />
Protocol/standard<br />
<strong>Reference</strong><br />
ARP RFCs 826, 925.<br />
Assigned Numbers RFC 1700.<br />
DHCP RFCs 2131, 2132.<br />
DNS RFCs 1034, 1035<br />
H.323 ITU H.323, ITU H.225, ITU H.245<br />
ICMP RFCs 792, 950.<br />
IEEE 802.2 ANSI/IEEE Std 802.2-1985.<br />
IEEE 802.3<br />
IGMP RFCs 2236, 1112<br />
ANSI/IEEE Std 802.3-1985, 802.3a, b, c, e-1988.<br />
IP RFCs 791, 821, 950, 951, 1009, 1055, 1122, 1144,<br />
1349, 1542, 1812, 1858.<br />
IP addressing RFC 1597.<br />
ISDN<br />
ITU-T I.430 (Basic Rate Access)<br />
ETSI ETS 300 402-1 (Layer 2)<br />
ETSI ETS 300 403-1 (Layer 3)<br />
NTP RFCs 958, 1305, 1510.<br />
PPP over Ethernet RFC 2516<br />
RTP-RTCP RFC 1889, ITU G.711, ITU G.723, ITU G.729<br />
SDP RFC 2327<br />
SIP RFC 2543<br />
SNMP, MIBs RFCs 1155, 1157, 1213, 1239, 1315, 1398, 1493,<br />
1514, 1573, 2233.<br />
TCP RFC 793.<br />
Telnet RFCs 854–858, 932 1091.<br />
TFTP RFC 1350.<br />
UDP RFC 768.<br />
VLAN IEEE Std 802.1Q<br />
Table 1. Protocols and standards supported by AT-RG613, AT-RG623 and AT-<br />
RG656 Residential Gateway.<br />
Obtaining Copies of Internet Protocols and Standards<br />
The Internet Protocols are defined in Requests For Comments (RFCs). RFCs are<br />
developed and published under the auspices of the Internet Engineering Steering
2 Preface<br />
Group (IESG) of the Internet Engineering Task Force (IETF). For more information<br />
about the IESG and IETF, visit the IETF web site at http://www.ietf.org/.<br />
For more information about RFCs and Internet Drafts (the starting point for RFCs),<br />
visit the RFC Editor web site at http://www.rfc-editor.org/. This site has information<br />
about the RFC standards process, archives of RFCs and current Internet Drafts, links<br />
to RFC indexes and search engines, and a list of other RFC repositories.<br />
RFCs can be obtained electronically from many RFC repositories, mail servers,<br />
World Wide Web (WWW), Gopher or WAIS sites. A good starting point for finding<br />
the nearest RFC repository is to point your Web browser at http://www.isi.edu/innotes/rfc-retrieval.txt.<br />
Background Reading<br />
For an introduction to the Internet Protocols refer to:<br />
DDN Protocol Handbook, Elizabeth J. Feinler, 1991, DDN Network Information Center,<br />
SRI International, 333 Ravenswood Avenue, Menlo Park, CA 94025, USA. Email:<br />
nic@nic.ddn.mil.<br />
Internetworking with TCP/IP — Volume I: Principles, protocols and architecture<br />
(2nd Edition), Douglas E. Comer, 1991, Prentice-Hall International, Inc., New Jersey.<br />
ISBN 0-13-474321-0.<br />
Internetworking with TCP/IP — Volume II: Design, implementation, and internals,<br />
Douglas E. Comer and David L. Stevens, 1991, Prentice-Hall International, Inc., New<br />
Jersey. ISBN 0-13-472242-6.<br />
Internetworking with TCP/IP — Volume III: Client-server programming and<br />
applications, Douglas E. Comer and David L. Stevens, 1993, Prentice-Hall<br />
International, Inc., New Jersey. ISBN 0-13-474222-2.<br />
For a description of layered protocols refer to:<br />
Computer networks (2nd Edition), Andrew S. Tanenbaum, 1989, Prentice-Hall<br />
International, Inc., New Jersey. ISBN 0-13-162959-0.<br />
For an introduction to PPP refer to:<br />
Using and Managing PPP, Andrew Sun, O’Reilly; ISBN: 1565923219; (March 1999).<br />
For an introduction to network management refer to:<br />
The simple book — An introduction to management of TCP/IP-based Internets,<br />
Marshall T. Rose, 1991, Prentice-Hall International, Inc. ISBN 013812611-9.<br />
For an introduction to VOIP refer to:<br />
Internet Communications Using SIP, Henry Sinnreich, Alan B. Johnston.<br />
SIP: Understanding the Session Initiation Protocol, Alan B. Johnston.<br />
IP Telephony with H.323: Architectures for Unified Networks and Integrated Services,<br />
Vineet Kumar, Markku Korpi, Senthil Sengodan.<br />
Publicly Accessible Documents<br />
<strong>Allied</strong> Telesyn maintains an online archive of documents and files that customers<br />
can access via the World Wide Web or via anonymous FTP. For WWW access, point<br />
your Web browser at http://www.alliedtelesyn.com/.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 3<br />
Conventions used in command definitions<br />
A number of symbols, typographic and stylist conventions are used throughout this<br />
manual to help user in learning and to specify command syntax (see Table 2).<br />
This typeface<br />
ALL CAPS<br />
Is used for<br />
Command keywords to be typed as shown. Generally,<br />
keywords may be abbreviated to the shortest string that is<br />
unambiguous within the current context.<br />
italics<br />
< ><br />
[ ]<br />
{ | | }<br />
Italics are used for denoting a user-specified value.<br />
Angle brackets denote compulsory command-line<br />
parameters or values.<br />
Square brackets denote optional command-line<br />
parameters or values..<br />
Curly brackets, in conjunction with vertical<br />
bars, denote a set of alternative commandline<br />
parameters or values.<br />
Table 2. Typographic conventions used in this manual.<br />
Commands are described under Command <strong>Reference</strong> within the section to which they<br />
apply.
4 Chapter 1 – System Management<br />
Chapter 1<br />
System Management<br />
This chapter provides some basic instructions about how login to the CLI and the<br />
different types of user access.<br />
Logging into the CLI<br />
Itʹs possible to use two different connections in order to access the Command Line<br />
Interface:<br />
Serial Connection<br />
Itʹs possible to access the CLI interface through a serial connection using a terminal<br />
emulator program like, for example, Windows Hyper Terminal with the following<br />
default parameters:<br />
• bit rate: 38400 bps<br />
• data bits: 8<br />
• parity: none<br />
• stop bits: 1<br />
• flow control: none<br />
TCP/IP connection<br />
Itʹs possible to access the CLI interface through a TCP/IP connection by opening a<br />
Telnet session with the following default parameters:<br />
• ip address: 192.168.1.1 (factory default)<br />
• telnet port: 23<br />
As soon the connection is established, a login and password are requested.<br />
The following default values give superuser access to the CLI commands and must<br />
be used only by administrators to configure the system and to create user access<br />
with restricted privileges:<br />
login: manager
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 5<br />
password: friend<br />
Command Line Interface and Console<br />
The CLI is the Command Line Interface used in the AT-RG613, AT-RG623 and AT-<br />
RG656 Residential Gateway to configure and manage the unit.<br />
It provides full access to the following system modules:<br />
console<br />
dhcp client<br />
dhcp relay<br />
dhcp server<br />
dns client<br />
dns relay<br />
ethernet<br />
firewall<br />
igmp<br />
ip<br />
nat<br />
pppoe<br />
security<br />
sntp client<br />
switch<br />
system<br />
transport<br />
user<br />
vlan<br />
voip<br />
webserver<br />
ztc client<br />
Webserver<br />
The AT-RG613, AT-RG623 and AT-RG656 are designed to provide the ability to<br />
configure the system using a Graphical User Interface (GUI) instead of - or together<br />
with - the Command Line Interface (for future release).<br />
<br />
To keep the system design open to these future improvements, all CLI<br />
commands are actually processed by the webserver module that acts like a<br />
parsing and pre-processing layer between the user and the software module the<br />
command refers to.<br />
For this reason, syntax errors due to incorrect CLI commands, typically report<br />
the webserver source as reference for the cause of the error.<br />
<br />
Webserver commands are accessible from the Command Line Interface for users<br />
with superuser access permission.<br />
Because the webserver is still under development it is strongly discouraged to<br />
make any changes to this module because this could lead to system instability<br />
or could block access to the command line.
6 Chapter 1 – System Management<br />
File System<br />
The AT-RG613, AT-RG623 and AT-RG656 application processes require that<br />
configuration information be accessible when they start up, and that configuration<br />
changes are retained for future operation.<br />
To fulfill the above requirements, two processes are provided, namely the ‘In Store<br />
File System’ and the ‘FLASH File System’. These two processes are referred to as isfs<br />
and flashfs, respectively, in this document.<br />
The two file systems provide a standard file interface to application processes.<br />
The isfs provides for volatile, run-time file storage; whereas the flashfs provides nonvolatile<br />
file storage.<br />
The critical period for such a system occurs when the flash memory itself is being<br />
updated, as a power failure could result in data corruption and hence an inoperable<br />
system.<br />
In the AT-RG613, AT-RG623 and AT-RG656, flash memory is divided into three<br />
main areas:<br />
BOOT code<br />
System configuration information<br />
Run-time images and their configuration information<br />
Boot code<br />
The Boot ROM program normally resides in flashfs, in a reserved portion of the first<br />
flash device. This code is run when the system is first booted and provides self-test<br />
code as well as the ability to load the main run-time images.<br />
The Boot ROM area is not normally accessible for either reading or writing by flashfs,<br />
so is rarely, if ever, rewritten.<br />
System configuration information<br />
System configuration information includes information such as the system MAC<br />
address. This information is rarely, if ever, updated once it has been set.<br />
Run-time images<br />
The flashfs file system provides permanent storage of files and is not normally used<br />
other than at start of day or when re-writing the flash. In addition to configuration<br />
files, flashfs stores the software image, which is loaded by the BOOT ROM after<br />
system restart.<br />
After system restart and during system initialization, flashfs files are copied into isfs<br />
so that they are accessible by application processes. Typically, applications use the<br />
isfs files to store their configuration data. Changes made to the configuration can be<br />
written back into isfs, and subsequently flashfs, with the config save command.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 7<br />
During a flashsfs update, all configuration files in isfs are written back to flashfs<br />
irrespective of whether they have changed or not. Normally the software image is<br />
not rewritten.<br />
The flashfs configuration files can be considered the ‘master’ copies, and the isfs files<br />
the runtime copies. If the isfs copies are written back to the flashfs, the current<br />
settings will be will be preserved.<br />
<br />
The Command Line Interface doesnʹt allow access to the flashfs filing system or<br />
to the isfs in store file system because this is not required in typical user<br />
situations.<br />
The Flash file system flashfs, in store file system isfs and special debug functions<br />
can be access through a nested command line called the console.<br />
The console command line can be used only if you have appropriate access<br />
permissions and is typically hidden from the user. It is used only for specific<br />
maintenance purposes.<br />
This Administration <strong>Manual</strong> doesnʹt cover console commands.<br />
Access permissions to the CLI<br />
There are three access level options for CLI users that provide different levels of<br />
allowed operations:<br />
default user - can use CLI commands. Cannot access to console commands.<br />
engineer user - can use CLI commands. Can access to limited console commands.<br />
super user - can use CLI commands. Can access the full console command set. Can<br />
also set up user login accounts, save backup configuration and restore factory<br />
settings.<br />
To create new user accounts, use the system add user or system add login commands.<br />
The accounts created by these commands default to low privileges.<br />
To change user privileges, use the system set user access or system set login access<br />
commands.<br />
To list the current user or login accounts, use the system list user or system list login<br />
commands, respectively.<br />
System Configuration Management<br />
The original way to manage the system configuration in AT-RG600 series was to<br />
save the information in the im.conf file (Information Model). The Information<br />
Model is written in ASCII code but it is not easily readable for the following reasons:<br />
• It has a tree structure organized in nodes and attributes.
8 Chapter 1 – System Management<br />
• It reports all the nodes and attributes present in the configuration, including<br />
all the attributes that are set to the default values. (On average an im.conf<br />
file is composed of five hundred rows but it can be much longer.<br />
The following picture shows a part of a generic im.conf file.<br />
# Information Model configuration file<br />
version 4<br />
N ImGwaAdmins ImGwaAdmins<br />
N ImGwaAdmin ImGwaAdmins.gwa_admin<br />
A Profile none<br />
N ImGwaSips ImGwaSips<br />
N ImGwaSip ImGwaSips.gwa<br />
A ControlProtocol SIP<br />
A Enable true<br />
A Authentication proxy<br />
A DefaultPort 5060<br />
A KeepAlive disabled<br />
A KeepAlive_Time 300<br />
A NAT none<br />
A NetInterface ip0<br />
A RTT 500<br />
A SE 1800<br />
A Support none<br />
A TimerB 32<br />
N ImGwaSipLSs ImGwaSips.gwa.ImGwaSipLSs<br />
N ImGwaSipLS ImGwaSips.gwa.ImGwaSipLSs.myloc<br />
A Contact 192.168.1.3<br />
A Master false<br />
N ImGwaSipLS ImGwaSips.gwa.ImGwaSipLSs.myloc2<br />
A Contact 192.168.1.4<br />
A Master false<br />
N ImGwaSipPSs ImGwaSips.gwa.ImGwaSipPSs<br />
N ImGwaSipPS ImGwaSips.gwa.ImGwaSipPSs.mypx<br />
A Contact 192.168.1.100<br />
A Master false<br />
N ImGwaSipPS ImGwaSips.gwa.ImGwaSipPSs.mypx2<br />
A Contact 192.168.1.101<br />
A Master false<br />
……………………<br />
Starting with version 2-0-2, the concept of “configuration files” and the features to<br />
manage them has been introduced.<br />
A configuration file is a text file containing the list of commands that have to be<br />
executed in order to move the device from the default to the desired configuration.<br />
The list of the command is more readable that the im.conf format.<br />
AT-RG600 can store up to 8 configuration file. One of them can be set as “boot<br />
configuration file”. The boot configuration file is loaded after the startup (See<br />
system config set command)<br />
It is possible download a configuration using the ftp or the tftp protocol (See<br />
system config get command)<br />
It is also possible create a configuration file on the device using the command<br />
system config create.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 9<br />
<br />
Please note that the System Config Management will be completed in a future<br />
version. Now the configuration file created on the device is created in the old<br />
im.conf format. AT-RG600 is able to manage completely both the formats.<br />
System Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to configure and manage the System module.<br />
System CLI commands<br />
The table below lists the system commands provided by the CLI:<br />
Command<br />
SYSTEM ADD USER<br />
SYSTEM ADD LOGIN<br />
SYSTEM CONFIG CREATE<br />
SYSTEM CONFIG DELETE<br />
SYSTEM CONFIG GET<br />
SYSTEM CONFIG LIST<br />
SYSTEM CONFIG RESTORE FACTORY<br />
SYSTEM CONFIG SET<br />
SYSTEM CONFIG SHOW<br />
SYSTEM DELETE LOGIN<br />
SYSTEM DELETE USER<br />
SYSTEM INFO<br />
SYSTEM LIST ERRORS<br />
SYSTEM LIST USERS<br />
SYSTEM LIST LOGINS<br />
SYSTEM LOG<br />
SYSTEM LOG ENABLE|DISABLE<br />
SYSTEM LOG LIST<br />
SYSTEM NAME<br />
SYSTEM RESTART<br />
SYSTEM SET LOGIN ACCESS<br />
SYSTEM SET LOGIN MAYCONFIGURE<br />
SYSTEM SET LOGIN MAYDIALIN
10 Chapter 1 – System Management<br />
SYSTEM SET USER ACCESS<br />
SYSTEM SET USER MAYCONFIGURE<br />
SYSTEM SET USER MAYDIALIN<br />
<br />
Please note that the following commands, used in previous versions of the<br />
software, have now been dismissed:<br />
SYSTEM CONFIG BACKUP<br />
SYSTEM CONFIG RESTORE {BACKUP|[filename]}<br />
SYSTEM CONFIG SAVE<br />
SYSTEM ADD USER<br />
Syntax SYSTEM ADD USER [ʺcommentʺ]<br />
Description This command adds a user (typically a PPP user) to the system. Only a Super user<br />
can use this command.<br />
Default Setting The default settings in the table below are applied to new accounts that are added<br />
using the system add user command. (A different set of defaults are applied to a new<br />
account added using the SYSTEM ADD LOGIN command.)<br />
Option<br />
dialin to the system<br />
login to the system<br />
configuration permissions<br />
access permissions<br />
Default Setting<br />
enabled<br />
disabled<br />
disabled<br />
default user<br />
Options The following table gives the range of values for each option that can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default value<br />
name<br />
comment<br />
A unique user name made up of more than<br />
one character that identifies an individual<br />
user and lets the user access the system.<br />
An optional comment about the user that is<br />
displayed when you type the commands<br />
system list users and system list logins.<br />
N/A<br />
No comment<br />
added<br />
Example --> system add user ckearns ["Typical user"]<br />
See also SYSTEM SET USER ACCESS<br />
SYSTEM SET USER MAYDIALIN<br />
SYSTEM SET USER MAYCONFIGURE<br />
SYSTEM LIST USERS
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 11<br />
SYSTEM DELETE USER<br />
SYSTEM ADD LOGIN<br />
Syntax SYSTEM ADD LOGIN [ʺcommentʺ]<br />
Description This command adds a user to the system. Only a Superuser can use this command.<br />
Default setting The default settings in the table below are applied to new accounts that are added<br />
using the system add login command. (A different set of defaults are applied to a new<br />
account added using the SYSTEM ADD USER command.)<br />
Option<br />
dialin to the system<br />
login to the system<br />
configuration permissions<br />
access permissions<br />
Default Setting<br />
disabled<br />
enabled<br />
enabled<br />
default user<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default value<br />
name<br />
comment<br />
A unique login name made up of more<br />
than one character that identifies an<br />
individual user and lets the user access<br />
the system.<br />
An optional comment about the user<br />
that is displayed when you type the<br />
commands SYSTEM LIST USERS and<br />
SYSTEM LIST LOGINS.<br />
N/A<br />
Blank (No<br />
comment added)<br />
Example --> system add login ckearns "temporary contractor"<br />
See also SYSTEM DELETE LOGIN<br />
SYSTEM LIST LOGINS<br />
SYSTEM CONFIG CREATE<br />
Syntax SYSTEM CONFIG CREATE <br />
Description This commands is used to create a configuration file named , containing<br />
the actual configuration of the device and to save it into the flash.<br />
The created configuration file contains all the commands needed to move the device<br />
from the default configuration to the run-time configuration.
12 Chapter 1 – System Management<br />
It is possible to create at least eight configuration files, but when a configuration file<br />
is created using a filename that already exists, the new one will overwrite the old<br />
one even if it is the boot configuration file.<br />
Example --> system config create myfile.cfg<br />
See also SYSTEM CONFIG DELETE<br />
SYSTEM CONFIG GET<br />
SYSTEM CONFIG LIST<br />
SYSTEM CONFIG RESTORE FACTORY<br />
SYSTEM CONFIG SET<br />
SYSTEM CONFIG SHOW<br />
<br />
Please note that the System Config Management will be completed in a future<br />
version. Now the configuration file created on the device is created in the old<br />
im.conf format. AT-RG600 is able to manage completely both the formats.<br />
SYSTEM CONFIG DELETE<br />
Syntax SYSTEM CONFIG DELETE <br />
Description Delete the configuration file named from the flash. It is not possible to<br />
delete the boot configuration file, though.<br />
Example --> system config delete myfile.cfg<br />
See also SYSTEM CONFIG CREATE<br />
SYSTEM CONFIG GET<br />
SYSTEM CONFIG LIST<br />
SYSTEM CONFIG RESTORE FACTORY<br />
SYSTEM CONFIG SET<br />
SYSTEM CONFIG SHOW<br />
SYSTEM CONFIG GET<br />
Syntax SYSTEM CONFIG GET <br />
Description The command retrieves a configuration file from a remote TFTP or FTP server.<br />
If the retrieved configuration file has the same filename as an existing file, the new<br />
file will overwrite the old one even if it is the boot configuration file.<br />
Options It is possible to specify in the parameter the remote filename, the server IP<br />
address or hostname and the protocol used in the url; accepted formats are in fact:<br />
• tftp://host:port/path/filename<br />
• ftp://user:password@host:port/path/filename<br />
where:
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 13<br />
• host = server where the TFTP or FTP server is running. It can be a hostname or an<br />
Ip address;<br />
• port = port used by the TFTP or FTP server;<br />
• Path = path from the TFTP or FTP server root directory to the desired position;<br />
• user:password = user and password must be used to login on a FTP server.<br />
Example --> system config get tftp://192.168.1.100/rg600/myconf.cfg<br />
Retrieves the configuration file named myconf.cfg from the TFTP server<br />
192.168.1.100, in the directory rg600, and saves it into the flash memory.<br />
-->system config get tftp://tftp.atkk.com/rg600/myconf.cfg<br />
Retrieves the configuration file named myconf.cfg from the TFTP server<br />
tftp.atkk.com.<br />
--> system config get ftp://guest:guest@ftp.atkk.it/my.cfg<br />
Retrieves the configuration file named my.cfg from the FTP server ftp.atkk.it. User<br />
“guest” and password “guest” are used to log on the FTP server.<br />
See also SYSTEM CONFIG CREATE<br />
SYSTEM CONFIG DELETE<br />
SYSTEM CONFIG LIST<br />
SYSTEM CONFIG RESTORE FACTORY<br />
SYSTEM CONFIG SET<br />
SYSTEM CONFIG SHOW<br />
SYSTEM CONFIG LIST<br />
Syntax SYSTEM CONFIG LIST<br />
Description List all the configuration files present in memory.<br />
Example --> system config list<br />
See also SYSTEM CONFIG CREATE<br />
SYSTEM CONFIG DELETE<br />
SYSTEM CONFIG LIST<br />
SYSTEM CONFIG RESTORE FACTORY<br />
SYSTEM CONFIG SET<br />
SYSTEM CONFIG SHOW<br />
SYSTEM CONFIG RESTORE FACTORY<br />
Syntax SYSTEM CONFIG RESTORE FACTORY<br />
Description Restores the factory configuration from the //isfs/im.conf.factory file. Only Super<br />
users can use this command. The factory configuration is immediately restored. No<br />
device reboot is needed.
14 Chapter 1 – System Management<br />
Example --> system config restore factory<br />
See also SYSTEM CONFIG CREATE<br />
SYSTEM CONFIG DELETE<br />
SYSTEM CONFIG GET<br />
SYSTEM CONFIG LIST<br />
SYSTEM CONFIG SET<br />
SYSTEM CONFIG SHOW<br />
<br />
Another safet way to restore the default configuration is to exec the following<br />
procedure:<br />
system config set factory<br />
system config restart<br />
SYSTEM CONFIG SET<br />
Syntax SYSTEM CONFIG SET {|FACTORY|NONE}<br />
Description The command sets one of the configuration files as the “boot configuration file”.<br />
The configuration contained in this configuration file in not loaded immediately but<br />
it is loaded after the reboot of the device.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default value<br />
NONE<br />
FACTORY<br />
AT-RG600 is set with only the default<br />
vlan and ip0 interface with a static IP<br />
address set to 192.168.1.1.<br />
AT-RG600 is set with only the default<br />
vlan and ip0 interface with a dynamic IP<br />
address. The DHCP Discovery provides<br />
and requires all the options needed for<br />
the software update / ztc feature<br />
NA<br />
NA<br />
The indicated file NA<br />
Example --> system config set myconf.cfg<br />
Sets the configuration file named myconf.cfg as boot configuration file<br />
--> system config set factory<br />
No configuration files are set as boot configuration file. After the restart the device<br />
will be configured as factory default.<br />
See also SYSTEM CONFIG CREATE<br />
SYSTEM CONFIG DELETE<br />
SYSTEM CONFIG GET
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 15<br />
SYSTEM CONFIG LIST<br />
SYSTEM CONFIG RESTORE FACTORY<br />
SYSTEM CONFIG SHOW<br />
SYSTEM CONFIG SHOW<br />
Syntax SYSTEM CONFIG SHOW {}<br />
Description The command shows the boot configuration file set on the device. If a filename is<br />
specified, the command shows the contents of the specified configuration file.<br />
Options The following table gives the range of values for each option that can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default value<br />
<br />
The indicated file<br />
Example --> system config show myconf.cfg<br />
Displays on the CLI the contents of the configuration file myconf.cfg present in flash<br />
memory.<br />
See also SYSTEM CONFIG CREATE<br />
SYSTEM CONFIG DELETE<br />
SYSTEM CONFIG GET<br />
SYSTEM CONFIG LIST<br />
SYSTEM CONFIG RESTORE FACTORY<br />
SYSTEM CONFIG SET<br />
SYSTEM DELETE LOGIN<br />
Sy/ntax SYSTEM DELETE LOGIN <br />
Description This command deletes a user that has been added to the system using the SYSTEM<br />
ADD LOGIN command. Only a Super user can use this command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Description Default value Option<br />
name The name of an existing user. N/A<br />
Example --> system delete login ckearns<br />
See also SYSTEM ADD LOGIN
16 Chapter 1 – System Management<br />
SYSTEM DELETE USER<br />
Syntax SYSTEM DELETE USER <br />
Description This command deletes a user that has been added to the system using the SYSTEM<br />
ADD USER command or the SYSTEM ADD LOGIN command. Only a Super user<br />
can use this command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name The name of an existing user. N/A<br />
Example --> system delete user ckearns<br />
See also SYSTEM ADD USER<br />
SYSTEM ADD LOGIN<br />
SYSTEM INFO<br />
Syntax SYSTEM INFO<br />
Description This command displays the vendor ID, URL, base MAC address and hardware and<br />
software version details of the current Residential Gateway system.<br />
Example --> system info<br />
Global System Configuration:<br />
Vendor: <strong>Allied</strong> <strong>Telesis</strong> K.K.<br />
URL: http://www.allied-telesis.co.jp/<br />
MAC address: 00:0d:da:00:05:fe<br />
Hardware ver: RG613TX A2<br />
<strong>Software</strong> ver: 2-0-1_22<br />
Recovery ver: 1-2-2_2<br />
Build type: RELEASE<br />
--><br />
System Name:<br />
System Location:<br />
System Contact:<br />
SYSTEM LIST ERRORS<br />
Syntax SYSTEM LIST ERRORS
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 17<br />
Description This command displays a system error log. The error log contains the following<br />
information:<br />
• the time (in minutes) that an error occured, calculated from the start of your login<br />
session<br />
• the module that was affected by the error<br />
• a brief description of the error itself<br />
Example --> system list errors<br />
Error log:<br />
When | Who | What<br />
------------|------------|-------------------------------------------------<br />
104 | webserver | webserver:Failed to create node type 'ImRfc1483'<br />
104 | webserver | webserver:Invalid argument:Failed to open port<br />
a4 (may already be in use, or invalid port name)<br />
---------------------------------------------------------------------------<br />
See also SYSTEM LIST USERS<br />
SYSTEM LIST LOGINS<br />
SYSTEM LIST OPENFILES<br />
Syntax SYSTEM LIST OPENFILES <br />
Description This command allows you to display low-level debug information about specific<br />
open file handles.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
The name of a file which has open file handles<br />
associated with it.<br />
N/A<br />
Example --> system list openfiles bun<br />
qid devuse appuse colour flags lasterrno<br />
console 0000004b 00000000 00400000 3 0<br />
console 00000027 00000000 00400000 5 0<br />
console 00000003 00000000 00400000 5 0<br />
See also SYSTEM LOG ENABLE|DISABLE<br />
SYSTEM LIST USERS<br />
Syntax SYSTEM LIST USERS<br />
Description This command displays a list of users and logins added to the system using the<br />
SYSTEM ADD USER and SYSTEM ADD LOGIN commands. The same information<br />
is displayed by the SYSTEM LIST LOGINS command.<br />
The list contains the following information:
18 Chapter 1 – System Management<br />
• user ID number<br />
• user name<br />
• configuration permissions (enabled or disabled)<br />
• dialin permissions (enabled or disabled)<br />
• access level (default, engineer or super user)<br />
• comment (any comments that were included when the user was added to the<br />
system)<br />
Example --> system list users<br />
Users:<br />
May May Access<br />
ID | Name | Conf. | Dialin | Level | Comment<br />
-----|------------|----------|----------|------------|---------------------<br />
1 | admin | ENABLED | disabled | superuser | Default admin user<br />
---------------------------------------------------------------------------<br />
See also SYSTEM LIST ERRORS<br />
SYSTEM LIST LOGINS<br />
SYSTEM LIST LOGINS<br />
Syntax SYSTEM LIST LOGINS<br />
Description This command displays a list of logins and users added to the system using the<br />
SYSTEM ADD LOGIN and SYSTEM ADD USER commands. The same information<br />
is displayed by the SYSTEM LIST USERS command.<br />
The list contains the following information:<br />
• user ID number<br />
• user name<br />
• configuration permissions (enabled or disabled)<br />
• dial in permissions (enabled or disabled)<br />
• access level (default, engineer or super user)<br />
• comment (any comments that were included when the user was added to the<br />
system)<br />
Example --> system list logins<br />
Users:<br />
May May Access<br />
ID | Name | Conf. | Dialin | Level | Comment<br />
-----|------------|----------|----------|------------|--------------------<br />
1 | admin | ENABLED | disabled | superuser | Default admin user<br />
--------------------------------------------------------------------------<br />
See also SYSTEM LIST ERRORS<br />
SYSTEM LIST USERS
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 19<br />
SYSTEM LOG<br />
Syntax SYSTEM LOG {NOTHING|WARNINGS|INFO|TRACE|ENTRYEXIT|ALL}<br />
Description This command sets the level of output that is displayed by the CLI for various<br />
modules. Setting a level also implicitly displays the level(s) below it.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
NOTHING No extra output is displayed. N/A<br />
WARNINGS Non-fatal errors are displayed. N/A<br />
INFO<br />
TRACE<br />
ENTRYEXIT<br />
ALL<br />
Certain program messages are displayed.<br />
Also displays the values for the warnings<br />
option.<br />
Detailed trace output is displayed. Also<br />
displays the values for info and warnings<br />
options.<br />
A message is displayed every time a<br />
function call is entered or left. Also displays<br />
the values for trace, info and warnings<br />
options.<br />
All output is displayed. Also displays the<br />
values for entryexit, trace, info and warnings<br />
options.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> system log all<br />
SYSTEM LOG ENABLE|DISABLE<br />
Syntax SYSTEM LOG {ENABLE|DISABLE} RIP {ERRORS|RX|TX}<br />
SYSTEM LOG {ENABLE|DISABLE} IP {ICMP|RAWIP|UDP|TCP|ARP|SOCKET}<br />
Description This command enables/disables the tracing support output that is displayed by the<br />
CLI for a specific module and module category. The command is used for<br />
debugging purposes. The available values for module and category are displayed<br />
by the SYSTEM LOG LIST command. The current list of supported modules is RIP<br />
and IP.<br />
Each individual module has its own specific module category (see Examples). The<br />
output produced when a particular option is enabled depends on that option, and<br />
on the trace statements in the module which are executed. The general purpose of<br />
this tracing is to:<br />
• show how data packets pass through the system
20 Chapter 1 – System Management<br />
• demonstrate how packets are processed and what they contain<br />
• display any error conditions that occur<br />
•<br />
For example ip rawip tracing shows that an IP packet has been received, sent or<br />
discarded due to an error. Brief details of the packet are displayed to identify it.<br />
The RIP and IP modules provide separate categories which are enabled and<br />
disabled independently. For example, if you enable ip rawip, it does not affect ip udp,<br />
and so on.<br />
To display a list of modules and categories and their enable/disable status, see<br />
SYSTEM LOG LIST.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
Enables tracing support output for a<br />
specified specific module and module<br />
category.<br />
Disables tracing support output for a<br />
specified specific module and module<br />
category.<br />
disable<br />
Examples RIP<br />
--> system log enable rip rx<br />
enabled logging for the receiving of RIP packets<br />
See also SYSTEM LOG LIST<br />
SYSTEM LOG<br />
SYSTEM LOG LIST<br />
Syntax SYSTEM LOG LIST []<br />
Description The system log list command displays the tracing options for the modules available<br />
in the current image that you are using. The SYSTEM LOG LIST MODULE<br />
command displays the tracing options for an individual module specified in the<br />
command. Both commands display the current status of the tracing options set<br />
using the command SYSTEM LOG ENABLE|DISABLE.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
module<br />
The name of a module that exists in your<br />
current image build. This can be either RIP<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 21<br />
or IP.<br />
Examples system log list<br />
--> system log list<br />
rip errors (ENABLED)<br />
rip rx (disabled)<br />
rip tx (disabled)<br />
ip icmp (disabled)<br />
ip rawip (ENABLED)<br />
ip udp (disabled)<br />
ip tcp (disabled)<br />
ip arp (disabled)<br />
ip socket (disabled)<br />
system log list <br />
--> system log list ip<br />
ip icmp (disabled)<br />
ip rawip (ENABLED)<br />
ip udp (disabled)<br />
ip tcp (disabled)<br />
ip arp (disabled)<br />
ip socket (disabled)<br />
See also SYSTEM LOG<br />
SYSTEM LOG ENABLE|DISABLE<br />
SYSTEM NAME<br />
Syntax SYSTEM NAME {NONE | ]<br />
Description This command sets the system name.<br />
To show the current system name use the system info command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
sys-name The name of the system. none<br />
Example --> system name myRG600<br />
SYSTEM RESTART<br />
Syntax SYSTEM RESTART<br />
Description This command restarts the Residential Gateway.<br />
Example --> system restart
22 Chapter 1 – System Management<br />
SYSTEM SET LOGIN ACCESS<br />
Syntax SYSTEM SET LOGIN ACCESS {DEFAULT|ENGINEER|SUPERUSER}<br />
Description This command sets the access permissions of a user who has been added to the<br />
system using the SYSTEM ADD LOGIN command. Only a Super user can use this<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name The name of an existing user. N/A<br />
DEFAULT/<br />
ENGINEER/<br />
SUPERUSER<br />
Access permissions for a user.<br />
Default<br />
Example --> system set login ckearns access engineer<br />
See also SYSTEM SET LOGIN MAYCONFIGURE<br />
SYSTEM SET LOGIN MAYDIALIN<br />
For more information on the types of user access permissions, see Access<br />
permissions to the CLI.<br />
SYSTEM SET LOGIN MAYCONFIGURE<br />
Syntax SYSTEM SET LOGIN MAYCONFIGURE {ENABLED|DISABLED}<br />
Description This command sets configuration permissions for a user who has been added to the<br />
system using the ADD SYSTEM LOGIN or the ADD SYSTEM USER command.<br />
Only a Super user can use this command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name The name of an existing user. N/A<br />
ENABLED/<br />
DISABLED<br />
Determines whether or not a user can<br />
configure the system.<br />
enabled<br />
Example --> system set login ckearns mayconfigure disabled<br />
See also SYSTEM SET LOGIN ACCESS<br />
SYSTEM SET LOGIN MAYDIALIN
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 23<br />
SYSTEM SET LOGIN MAYDIALIN<br />
Syntax SYSTEM SET LOGIN MAYDIALIN {ENABLED|DISABLED}<br />
Description This command sets dialin permissions for a user who has been added to the system<br />
using the SYSTEM ADD LOGIN command. Only a Super user can use this<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name The name of an existing user. N/A<br />
ENABLED/<br />
DISABLED<br />
Determines whether or not a user can dialin<br />
to the system.<br />
disabled<br />
Example --> system set login ckearns maydialin enabled<br />
See also SYSTEM SET LOGIN ACCESS<br />
SYSTEM SET LOGIN MAYCONFIGURE<br />
SYSTEM SET USER ACCESS<br />
Syntax SYSTEM SET USER ACCESS {DEFAULT|ENGINEER|SUPERUSER}<br />
Description This command sets the access permissions of a user who has been added to the<br />
system using the SYSTEM ADD USER command. Only a Super user can use this<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name The name of an existing user. N/A<br />
DEFAULT/<br />
ENGINEER/<br />
SUPERUSER<br />
Allows you to set the access permissions for<br />
a user.<br />
default<br />
Example --> system set user ckearns access default<br />
See also SYSTEM SET USER MAYCONFIGURE<br />
SYSTEM SET USER MAYDIALIN<br />
SYSTEM SET USER MAYCONFIGURE<br />
Syntax SYSTEM SET USER MAYCONFIGURE {ENABLED|DISABLED}
24 Chapter 1 – System Management<br />
Description This command sets configuration permissions for a user who has been added to the<br />
system using the ADD SYSTEM USER command. Only a Super user can use this<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name The name of an existing user. N/A<br />
ENABLED/<br />
DISABLED<br />
Determines whether or not a user can<br />
configure the system.<br />
disabled<br />
Example --> system set user ckearns mayconfigure enabled<br />
See also SYSTEM SET USER ACCESS<br />
SYSTEM SET USER MAYDIALIN<br />
SYSTEM SET USER MAYDIALIN<br />
Syntax SYSTEM SET USER MAYDIALIN {ENABLED|DISABLED}<br />
Description This command sets dial in permissions for a user who has been added to the system<br />
using the SYSTEM ADD USER command. Only a Super user can use this command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name The name of an existing user. N/A<br />
ENABLED/<br />
DISABLED<br />
Determines whether or not a user can dialin<br />
to the system.<br />
enabled<br />
Example --> system set user ckearns maydialin enabled<br />
See also SYSTEM SET USER ACCESS<br />
SYSTEM SET USER MAYCONFIGURE
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 25<br />
User Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to configure and manage system Users.<br />
User CLI commands<br />
The table below lists the user commands provided by the CLI:<br />
Command<br />
USER LOGOUT<br />
USER PASSWORD<br />
USER CHANGE<br />
USER LOGOUT<br />
Syntax USER LOGOUT<br />
Description This command logs you out of the system. Default, Engineer and Super users can<br />
use this command.<br />
Example --> user logout<br />
Logging out.<br />
Login:<br />
USER PASSWORD<br />
Syntax USER PASSWORD<br />
Description This command allows you to change your user password. Default, Engineer and<br />
Super users can use this command.<br />
Example --> user password<br />
Enter new password *****<br />
Again to verify *****<br />
USER CHANGE<br />
Syntax USER CHANGE <br />
Description This command allows you to change your login to that of another named user.<br />
Super users can use this command. When you change your login to that of a user<br />
with Default or Engineer access permissions, you lose your Super user privileges<br />
and inherit the access permissions of either the Default or Engineer user.<br />
Options The following table gives the range of values for each option which can be specified
26 Chapter 1 – System Management<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A unique login name made up of more than<br />
one character that identifies an individual<br />
user and lets the user access the system.<br />
N/A<br />
Example --> user change admin<br />
You are now logged in as user `admin' ...<br />
See also SYSTEM ADD USER
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 27<br />
Web Server Command <strong>Reference</strong><br />
This chapter describes the Web Server CLI commands.<br />
Web Server CLI commands<br />
The table below lists the Web Server commands provided by the CLI:<br />
Command<br />
WEBSERVER CLEAR STATS<br />
WEBSERVER ENABLE|DISABLE<br />
WEBSERVER SET INTERFACE<br />
WEBSERVER SET<br />
MANAGEMENTIP<br />
WEBSERVER SET PORT<br />
WEBSERVER SET UPNPPORT<br />
WEBSERVER SHOW INFO<br />
WEBSERVER SHOW STATS<br />
WEBSERVER CLEAR STATS<br />
Syntax WEBSERVER CLEAR STATS<br />
Description This command sets all of the Web Server process counters to 0.<br />
Example --> webserver clear stats<br />
See also WEBSERVER SHOW INFO<br />
WEBSERVER ENABLE|DISABLE<br />
Syntax WEBSERVER {ENABLE|DISABLE}<br />
Description This command enables or disables the Web Server process.<br />
By default, the Web Server process is enabled.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
Enables the Web Server process.<br />
Disables the Web Server process.<br />
enable
28 Chapter 1 – System Management<br />
Example --> webserver disable<br />
WebServer is disabled<br />
WEBSERVER SET INTERFACE<br />
Syntax WEBSERVER SET INTERFACE <br />
Description This command specifies the name of an IP interface that the system will use for<br />
UPnP (Universal Plug and Play) communication with other devices on the local area<br />
network.<br />
<br />
Universal Plug and Play support is for future releases.<br />
You must save your configuration (see SYSTEM CONFIG SAVE) and restart your<br />
system (see SYSTEM RESTART) to activate the Web Server settings.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
interface<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the ip list interfaces command.<br />
Iplan<br />
Example --> webserver set interface ip<br />
See also WEBSERVER SET UPNPPORT<br />
WEBSERVER SET MANAGEMENTIP<br />
Syntax WEBSERVER SET MANAGEMENTIP {ip-address}<br />
Description This command causes connections to the Webserver to be allowed from only one IP<br />
address, (e.g. from an IP address that is used by a management device) or from any<br />
IP address (by setting the IP address to 0.0.0.0).<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ip-address<br />
The only IP address that the Web Server<br />
will allow connection requests from. The IP<br />
address is displayed in the following<br />
format: 192.168.102.3<br />
0.0.0.0<br />
Example --> webserver set managementip 192.168.102.3
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 29<br />
Management IP address is 192.168.102.3<br />
WEBSERVER SET PORT<br />
Syntax WEBSERVER SET PORT <br />
Description This command sets the HTTP port number that the Web Server process will use for<br />
accepting connections (from a WEB Browser).<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
port<br />
A valid port number that must be between<br />
0 and 65535.<br />
80<br />
Example --> webserver set port 100<br />
HTTP port number is 100<br />
See also WEBSERVER SET UPNPPORT<br />
WEBSERVER SET UPNPPORT<br />
Syntax WEBSERVER SET UPNPPORT <br />
Description This command sets the TCP port number that the Web Server process will use for<br />
UPnP communication.<br />
<br />
Universal Plug and Play support is for future releases.<br />
You must save your configuration (see SYSTEM CONFIG SAVE) and restart your<br />
system (see SYSTEM RESTART) to activate the Web Server settings.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
port<br />
A valid UPnP port number that must be<br />
between 0 and 65535.<br />
N/A<br />
Example --> webserver set upnpport 280<br />
See also WEBSERVER SET PORT<br />
WEBSERVER SHOW INFO<br />
Syntax WEBSERVER SHOW INFO
30 Chapter 1 – System Management<br />
Description This command displays the following information about the Web Server process:<br />
• EmWeb (Embedded Web Server) release details<br />
• Web Server enabled status (true or false)<br />
• Interface set<br />
• HTTP port set<br />
• UPnP port set<br />
• Management IP address<br />
Example --> webserver show info<br />
Web server configuration:<br />
EmWeb release: R6_0_0E_ISOS<br />
Enabled: true<br />
Interface: lan<br />
HTTP port: 80<br />
UPnP port: 280<br />
Management IP address: 1.2.3.4<br />
See also WEBSERVER CLEAR STATS<br />
WEBSERVER SHOW STATS<br />
Syntax WEBSERVER SHOW STATS<br />
Description This command tells you how many bytes have been transmitted and received by the<br />
Web Server.<br />
Example --> webserver show stats<br />
Web Server statistics:<br />
Bytes transmitted: 2122<br />
Bytes received: 0<br />
See also WEBSERVER SHOW INFO
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 31<br />
Console Access Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to access the Console module.<br />
The Console module is used only for engineer troubleshooting and is not supported<br />
a as user accessible module.<br />
Console access CLI commands<br />
The table below lists the console access commands provided by the CLI:<br />
Command<br />
CONSOLE ENABLE<br />
CONSOLE PROCESS<br />
CONSOLE ENABLE<br />
Syntax CONSOLE ENABLE<br />
Description This command allows you to enter console mode in order to use the console<br />
commands. Only Super users can use this command.<br />
Example --> console enable<br />
Switching from CLI to console mode - type `exit' to return<br />
See also CONSOLE PROCESS<br />
CONSOLE PROCESS<br />
Syntax CONSOLE PROCESS <br />
Description This command allows you to enter a single usable console command without<br />
switching to console mode. You cannot enter blacklisted console commands using<br />
this CLI command. Users with Engineer or Super user access can use this command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
console command<br />
A usable console command. You can find a<br />
list of usable commands with a link to<br />
further information about each usable<br />
command at the start of each chapter in this<br />
manual.<br />
N/A<br />
Example The following console process example enters the usable console command, bridge
32 Chapter 1 – System Management<br />
portfilter:<br />
--> console process bridge portfilter<br />
portfilter 2 all<br />
portfilter 3 all<br />
See also CONSOLE ENABLE<br />
CONSOLE COMMAND - EXIT<br />
<br />
This console command has not been replaced by a CLI command. This is a<br />
special console command to allow Super users to return to the CLI from the<br />
console.<br />
Syntax EXIT<br />
Description This console command allows you to return to the CLI after you have entered<br />
console mode using the command CONSOLE ENABLE. When you want to exit<br />
console mode and return to the CLI, you need to type exit in the root of the console.<br />
Only Super users can use this command.<br />
Example --> exit<br />
Returning to CLI from console<br />
See also CONSOLE ENABLE
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 33<br />
Chapter 2<br />
Switch<br />
Introduction<br />
The AT-RG613, AT-RG623 and AT-RG656 residential gateways include an<br />
integrated layer 2 managed switch providing 5 Fast Ethernet transceivers<br />
supporting 10Base-T and 100Base-TX modes, high performance memory bandwidth<br />
(wire speed) and an extensive feature set including tag port based VLAN, QoS<br />
priority, VLAN tagging and MIB counters.<br />
The layer 2 switch uses one 100Base-TX port as an internal port to communicate to<br />
the central processor in order to access layer 3 services such as routing, VoIP<br />
signaling and traffic, firewall and NAT security modules.<br />
The following is the complete set of features available in the switch module:<br />
• IEEE 802.1q tag based VLAN (up to 16 VLANs)<br />
• VLAN ID tag/untag options, per port basis<br />
• Programmable rate limiting, ingress port, egress port, per port basis.<br />
• IGMP v1/v2 snooping for multicast packet filtering<br />
• QoS packet prioritization support: per port, 802.1p and DiffServ based<br />
• Integrated look-up engine with dedicated 1 K unicast MAC addresses<br />
• Automatic address learning, address aging and address migration<br />
• Full duplex IEEE 802.3x & half-duplex back pressure flow control<br />
• Automatic MDI/MDI-X crossover for plug-and-play on all the ports<br />
Switch Core Functional Overview<br />
Address Look-up<br />
The internal look up table stores MAC addreses and their associated information. It<br />
contains a 1K unicast address table plus switching information.
34 Chapter 2 – Switch<br />
Learning<br />
The internal look up engine updates its table with a new entry in the following<br />
conditions:<br />
• the received packetʹs Source Address does not exist in the look up table;<br />
• the received packet is good: the packet has no receive errors and is of legal length.<br />
The look up engine inserts the qualified Source Address into the table, along with<br />
the port number and VLAN information (see below). If the table is full, the last entry<br />
of the table is deleted for the new entry.<br />
To see the current look up entries use the SWITCH SHOW FDB command.<br />
Migration<br />
The internal look up engine monitors whether a station has moved. If so, it updates<br />
the table accordingly. Migration happens in the following conditions:<br />
• the received packet Source Address is in the table but the associated source port<br />
information is different;<br />
• the received packet is good; the packet has no receive errors and is of legal length.<br />
In this case the look up engine updates the existing record in the table with the new<br />
source port information.<br />
Aging<br />
The look up engine updates the timestamp information of a record whenever the<br />
corresponding Source Address appears. The time stamp is used in the aging<br />
process. If a record is not updated for a period of time, the look up engine removes<br />
the record from the table.<br />
The look up engine constantly performs the aging process and is continuously<br />
removing expired records.<br />
The aging period can be set to normal (300 seconds) or fast (800 usecs) or can be<br />
disabled.<br />
Use the SWITCH SET AGINGTIMER command to change aging period or use<br />
SWITCH DISABLE AGINGTIMER to disable aging.<br />
Forwarding<br />
If 802.1q VLAN mode is enabled, the switch assign a VID to every ingress packet.<br />
• If the packet is untagged or tagged with a null VID, the packet is assigned to the<br />
default port VID of the ingress port.<br />
• If the packet is tagged with a non-null VID, the VID in the tag will be used.<br />
The look up process will start from the VLAN table look up. The 12 bit VID value is<br />
converted to a 4 bit FID value (an internal value that represents up to 16 VLANs).<br />
• If the VID is not valid, the packet will be dropped and no address learning will<br />
take place.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 35<br />
• If the VID is valid, the forwarding FID is retrieved. Both the combinations<br />
FID+DA (Destination Address) and FID+SA (Source Address) are looked for in<br />
the forwarding table. The FID+DA look up determines the forwarding ports.<br />
• If FID+DA lookup fails to find a match, the packet will be broadcasted to all<br />
the members (excluding the ingress port) of the VLAN.<br />
• If FID+SA lookup fails, the FID+SA will be learned (ie added to the<br />
forwarding table).<br />
Switching engine<br />
The integrated layer 2 switch features a high performance switching engine to move<br />
data to and from the MACʹs, packet buffers. It operates in store and forward mode<br />
while the efficient switching mechanism reduces overall latency<br />
The integrated layer 2 switch has a 64kB internal frame buffer pool. This is<br />
structured as 512 buffers, with each buffer 128 bytes in size. This resource is shared<br />
between all five ports (4 ports user accessible and one internal reserved for<br />
communication to system main processor).<br />
All the ports are allowed to use any free buffer in the buffer pool.<br />
Rate limiting support<br />
The integrated layer 2 switch supports hardware rate limiting on ʺreceiveʺ and<br />
ʺtransmitʺ independently on a per port basis. It also supports rate limiting in a<br />
priority or non-priority environment.<br />
The rate limit starts from 0kbps and goes up to the line rate in steps of 32 kbps. The<br />
switch uses one second as an interval. At the beginning of each interval, the counter<br />
is cleared to zero, and the rate limit mechanism starts to count the number of bytes<br />
during this interval.<br />
For receive, if the number of bytes exceeds the programmed limit, the switch will<br />
stop receiving packets on the port until the ʺone secondʺ interval expires.<br />
There is an option provided for flow control to prevent packet loss. If the rate limit<br />
is set to 128kbps or greater and the byte counter is 8Kbytes below the limit, the flow<br />
control will be triggered. If the rate limit is set to less than 128kpbs and the byte<br />
counter is 2Kbytes below the limit, the flow control will be triggered.<br />
Ingress Filtering limiting support<br />
The infiltering parameter enables or disables Ingress Filtering of frames admitted on<br />
the specified ports.<br />
A port can be TAGGED to one or more VLANs or UNTAGGED to one only (See<br />
chapter 3). Ingress Filtering Feature (infiltering) acts only for TAGGED ports and<br />
allows filtering of incoming packets.<br />
• Infiltering ON: only TAGGED packets with a VID equals to the VLANs belonged<br />
by the port are admitted. UNTAGGED packets are not admitted.<br />
• Infiltering OFF: Both, TAGGED packets with a VID equals to the VLANs<br />
belonged by the port and UNTAGGED packets are admitted.<br />
• TAGGED packets with VID different from the VLANs belonged by the port are<br />
always discarded
36 Chapter 2 – Switch<br />
When the Infiltering is set to OFF the untagged packets are forwarded to the default<br />
VLAN (VID = 1).<br />
This is true for all the models but the ATRG656. For this platform it is possible set a<br />
“defaultvid” parameter in order to forward the untagged port to the vlan specified<br />
by “defaultvid”.<br />
Layer 3 routing rate limiting<br />
The integrated layer 2 switch is able to limit traffic that goes to the Residential<br />
Gateway network processor where routing tasks need to be performed.<br />
Limitation on the maximum routing rate is necessary to preserve system resources<br />
for high priority tasks like VoIP and IGMP proxy.<br />
To set the maximum routing rate limit use the SWITCH SET ROUTING-LIMIT<br />
command. The maximum routing rate can be selected between 1.0Kfps (Kilo frame<br />
per second) and 6.0Kfps with 0.5Kfps granularity. Selecting NONE equals to disable<br />
the support for routing rate limiting. In this case there is no filter to the traffic<br />
arriving to the network processor and system stability could be affected if traffic is<br />
too high.<br />
If the number of frame per seconds that need to be routed to the network processor<br />
are higher than the selected maximu rate, the layer 2 switch discards packets<br />
addressed to the network processor in order to force the average traffic rate to be<br />
below the target rate.<br />
Class of Service and Differentiated Services<br />
The integrated layer 2 switch support two Class of Service (CoS) mechanisms: IEEE<br />
802.1p tagging (Layer 2) and Differentiated Services (DS) as an advanced<br />
architecture of ToS (Layer 3).<br />
802.1p Traffic Priority<br />
The IEEE 802.1P signaling technique is an IEEE endorsed specification for<br />
prioritizing network traffic at the data-link/MAC sublayer (OSI <strong>Reference</strong> Model<br />
Layer 2).<br />
802.1p traffic is simply classified and sent to the destination; no bandwidth<br />
reservations are established.<br />
802.1p is a spin-off of the 802.1q (VLANs tagging) standard and they work in<br />
tandem (see Figure 1).<br />
The 802.1Q standard specifies a tag that appends to a MAC frame. The VLAN tag<br />
carries VLAN information. The VLAN tag has two parts: The VLAN ID (12-bit) and<br />
User Priority (3-bit). The User Priority field was never defined in the VLAN<br />
standard. The 802.1p implementation defines this prioritization field.<br />
Switches, routers, servers, even desktop systems, can set these priority bits in the<br />
three-bit User Priority field, which allows packets to be grouped into various traffic<br />
classes.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 37<br />
On the AT-RG613, AT-RG623 and AT-RG656 residential gateway, traffic is<br />
prioritized into two egress queues, high priority and low priority, according the<br />
following logic:<br />
• if the received frames are tagged, the User Priority field in the TAG header is<br />
compared with an internal value in the switch called the Base Priority:<br />
• if the received priority value is equal to or greater than the switch Base Priority,<br />
the frames are sent to the high priority egress queue, otherwise frames are sent to<br />
low priority egress queue.<br />
• if the received frames are untagged, the Default Priority value of the egress port is<br />
compared with the switch Base Priority:<br />
• if port Default Priority is equal or greater than switch Base Priority, the frames are<br />
sent to the high priority egress queue, otherwise frames are sent to low priority<br />
egress queue<br />
If the egress port is tagged, the Default Priority value of that port is assigned to the<br />
User Priority field in the outgoing frames.<br />
To show the current switch Base Priority and port Default Priority values, use the<br />
SWITCH SHOW and SWITCH SHOW PORT commands, respectively.<br />
To change the switch Base Priority and port Default Priority use the SWITCH SET<br />
PRIORITY and SWITCH SET PORT commands, respectively.<br />
Differentiated Services Code Point (DSCP)<br />
The DSCP octet in the IP header classifies the packet service level.<br />
The DSCP replaces the ToS Octet in the Ipv4 header (see Figure 1).<br />
Currently, only the first six bits are used. Two bits of the DSCP are reserved for<br />
future definitions. This allows up to 64 different classifications for service levels.<br />
On the AT-RG613, AT-RG623 and AT-RG656 Residential Gateway it is possible to<br />
assign frames to two different egress priority queues, high priority and low priority,<br />
according to the DSCP value in the IP header of the received frames.<br />
To show the current DSCP priority scheme, use the SWITCH SHOW QOS<br />
command.<br />
To change the current DSCP priority scheme, use the SWITCH SET QOS command.
38 Chapter 2 – Switch<br />
7 octects<br />
PREAMBLE<br />
MAC Header<br />
1 octects<br />
START FRAME DELIMITER<br />
6 octects<br />
DESTINATION ADDRESS<br />
6 octects<br />
SOURCE ADDRESS<br />
1 0 0 0 0 0 0 1<br />
2 octects<br />
2 octects<br />
LENGTH/TYPE = 802.1QTagType<br />
TAG CONTROL INFORMATION<br />
0 0 0 0 0 0 0 0<br />
user priority CFI<br />
TAG<br />
header<br />
2 octects<br />
MAC CLIENT LENGTH/TYPE<br />
VLAN identifier VID (12 bit)<br />
IP Header<br />
IP Header<br />
Version<br />
IHL<br />
42 - 1500<br />
octects<br />
precedence D T R M 0<br />
TOS<br />
IP Payload<br />
Total Length<br />
4 octects<br />
FRAME CHECK SEQUENCE<br />
Identification<br />
flags<br />
fragment offset<br />
TTL<br />
Protocol<br />
Header Checksum<br />
Protocol<br />
Source IP Address<br />
Destination IP Address<br />
Figure 1. IP Packet overview.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 39<br />
Switch Command <strong>Reference</strong><br />
This section describes the commands available on the Residential Gateway to<br />
configure and manage switch ports and the address look up table.<br />
switch CLI commands<br />
The table below lists the switch commands provided by the CLI:<br />
Command<br />
SWITCH DISABLE AGEINGTIMER<br />
SWITCH DISABLE LEARNING<br />
SWITCH DISABLE PORT<br />
SWITCH ENABLE AGEINGTIMER<br />
SWITCH ENABLE LEARNING<br />
SWITCH ENABLE PORT<br />
SWITCH RESET<br />
SWITCH SET PORT<br />
SWITCH SET PRIORITY<br />
SWITCH SET QOS<br />
SWITCH SET ROUTING-LIMIT<br />
SWITCH SHOW<br />
SWITCH SHOW FDB<br />
SWITCH SHOW PORT<br />
SWITCH SHOW QOS<br />
SWITCH DISABLE AGEINGTIMER<br />
Syntax SWITCH DISABLE AGEINGTIMER<br />
Description This command stops the aging timer used by the look up engine to remove expired<br />
fdb entries.<br />
If the ageing timer is disabled, the look up entries in the fdb are kept permanently<br />
until the SWITCH ENABLE AGEINGTIMER command entered or the switch is<br />
reset.<br />
To show the current switch status, use the SWITCH SHOW command.<br />
Example --> switch disable ageingtimer<br />
See also SWITCH ENABLE AGEINGTIMER<br />
SWITCH SHOW
40 Chapter 2 – Switch<br />
SWITCH DISABLE LEARNING<br />
Syntax SWITCH DISABLE LEARNING<br />
Description This command stops the learning engine used to update the look up table when<br />
frame are received from new Source Addresses.<br />
To restore the learning process, use the SWITCH ENABLE LEARNING command.<br />
To show the current switch status, use the SWITCH SHOW command.<br />
Example --> switch disable learning<br />
See also SWITCH ENABLE LEARNING<br />
SWITCH SHOW<br />
SWITCH DISABLE PORT<br />
Syntax SWITCH DISABLE PORT [FLOW JAMMING]<br />
Description This command disables the selected switch port, or disables a flow control<br />
mechanism on the port.<br />
If jamming is specified, the jamming signal used for flow control on half duplex<br />
ports will be disabled.<br />
To show the current port status, use the SWITCH SHOW PORT command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
port-name<br />
One of the switch ports to be disabled.<br />
Available ports are:<br />
• wan<br />
• lan1<br />
• lan2<br />
• lan3<br />
N/A<br />
Example --> switch disable port lan1<br />
See also SWITCH ENABLE PORT<br />
SWITCH SHOW PORT<br />
SWITCH ENABLE AGEINGTIMER<br />
Syntax SWITCH ENABLE AGEINGTIMER<br />
Description This command restarts the aging timer used by the look up engine to update the<br />
aging of fdb entries.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 41<br />
To show the current switch status, use the SWITCH SHOW command.<br />
Example --> switch enable ageingtimer<br />
See also SWITCH DISABLE AGEINGTIMER<br />
SWITCH SHOW<br />
SWITCH ENABLE LEARNING<br />
Syntax SWITCH ENABLE LEARNING<br />
Description This command restarts the learning process used by the look up engine to update<br />
the fdb when frames from new addresses are received.<br />
To show the current switch status, use the SWITCH SHOW command.<br />
Example --> switch enable learning<br />
See also SWITCH DISABLE LEARNING<br />
SWITCH SHOW<br />
SWITCH ENABLE PORT<br />
Syntax SWITCH ENABLE PORT [FLOW JAMMING]<br />
Description This command enables the selected switch port.<br />
If jamming is specified, flow control on half duplex ports is enabled.<br />
To show the current port status, use the SWITCH SHOW PORT command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
port-name<br />
One of the switch ports to be enabled.<br />
Available ports are:<br />
• wan<br />
• lan1<br />
• lan2<br />
• lan3<br />
N/A<br />
Example --> switch enable port lan1<br />
See also SWITCH DISABLE PORT<br />
SWITCH SHOW PORT<br />
SWITCH RESET<br />
Syntax SWITCH RESET [PORT [COUNTERS]]
42 Chapter 2 – Switch<br />
Description This command completely resets the switch or resets and individual switch port if a<br />
port is specified.<br />
If no port is specified, all internal switch counters are reset and fdb entries removed.<br />
If a port is specified, only the selected port is reset without removing any fdb<br />
entries. Itʹs possible to specify the resetting of just the counters associated with a<br />
port. In this case the physical layer is not reset and no link interruption occurs.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
port-name<br />
One of the switch ports to be reset.<br />
Available ports are:<br />
• wan<br />
• lan1<br />
• lan2<br />
• lan3<br />
N/A<br />
Example --> switch reset<br />
--> switch reset port wan<br />
See also SWITCH SHOW<br />
SWITCH SHOW PORT<br />
SWITCH SET AGEINGTIMER<br />
Syntax SWITCH SET AGEINGTIMER {FAST | NORMAL}<br />
Description This command sets the threshold value of the ageing timer, after which an<br />
unrefreshed dynamic entry in the Forwarding Database is automatically removed.<br />
FAST sets the aging timer to 800 µSec., while NORMAL sets the aging timer to 300 Sec.<br />
Example - -> switch set ageingtimer fast<br />
SWITCH SET PORT<br />
Syntax SWITCH SET PORT { BROADCASTLIMIT < broadcast-multicast-limit ><br />
|DEFAULTPRIORITY | DEFAULTVID INFILTERING<br />
{OFF | ON} | MULTICASTLIMIT | NOQOS | QOS<br />
|RCVLIMIT | TRSLIMIT | SPEED {100MFULL | 100MHALF |<br />
10MFULL | 10MHALF | AUTONEGOTIATE} }<br />
Description This command modifies the values of parameters for switch ports.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 43<br />
Option Description Default Value<br />
port-name<br />
default-priority<br />
vlanID<br />
broadcastmulticast-limit<br />
BROADCASTLI<br />
MIT<br />
MULTICASTLI<br />
MIT<br />
One of the switch ports to be configured.<br />
Available ports are:<br />
• wan<br />
• lan1<br />
• lan2<br />
• lan3<br />
The priority value associated with the port.<br />
If the port is set to receive untagged frames,<br />
then if the port Default Priority is equal or<br />
greater than switch Base Priority, the frames<br />
are sent to the high priority egress queue,<br />
otherwise frames are sent to low priority<br />
egress queue.<br />
Available values are from 0 to 7.<br />
The VLANID parameter specifies a VLAN<br />
Identifier (VID). When the infiltering is set<br />
to off the untagged packets are forwarded<br />
to the VLAN identified by this parameter.<br />
The admitted rate for broadcast or multicast<br />
frames. The rate is expressed in percent of<br />
max possible bandwidth on the specified<br />
port. If rcvlimit has been set on port, all<br />
percentages are related to rcvlimit<br />
bandwidth. Possible values are:<br />
• 20%<br />
• 10%<br />
• 5%<br />
• 3.3%<br />
• none<br />
When both broadcast and multicast limit<br />
are enabled the admitted rate is the same<br />
for both the filter.(Available only on AT-<br />
RG656 platform)<br />
The broadcastlimit parameter enables or<br />
disables a filter on broadcast frames<br />
admitted on the specified ports.<br />
When both broadcast and multicast limit<br />
are enabled the admitted rate is the same<br />
for both the filter.<br />
(Available only on AT-RG656 platform)<br />
The multicastlimit parameter enables or<br />
disables a filter on multicast frames<br />
admitted on the specified ports.<br />
When both broadcast and multicast limit<br />
are enabled the admitted rate is the same<br />
for both the filter.<br />
N/A<br />
0<br />
1<br />
N/A<br />
N/A<br />
N/A
44 Chapter 2 – Switch<br />
(Available only on AT-RG656 platform)<br />
INFILTERING<br />
The infiltering parameter enables or<br />
disables Ingress Filtering of frames<br />
admitted on the specified ports. Each port<br />
on the switch belongs to one or more<br />
VLANs.<br />
If INFILTERING is Enabled then tagged<br />
packets arriving at the port will only be<br />
admitted if the VID in the packet’s tag is<br />
equal to the VID of one of the VLANs that<br />
the port is a member of.<br />
N/A<br />
Untagged frames are also admitted if the<br />
port in an untagged member of some<br />
VLAN.<br />
If OFF is specified, Ingress Filtering is<br />
disabled, and no frames are discarded by<br />
this part of the Ingress Rules.<br />
NOQOS Disable 802.1p priority scheme. N/A<br />
QOS Enable 802.1p priority scheme. N/A<br />
RCVLIMIT<br />
TRSLIMIT<br />
speed<br />
The rcvlimit parameter specifies a rate<br />
limiting on reception bandwith for the port.<br />
The value of represents kbit per<br />
second reception rate above which the<br />
incoming data will be discarded.<br />
If the none or 0 is specified, then rate<br />
limiting is turned off.<br />
If any other is specified, the<br />
reception of frames will be limited to that<br />
bandwidth.<br />
The trslimit parameter specifies a rate<br />
limiting on transmission bandwith for the<br />
port. The value of represents kbit<br />
per second transmission rate above which<br />
the outgoing data will be discarded.<br />
If the none or 0 is specified, then rate<br />
limiting is turned off.<br />
If any other is specified, the<br />
transmission of frames will be limited to<br />
that bandwidth.<br />
The speed parameter specifies the<br />
configured line speed and duplex mode of<br />
the port.<br />
If autonegotiate is specified, the port will<br />
autonegotiate the line speed and duplex<br />
mode with the device attached to the port.<br />
If any other option is specified, the port will<br />
be forced to the speed and duplex mode<br />
0<br />
autonegotiate
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 45<br />
given.<br />
Examples To limit port reception rate to 10000 kbps, use the command:<br />
--> switch set port wan rcvlimit 10000<br />
To limit broadcast traffic only to 3.3% of port bandwidth, use the command:<br />
--> switch set port wan broadcastlimit 3.3%<br />
SWITCH SET PRIORITY<br />
Syntax SWITCH SET PRIORITY <br />
Description This command sets the switch base priority.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
802.1p_base_priority<br />
The system priority value. Available<br />
values are from 0 to 7.<br />
4<br />
Example --> switch set priority 7<br />
SWITCH SET QOS<br />
Syntax SWITCH SET QOS PRIORITY {HIGH | LOW}<br />
Description This command maps the priority levels for Quality of Service.<br />
The six bit TOS field in the IP header is decoded as 64 entries and for each one it is<br />
possible to specify the priority.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
dscpcode<br />
dscpcode-list is a comma-separate list of<br />
numbers in the range 0-63 which represent<br />
the DSCP (Differentiated Service Code<br />
Point) value in the most significant 6 bits of<br />
the TOS field in IPv4 header.<br />
N/A<br />
Example To set the high priority for DSCP values 24 and 37, use the command:
46 Chapter 2 – Switch<br />
--> switch set qos 24,37 priority high<br />
SWITCH SET ROUTING-LIMIT<br />
Syntax SWITCH SET ROUTING-LIMIT <br />
Description This command set the maximum number of frame per seconds that the layer2<br />
switch forward to the Residential Gateway network processor for routing purposes.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
limit<br />
Itʹs the traffic maximum rate (frame per<br />
seconds) sent to the network processor.<br />
Available values are:<br />
1.0Kfps<br />
1.5Kfps<br />
2.0Kfps<br />
2.5Kfps<br />
3.0Kfps<br />
3.5Kfps<br />
4.0Kfps<br />
4.5Kfps<br />
5.0Kfps<br />
5.5Kfps<br />
6.0Kfps<br />
none<br />
None equals disable the routing limit.<br />
none<br />
Example<br />
--> switch set routing-limit 6.0kfps<br />
SWITCH SHOW<br />
Syntax SWITCH SHOW<br />
Description This command shows the following switch parameters:<br />
Switch address The MAC address of the switch; it is used as the source<br />
address in pause control frames.<br />
Learning<br />
Ageing timer<br />
Ageing time<br />
Whether or not the switch’s dynamic learning and<br />
updating of the Forwarding Database is enabled.<br />
Whether or not the ageing timer is enabled.<br />
The value of the ageing timer, after which a dynamic entry<br />
is removed from the Forwarding Database.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 47<br />
UpTime<br />
Base Priority<br />
Routing-limit<br />
The time in hours:minutes:seconds since the switch was<br />
last powered up, rebooted, or restarted.<br />
The bottom end of the range of priority values assigned to<br />
the high priority egress queue.<br />
The maximum number of frame per sencond that the<br />
switch forwards to the processor.<br />
Example --> switch show<br />
Switch configuration<br />
------------------------------------------------------------------------<br />
Switch address<br />
10-20-30-40-50-6f<br />
Learning<br />
ON<br />
Ageing timer<br />
ON<br />
Ageing time 300 Sec. (NORMAL)<br />
UpTime 00:41:28<br />
802.1p Base Priority 4<br />
Routing-limit<br />
none<br />
------------------------------------------------------------------------<br />
See also SWITCH SHOW PORT<br />
SWITCH SHOW FDB<br />
Syntax SWITCH SHOW FDB [{ADDRESS | PORT | VLAN }]<br />
Description This command displays the contents of the Forwarding Database relevant to the<br />
port or the mac address or the vlan specified.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
macadd<br />
port-name<br />
The ADDRESS parameter specifies the MAC<br />
address of the device for which the contents<br />
of the Forwarding Database are to be<br />
displayed.<br />
One of the switch ports. The PORT<br />
parameter specifies that only those entries<br />
in the Forwarding Database which were<br />
learned from the specified port are to be<br />
displayed.<br />
Available ports are:<br />
• wan<br />
• lan1<br />
• lan2<br />
• lan3<br />
N/A<br />
N/A
48 Chapter 2 – Switch<br />
vlanname<br />
The VLAN parameter specifies the VLAN<br />
identifier of the VLAN for which the<br />
contents of the Forwarding Database are to<br />
be displayed.<br />
N/A<br />
Examples To display all the fdb content:<br />
--> switch show fdb<br />
Switch Forwarding Database<br />
--------------------------------------------------------------------------<br />
VLAN MAC address Port Status<br />
--------------------------------------------------------------------------<br />
1 00-00-cd-08-25-30 wan Dynamic<br />
1 00-05-b7-00-0f-5e wan Dynamic<br />
1 00-30-84-25-77-3e wan Dynamic<br />
10 00-30-84-ee-40-60 lan1 Dynamic<br />
10 00-30-84-ee-40-83 lan1 Dynamic<br />
20 00-90-fb-07-9d-c9 lan2 Dynamic<br />
30 00-a0-d2-18-49-fa lan3 Dynamic<br />
30 00-c0-b7-a3-d0-40 lan3 Dynamic<br />
--------------------------------------------------------------------------<br />
To display only the fdb content related to a specific MAC address:<br />
--> switch show fdb address 00-05-b7-00-0f-5e<br />
Switch Forwarding Database<br />
--------------------------------------------------------------------------<br />
VLAN MAC address Port Status<br />
--------------------------------------------------------------------------<br />
1 00-05-b7-00-0f-5e wan Dynamic<br />
--------------------------------------------------------------------------<br />
To display only the fdb content related to a specific switch port:<br />
--> switch show fdb port lan1<br />
Switch Forwarding Database<br />
---------------------------------------------------------------------------<br />
VLAN MAC address Port Status<br />
---------------------------------------------------------------------------<br />
10 00-30-84-ee-40-60 lan1 Dynamic<br />
10 00-30-84-ee-40-83 lan1 Dynamic<br />
To display only the fdb content related to a specific VLAN:<br />
--> switch show fdb vlan 30<br />
Switch Forwarding Database<br />
---------------------------------------------------------------------------<br />
VLAN MAC address Port Status<br />
---------------------------------------------------------------------------<br />
30 00-a0-d2-18-49-fa lan3 Dynamic<br />
30 00-c0-b7-a3-d0-40 lan3 Dynamic
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 49<br />
SWITCH SHOW PORT<br />
Syntax SWITCH SHOW PORT [COUNTERS]<br />
Description This command displays general information about the specified switch port.<br />
Port<br />
Port reference.<br />
Status The admin status of the port; one of<br />
“ENABLED” or “DISABLED”.<br />
Link state<br />
Uptime<br />
Port media type<br />
Configured speed/duplex<br />
Acceptable frame type<br />
Broadcast rate limit<br />
Multicast rate limit<br />
Receive rate limit<br />
Current learned, lock state<br />
Enabled flow control(s)<br />
The link state of the port, one of “Up” or<br />
“Down”.<br />
The count in hours:minutes:seconds of the<br />
elapsed time since the port was last reset or<br />
initialised.<br />
The MAC entity type.<br />
The port speed and duplex mode configured<br />
for this port. One of “Autonegotiate” or a<br />
combination of a speed (one of “10 Mbps” or<br />
“100 Mbps”) and a duplex mode (one of “half<br />
duplex” or “full duplex”).<br />
The maximum acceptable frame size.<br />
The limit of the rate of reception of broadcast<br />
frames for this port, in frames per second.<br />
The limit of the rate of reception of multicast<br />
frames for this port, in frames per second.<br />
The limit of the rate of reception of unicast<br />
frames for this port, in kbit per second.<br />
The number of MAC addresses currently<br />
learned on this port and the state of locking for<br />
this port. The lock state is one of “not locked”,<br />
locked by limit” or “locked by command”.<br />
Flow control parameters set for the port; zero,<br />
one or two of “Jamming” and “Pause”. If flow<br />
control is implemented on the switch, then this<br />
kind of flow control is applied to the port.<br />
Send tagged pkts for VLAN(s) The name and VLAN Identifier (VID) of the<br />
tagged VLAN(s), if any, to which the port<br />
belongs.<br />
Port based VLAN<br />
Ingress filtering<br />
The name and VLAN Identifier (VID) of the<br />
port-based VLAN to which the port belongs.<br />
The state of Ingress Filtering: one of “on” or<br />
ʺoffʺ<br />
802.1p Default Priority The current value set for Default Priority.
50 Chapter 2 – Switch<br />
802.1p Priority The current status for Default Priority: one of<br />
“on” or ʺoffʺ<br />
Default Vlan Id<br />
The current value set for Default Vlan ID<br />
(Displaied only on AT-RG656 platform)<br />
If the counters parameter is specified the following information are reported:<br />
• Combined receive/transmit packets by size (octets) counter<br />
packets size
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 51<br />
Pkts<br />
MulticastPkts<br />
BroadcastPkts<br />
PauseMACctlFrms<br />
FrameWDeferrdTx<br />
SingleCollsnFrm<br />
MultCollsnFrm<br />
LateCollsns<br />
The number of packets.<br />
The number of multicast packets.<br />
The number of broadcast packets.<br />
The number of PAUSE MAC Control frames.<br />
The number of frames deferred once before<br />
successful transmission.<br />
The number of frames which experienced<br />
exactlyone collision.<br />
The number of frames which experienced 2 to<br />
15 collisions (including late collisions).<br />
The number of frames which experienced late<br />
collisions.<br />
ExcessivCollsns The number of frames aborted before<br />
transmission after 16 collisions.<br />
CollisionFrms<br />
• Miscellaneous Counters<br />
DropEvents<br />
Total number of collisions.<br />
The number of packets discarded at ingress<br />
port.<br />
totalPktTxAbort The number of packets aborted during<br />
transmission.<br />
Examples --> switch show port wan<br />
Switch Port information<br />
--------------------------------------------------------------------------<br />
Port: wan<br />
Status<br />
Enabled<br />
Link state<br />
Up<br />
UpTime 00:29:38<br />
Port media type<br />
ISO8802-3 CSMACD<br />
Configured speed/duplex<br />
Autonegotiate<br />
Actual speed/duplex -<br />
Acceptable frame type<br />
packet sizes up to 1536 bytes<br />
(inclusive)<br />
Broadcast rate limit -<br />
Multicast rate limit -<br />
Receive rate limit -<br />
Current learned, lock state 10, not locked<br />
Enabled flow control(s)<br />
Pause<br />
Send tagged pkts for VLAN(s) -<br />
Port based VLAN default (1)<br />
Ingress filtering<br />
ON<br />
802.1p Default Priority 0<br />
802.1p Priority Disabled<br />
Default Vlan Id 1<br />
--------------------------------------------------------------------------
52 Chapter 2 – Switch<br />
--> switch show port wan counters<br />
Switch Counter<br />
--------------------------------------------------------------------------<br />
Port: wan<br />
Received packets by size (octets) counters:<br />
64 1668 256 - 511 31<br />
65 - 127 1119 512 - 1023 26<br />
128 - 255 777 1024 - 1522 6<br />
General Counters:<br />
Receive:<br />
Transmit:<br />
Octets 377801 Octets 1108<br />
Pkts 3627 Pkts 17<br />
FCSerrors 0 MulticastPkts 0<br />
MulticastPkts 7 BroadcastPkts 0<br />
BroadcastPkts 1377 PauseMACctlFrms 0<br />
PauseMACctlFrms 0 FrameWDeferrdTx 0<br />
OversizePkts 0 SingleCollsnFrm 0<br />
Fragments 0 MultiCollsnFrm 0<br />
Jabbers 0 LateCollsns 0<br />
MACControlFrms 0 ExcessivCollsns 0<br />
UnsupportCode - CollisionFrames 0<br />
AlignmentErrors 0<br />
SymErDurCarrier 0<br />
UndersizePkts 0<br />
Miscellaneous Counters:<br />
DropEvents 0<br />
totalPktTxAbort 0<br />
--------------------------------------------------------------------------<br />
SWITCH SHOW QOS<br />
Syntax SWITCH SHOW QOS<br />
Description This command displays the current mapping of user priority level to QOS egress<br />
queue for the switch.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 53<br />
Chapter 3<br />
VLAN<br />
INTRODUCTION<br />
VLAN is a networking technology that allows networks to be segmented logically<br />
without having to be physically rewired.<br />
Many Ethernet switches support virtual LAN (VLAN) technologies. By replacing<br />
hubs with VLAN switches, the network administrator can create a virtual network<br />
within existing network. With VLAN, the network logical topology is independent<br />
of the physical topology of the wiring. Each computer can be assigned a VLAN<br />
identification number (ID), and computers with the same VLAN ID can act and<br />
function as though they are all on the same physical network.<br />
So, the traffic on a VLAN is isolated and thus all communications remain within the<br />
VLAN. The assignment of VLAN IDs is done by the switches and can be managed<br />
remotely using network management software.<br />
VLAN switches can function in different ways. They can be switched at the datalink<br />
layer (layer 2 of the Open Systems Interconnection reference model) or the<br />
network layer (layer 3), depending on the type of switching technology used. The<br />
main advantage of using VLAN technologies is that users can be grouped together<br />
according to their need for network communication, regardless of their actual<br />
physical locations. This isolation will help to reduce unnecessary traffic so better<br />
network performance. The disadvantage is that additional configuration is required<br />
to set up and establish the VLANs when implementing these switches.<br />
VLAN TAGGING<br />
VLAN technology introduces the following three basic types of frame:<br />
• Untagged frames<br />
• Priority-tagged frames<br />
• VLAN-tagged frames
54 Chapter 3 – VLAN<br />
An untagged frame or a priority-tagged frame does not carry any identification of the<br />
VLAN to which it belongs. Such frames are classified as belonging to a particular<br />
VLAN based on parameters associated with the receiving port.<br />
This classification mechanism requires the association of a specific VLAN ID, the<br />
Port VLAN Identifier, or PVID, with each of the switch ports.<br />
The PVID for a given port provides the VID for untagged and priority-tagged<br />
frames received through that port. The PVID for each port shall contain a valid VID<br />
value, and shall not contain the value of the null VLAN ID (see Table 3).<br />
A VLAN-tagged frame carries an explicit identification of the VLAN to which it<br />
belongs; i.e., it carries a non-null VID. Such a frame is classified as belonging to a<br />
particular VLAN based on the value of the VID that is included in the tag header.<br />
The presence of a tag header carrying a non-null VID means that some other device,<br />
either the originator of the frame or a VLAN-aware switch, has mapped this frame<br />
into a VLAN and has inserted the appropriate VID.<br />
Tagging of frames is performed for the following purposes:<br />
• To allow user priority information to be added to frames carried on IEEE 802<br />
LAN MAC types that have no inherent ability to signal priority information at the<br />
MAC protocol level;<br />
• To allow a frame to carry a VID;<br />
• To allow the frame to indicate the format of MAC Address information carried in<br />
MAC user data;<br />
• To allow VLANs to be supported across different MAC types.<br />
Tagging a frame requires:<br />
• The addition of a tag header to the frame. This header is inserted immediately<br />
following the destination MAC Address and source MAC Address fields of the<br />
frame to be transmitted;<br />
• Recomputation of the Frame Check Sequence (FCS).<br />
When relaying a tagged frame between 802.3/Ethernet MACs, a switch may adjust<br />
the PAD field such that the minimum size of a transmitted tagged frame is 68 octets.<br />
7 octects<br />
PREAMBLE<br />
1 octects<br />
START FRAME DELIMITER<br />
6 octects<br />
DESTINATION ADDRESS<br />
6 octects<br />
SOURCE ADDRESS<br />
1 0 0 0 0 0 0 1<br />
2 octects<br />
2 octects<br />
LENGTH/TYPE = 802.1QTagType<br />
TAG CONTROL INFORMATION<br />
0 0 0 0 0 0 0 0<br />
user priority CFI<br />
TAG<br />
header<br />
2 octects<br />
MAC CLIENT LENGTH/TYPE<br />
VLAN identifier VID (12 bit)<br />
42 - 1500<br />
octects<br />
MAC CLIENT DATA<br />
PAD<br />
4 octects<br />
FRAME CHECK SEQUENCE<br />
Figure 2. Tagged frame format according to IEEE 802.3ac standard.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 55<br />
The tag header carries the following information (see Figure 2):<br />
• The Tag Protocol Identifier (TPID) carrying an Ethernet Type value<br />
(802.1QTagType), which identifies the frame as a tagged frame. The value of<br />
802.1QTagType is 81-00<br />
• Tag Control Information (TCI). The TCI field is two octets in length, and contains<br />
user priority, CFI and VID (VLAN Identifier) fields. Figure ... illustrates the<br />
structure of the TCI field:<br />
• User priority. The user priority field is three bits in length, interpreted as a<br />
binary number. The user priority is therefore capable of representing eight<br />
priority levels, 0 through 7. This field allows the tagged frame to carry user<br />
priority information across Bridged LANs in which individual LAN<br />
segments may be unable to signal priority.<br />
• Canonical Format Indicator (CFI). The Canonical Format Indicator (CFI) is a<br />
single bit flag value. CFI reset indicates that all MAC Address information<br />
that may be present in the MAC data carried by the frame is in Canonical<br />
format.<br />
• The meaning of the CFI when set depends upon the variant of the tag<br />
header in which it appears.<br />
• In an Ethernet-encoded tag header, transmitted using 802.3/Ethernet MAC<br />
methods, CFI has the following meanings:<br />
• When set, indicates that the E-RIF field is present in the tag header,<br />
and that the NCFI bit in the RIF determines whether MAC Address<br />
information that may be present in the MAC data carried by the<br />
frame is in Canonical (C) or Non-canonical (N) format;<br />
• When reset, indicates that the E-RIF field is not present in the tag<br />
header, and that all MAC Address information that may be present<br />
in the MAC data carried by the frame is in Canonical format (C).<br />
• VLAN Identifier (VID). The twelve-bit VLAN Identifier field uniquely identifies<br />
the VLAN to which the frame belongs. The VID is encoded as an unsigned binary<br />
number. Table 3. Reserved VID values. identifies values of the VID field that have<br />
specific meanings or uses; the remaining values of VID are available for general<br />
use as VLAN identifiers.<br />
A priority-tagged frame is a tagged frame whose tag header contains a VID value<br />
equal to the null VLAN ID.<br />
VID value<br />
(hexadecimal)<br />
0<br />
1<br />
Meaning/Use<br />
The null VLAN ID. Indicates that the tag header contains only<br />
user priority information; no VLAN identifier is present in the<br />
frame. This VID value shall not be configured as a PVID,<br />
configured in any Filtering Database entry, or used in any<br />
Management operation.<br />
The default PVID value used for classifying frames on ingress<br />
through a switch port. The PVID value can be changed by<br />
management on a per-port basis.
56 Chapter 3 – VLAN<br />
FFF<br />
Reserved for implementation use. This VID value shall not be<br />
configured as a PVID, configured in any Filtering Database<br />
entry, used in any Management operation, or transmitted in a<br />
tag header.<br />
Table 3. Reserved VID values.<br />
VLAN SUPPORT ON AT-RG600 RESIDENTIAL GATEWAY<br />
AT-RG613, AT-RG623 and AT-RG656 Residential Gateway supports up to 16 VLAN<br />
(irrespective of whether they are carrying tagged or untagged frames)<br />
The Residential Gateway provides a 16 entry VLAN table that converts VID (12bits)<br />
to an internal value called FID (4 bits) for address look up.<br />
If a non tagged or null-VID tagged packet is received, the ingress port VID is used<br />
for look up.<br />
The look up process starts with a VLAN table look up to determine whether the VID<br />
is valid.<br />
If the VID is not valid the packet will be dropped and its address will not be<br />
learned.<br />
If the VID is valid, FID is retrieved for further look up.<br />
FID + DA is used to determine the destination port. FID + SA is used for learning<br />
purposes.<br />
VLAN definition and port tagging<br />
By default the Residential Gateway starts with only one VLAN defined with name<br />
default and VID=1.<br />
All the system ports are members of the default VLAN.<br />
Use the VLAN SHOW command to display the current VLAN status on the residential<br />
gateway.<br />
Creating and configuring a new VLAN is a two step process:<br />
• A VLAN is created with the VLAN ADD VID command, specifying a name<br />
for the VLAN and its VID value.<br />
• WAN, LAN1, LAN2 and LAN3 ports are added (if required) to the VLAN<br />
using the VLAN ADD PORT command. When a port is added itʹs necessary<br />
to specify the frame format in which packets associated with that VLAN<br />
will be transmitted from that port: untagged or tagged.<br />
Note that a physical port can be a member of one or more VLANs.<br />
• If a port is member of one VLAN only it can accept tagged or untagged frames.<br />
• If a port is member of two or more VLANs it can accept untagged frames for one<br />
VLAN only and tagged frames for the remaining VLANs; or can accept tagged<br />
frames for all the VLANs.<br />
A port can accept tagged or untagged frames on the same VLAN in a mutually<br />
exclusive way (when ingress filtering is enabled):
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 57<br />
• If a port is assigned to a VLAN as untagged, only untagged frames will be<br />
permitted<br />
• if the port is assigned to a VLAN as tagged, only tagged frames will be permitted.<br />
To change the tagged/untagged frame format of a port for a specific VLAN itʹs<br />
necessary remove the port from the VLAN with the VLAN DELETE command and<br />
then re-add the port to the VLAN with the VLAN ADD PORT command,<br />
specifying the required frame format.<br />
To remove a VLAN it is necessary to remove all ports that are members of the<br />
VLAN with the command VLAN DELETE PORT and then remove the VLAN with<br />
the command VLAN DELETE VID. The Default VLAN (VID=1) cannot be removed.<br />
When a port is removed from a VLAN and the same port is not a member of any<br />
other VLAN, the port is automatically added to the default VLAN with the<br />
untagged attribute.<br />
VLAN versus IP Interface<br />
One of the major constraints when using VLANs is that packets exchanged between<br />
hosts that are members of the same VLAN cannot be received by hosts that are<br />
members of a different VLAN.<br />
The Residential Gateway solves this limitation by offering a packet routing service<br />
between different VLANs.<br />
The routing of packets between VLANs is based on the classical layer 3 routing<br />
method as, for example, a typical router performs between IP interfaces.<br />
Based on this approach, there is the requirement that each VLAN that you wish to<br />
be involved in the routing of packets must have an associated IP interface.<br />
In this way, the Layer 3 routing process is able to treat VLAN IP interfaces as<br />
though they were distinct Ethernet ports, and route rules apply as they would for a<br />
multiport router.<br />
Each primary IP interface uses the VLAN data transport services (frame tagging and<br />
untagging and related layer 2 forwarding) as though it were an Ethernet port.<br />
For the system point of view, when a VLAN is used to support an IP interface, the<br />
VLAN becomes a transport device supporting ethernet traffic (see Figure 3).
58 Chapter 3 – VLAN<br />
IP routing<br />
IP layer<br />
IP Interface ip0<br />
IP Interface <br />
IP Interface <br />
Transport<br />
(VLAN)<br />
VLAN default<br />
VLAN <br />
VLAN <br />
Virtual port Ethernet 0<br />
Ethernet 1<br />
Ethernet 1<br />
Layer 2 switch<br />
Physical port<br />
lan1<br />
lan2<br />
lan3<br />
wan<br />
Figure 3. VLAN and IP layer architecture (the greyed area surrounds the entities<br />
always available in the system)<br />
The maximum number of primary IP interfaces that can be defined is 16 and is<br />
equal to the maximum number of VLANs that it is possible to create on the<br />
residential gateway.<br />
To create a primary IP interface and connect it to a VLAN, the following steps must<br />
be performed (see Figure 4):<br />
• Create a VLAN using the VLAN ADD VID command<br />
• Add ports to the VLAN using the VLAN ADD PORT command<br />
• Add the VLAN to the ethernet transports list using the ETHERNET ADD<br />
TRANSPORT command. This command instructs the system that a new<br />
(virtual) transport device has been added to the system.<br />
• Create an IP interface with the IP ADD INTERFACE command. This<br />
command constructs a new IP interface with the specified IP address and<br />
netmask but doesnʹt bind the IP interface to any port.<br />
• Bind the IP interface to the VLAN using the IP ATTACH TRANSPORT<br />
command.<br />
At this point the IP interface is available for any process requiring access to the IP<br />
network.<br />
When more than one IP interfaces is defined, routing between these interfaces is<br />
immediately enabled without requiring any route to be explicitly defined.<br />
By default, the Residential Gateway starts with one IP interface attached to the<br />
default VLAN in order to provide remote access to the system via telnet.<br />
The default VLAN and the IP interface attached to it cannot be removed. Itʹs<br />
possible to remove all the ports from the default VLAN if one or more other VLANs<br />
exist.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 59<br />
Default Configuration<br />
VLAN Creation<br />
IP Interface Creation<br />
VLAN Port Adding<br />
IP Interface Config.<br />
VLAN Ethernet<br />
Transport Adding<br />
IP and VLAN Attach<br />
IP Interface on VLAN<br />
Figure 4. IP interface over VLAN - basic steps
60 Chapter 3 – VLAN<br />
VLAN Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 residential Gateway to create, configure and manage VLANs.<br />
vlan CLI commands<br />
The table below lists the vlan commands provided by the CLI:<br />
Command<br />
VLAN ADD PORT<br />
VLAN ADD VID<br />
VLAN DELETE<br />
VLAN SHOW<br />
VLAN ADD PORT<br />
Syntax VLAN ADD PORT FRAME {TAGGED | UNTAGGED}<br />
Description This command adds an Ethernet port to an existing named VLAN that has been<br />
created with the command VLAN ADD VID.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
vlanname<br />
portname<br />
FRAME<br />
A name that identifies an existing VLAN.<br />
To display the existing VLANs, use the<br />
VLAN SHOW command.<br />
A name that identifies an Ethernet port.<br />
Valid port names (case insensitive) are:<br />
wan, lan1, lan2, lan3.<br />
The FRAME parameter specifies whether a<br />
VLAN tag header is included in each frame<br />
transmitted on the specified ports.<br />
• If tagged is specified, a VLAN tag is<br />
added to frames prior to transmission.<br />
The port is then called a tagged port for<br />
this VLAN.<br />
• If untagged is specified, the frame is<br />
transmitted without a VLAN tag. The<br />
port is then called an untagged port for<br />
this VLAN.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> vlan add voip port lan1 frame untagged
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 61<br />
See also VLAN SHOW<br />
VLAN ADD VID<br />
Syntax VLAN ADD VID [802.1p_priority ]<br />
Description This command defines a new VLAN which has the specified VID value.<br />
The VLAN name can be 16 characters length; it cannot start with a digit and cannot<br />
contain dots ʹ.ʹ or the slash symbols ʹ/ʹ.<br />
This command specifies also the priority value of the tagged packets that from the<br />
network processor are sent to the layer2 switch and then to the network.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
vlanname<br />
vlanID<br />
priority<br />
An arbitrary name that identifies the<br />
VLAN. The name must not be already in<br />
use for another VLAN. The VLAN name<br />
can be a maximum of 16 chars long.<br />
The VLANID parameter specifies a unique<br />
VLAN Identifier (VID) for the VLAN.<br />
• If tagged ports are added to this VLAN,<br />
the specified VID is used in the VID<br />
field of the tag in outgoing frames.<br />
• If untagged ports are added to this<br />
VLAN, the specified VID only acts as an<br />
identifier for the VLAN in the<br />
Forwarding Database.<br />
The default port based VLAN has a VID of<br />
1.<br />
Itʹs the priority value as defined in 802.1p of<br />
the tagged packets that from the Residential<br />
Gateway network processor are sent to the<br />
switch and then outside to the network.<br />
Available values are from 0 to 7.<br />
N/A<br />
N/A<br />
0<br />
Example --> vlan add voip vid 10 802.1p_priority 7<br />
See also VLAN SHOW<br />
VLAN DELETE<br />
Syntax VLAN DELETE [PORT ]<br />
Description This command deletes an existing VLAN created with the VLAN ADD VID<br />
command.
62 Chapter 3 – VLAN<br />
To completely remove a VLAN it is necessary to first remove all port members of<br />
the vlan.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
vlanname<br />
portname<br />
A name that identifies an existing VLAN.<br />
To display the existing VLANs, use the<br />
VLAN SHOW command.<br />
A name that identifies a port members of<br />
the VLAN.<br />
Valid port names (case insensitive) are:<br />
Wan, lan1, lan2, lan3.<br />
N/A<br />
N/A<br />
Example --> vlan delete voip port lan2<br />
--> vlan delete voip<br />
See also VLAN ADD PORT<br />
VLAN ADD VID<br />
VLAN SHOW<br />
VLAN SHOW<br />
Syntax VLAN SHOW<br />
Description This command display the following information about all the VLANs defined in<br />
the system:<br />
• Name<br />
• Identifier<br />
• Status<br />
The name of the VLAN.<br />
The numerical VLAN identifier of the VLAN (VID).<br />
The status of the VLAN (only static VLAN are supported)<br />
• Untagged port(s)<br />
• Tagged port(s)<br />
• 802.1p priority<br />
A list of untagged ports that belong to the VLAN.<br />
A list of tagged ports that belong to the VLAN.<br />
The value of the 802.1.p priority assigned to packets sent<br />
from the Residential Gateway processor.<br />
Example --> vlan show<br />
VLAN information<br />
---------------------------------------------<br />
Name: default<br />
Identifier 1<br />
Status<br />
static<br />
802.1p Priority 7<br />
Untagged port(s)<br />
lan3, wan<br />
Tagged port(s)<br />
cpu<br />
Name: voip<br />
Identifier 10<br />
Status<br />
static
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 63<br />
802.1p Priority 7<br />
Untagged port(s)<br />
lan2<br />
Tagged port(s)<br />
lan1<br />
---------------------------------------------<br />
See also VLAN ADD PORT<br />
VLAN ADD VID
64 Chapter 4 – Emergency<br />
Chapter 4<br />
Emergency<br />
This chapter describes the AT-RG624 and AT-RG634 emergency module to<br />
configure the system connectivity when running in recovery mode.<br />
INTRODUCTION<br />
As reported in section Error! <strong>Reference</strong> source not found. if the Residential<br />
Gateway flash file system is corrupted, the unit will start running a minimal<br />
operating system also called recovery.<br />
From the recovery mode, it’s possible load remotely the complete system<br />
application image and any additional file to recover the unit into a default system<br />
configuration fully operative.<br />
Emergency configuration<br />
Because the connectivity between the Residential Gateway and the remote network<br />
operation center can use different parameters accordingly to the customer network,<br />
it’s necessary configure accordingly the recovery mode in order to allow, when the<br />
unit is running the recovery application, remote access to be established with the<br />
Residential Gateway.<br />
The Emergency module is able to configure the following parameters that are active<br />
only when the unit is running in recovery mode:<br />
Layer 2 vlan configuration.<br />
It’s possible configure a vlan different from the default (VID=1) when recovery<br />
application is running and assign any Ethernet port to this vlan as 802.1Q tagged<br />
port. In this way it’s possible connect to the Residential Gateway also if the<br />
connection is established via a 802.1Q tagged link.<br />
To create a vlan use the command emergency create vlan and specify the vlan<br />
identifier VID value.<br />
To assign an Ethernet port to be member of the new vlan as tagged port use the<br />
command emergency add vlan port frame tagged
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 65<br />
The definition of a new vlan (different from the default) it’s necessary only if the<br />
connectivity to the residential gateway must be established via a 802.1Q tagged<br />
link. In this case the value of the 802.1Q field is equal to the vlan identifier VID<br />
specified in emergency create vlan command.<br />
If the remote connection doesn’t use tagged frames, the existing default vlan can be<br />
used. The default vlan is always defined in the system and cannot be removed.<br />
<br />
Note that if the connectivity to the residential gateway must be established via a<br />
802.1Q tagged link with VID=1 only the emergency add vlan port frame<br />
tagged command must be used. Tagged frames will use implicitly the VID=1.<br />
Layer 3 IP configuration.<br />
It’s possible configure the ip address used to connect remotely to the Residential<br />
Gateway when recovery application is running.<br />
To set a static ip address use the emergency set ipinterface ipaddress<br />
netmask command and to set the default gateway use the emergency set<br />
ipinterface gateway command.<br />
To set a dynamic ip address use the emergency set dhcp enable command.<br />
The Residential Gateway will get the ip address from an any external DHCP server<br />
as well as the interface subnet and the default gateway.<br />
<br />
Note that if no DHCP server is discovered, the Residential Gateway will use the<br />
autoip feature to assign autonomously a random ip address in the range<br />
169.254.0.0. If a DHCP server is becoming available later, the ip interface will<br />
then change the ip address to the value offered by the DHCP server.<br />
Save and activate emergency configuration.<br />
The emergency configuration data set in the previous section are not active until<br />
they are saved permanently in the Residential Gateway e2prom. Emergency<br />
configuration data are saved in an e2prom instead in the flashfs filesystem to<br />
increase the system robustness to any flashfs failure.<br />
To save emergency configuration data in e2prom use the emergency update<br />
command.<br />
Emergency configuration data are also saved in the system configuration file im.conf<br />
any time the command system configuration save is entered. In this way the<br />
information are stored in two different areas: the e2prom and the file im.conf in the<br />
main application partition.<br />
In case the system starts in recovery mode, because the main application partition is<br />
considered corrupted, only the information stored in the e2prom will be used to<br />
configure the recovery application.<br />
During normal system bootstrap initialization, the recovery configuration data<br />
stored in the im.conf file are considered the current emergency settings. This<br />
information are also stored automatically in the e2prom to be immediately active.
66 Chapter 4 – Emergency<br />
To display the active recovery configuration data use the emergency show<br />
command.<br />
To avoid any misalignment between the configuration stored in the E2PROM and<br />
the configuration reported in the im.conf file, the following situation are managed<br />
during the system bootstrap:<br />
e2prom recovery config. data<br />
<br />
im.conf recovery config. data<br />
<br />
NOT AVAILABLE<br />
AVAILABLE<br />
NOT AVAILABLE NOTE 1. NOTE 2<br />
AVAILABLE NOTE 3. NOTE 4<br />
Note 1<br />
If the system restart in recovery m ode, the recovery application will then use<br />
the default configuration data coded into the recovery application.<br />
<br />
<br />
<br />
Note 2<br />
The e2prom recovery configuration data are removed and, if the system restart<br />
in recovery m ode, the recovery application will then use the default<br />
configuration data coded into the recovery application.<br />
Note 3<br />
The im.conf recovery configuration data are copied into the e2prom. In this<br />
way, if the system restart in recovery m ode, the recovery application will then<br />
use the same configuration data reported by the im.conf recovery configuration<br />
data.<br />
Note 4<br />
The im.conf recovery configuration data are copied into the e2prom overriding<br />
any previous configuration eventually present in the e2prom. In this way, if the<br />
system restart in recovery m ode, the recovery application will then use the<br />
same configuration data reported by the im.conf recovery configuration data.<br />
Emergency command reference<br />
This chapter describes the Emergency CLI module commands.<br />
Emergency CLI commands<br />
The table below lists the Emergency commands provided by the CLI:
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 67<br />
COMMANDS<br />
EMERGENCY ADD<br />
EMERGENCY CREATE<br />
EMERGENCY DELETE<br />
EMERGENCY SET DHCP<br />
EMERGENCY SET IPINTERFACE GATEWAY<br />
EMERGENCY SET IPINTERFACE IPADDRESS<br />
EMERGENCY SHOW<br />
EMERGENCY UPDATE<br />
Table 4 – Emergency commands provided by the CLI<br />
EMERGENCY ADD<br />
Syntax<br />
EMERGENCY ADD VLAN PORT FRAME TAGGED<br />
Description<br />
This command add and tag an Ethernet port to the specified vlan. The vlan must<br />
be already defined in the Emergency module using the EMERGENCY CREATE<br />
VLAN command.<br />
Options<br />
The following table gives the range of values for each option that can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default value<br />
vlan_id<br />
port_name<br />
The vlan identifier (VID) previously<br />
created with the EMERGENCY<br />
CREATE VLAN command. To display<br />
the existing vlan, use the EMERGENCY<br />
SHOW command.<br />
The name of an Ethernet port. Available<br />
values are: lan1, lan2, lan3 and lan4.<br />
N/A<br />
N/A<br />
Example<br />
emergency add vlan 2 port lan4 frame tagged<br />
See also<br />
EMERGENCY CREATE<br />
EMERGENCY SHOW<br />
EMERGENCY UPDATE<br />
EMERGENCY CREATE<br />
Syntax<br />
EMERGENCY CREATE LAN <br />
Description<br />
This command define a new vlan on which will be attached the ip interface used to<br />
reach the system when running in recovery mode. Creating a new vlan requires
68 Chapter 4 – Emergency<br />
also the difinition of which Ethernet port must be tagged for this vlan. To add an<br />
Ethernet port to the new vlan, use the EMERGENCY ADD command.<br />
Options<br />
The following table gives the range of values for each option that can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default value<br />
vlan_id<br />
The vlan identifier (VID) of the new<br />
vlan to be created. Only tagged frame<br />
with this VID will be processed by the<br />
upper layer (IP layer) when recovery<br />
application runs.<br />
N/A<br />
Example emergency create vlan 2<br />
See also<br />
EMERGENCY ADD<br />
EMERGENCY SHOW<br />
EMERGENCY UPDATE<br />
EMERGENCY DELETE<br />
Syntax EMERGENCY DELETE VLAN [ PORT ]<br />
Description<br />
This command is used to delete an Ethernet port from a previously created vlan<br />
and delete any vlan different from the default. It’s not possible delete a vlan if an<br />
Ethernet port ia assigned to this vlan as tagged port. In this case it’s necessary<br />
delete first the Ethernet port with the command EMERGENCY DELETE VLAN<br />
PORT and then remove the vlan with the command EMERGENCY DELETE<br />
VLAN.<br />
Options<br />
The following table gives the range of values for each option that can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default value<br />
vlan_id<br />
port_name<br />
The vlan identifier (VID) of the vlan<br />
used when recovery application runs.<br />
The name of an Ethernet port. Available<br />
values are: lan1, lan2, lan3 and lan4. To<br />
display the current tagged port<br />
configured in the emergency module,<br />
use the EMERGENCY SHOW<br />
command.<br />
N/A<br />
N/A<br />
Example<br />
emergency delete vlan 2 port lan4
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 69<br />
emergency delete vlan 2<br />
See also<br />
EMERGENCY ADD<br />
EMERGENCY SHOW<br />
EMERGENCY UPDATE<br />
EMERGENCY SET DHCP<br />
Syntax EMERGENCY SET DHCP { ENABLE | DISABLE }<br />
Description<br />
This command is used to set the ip interface address used when the system runs in<br />
recovery mode to be dynamic or static. If the interface is set statically and no<br />
ipaddress is set with the command EMERGENCY SET IPINTERFACE command,<br />
the recovery default ip address 192.168.1.1/24 will be used.<br />
Options<br />
The following table gives the range of values for each option that can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default value<br />
ENABLE<br />
DISABLE<br />
Set the recovery ip interface address<br />
dynamically. If no DHCP server is<br />
available or cannot be reached, the ip<br />
address will get an autoip address in<br />
the subnet 169.254.0.0.<br />
Turn off the dhcpclient on the recovery<br />
ip interface.<br />
N/A<br />
N/A<br />
Example<br />
emergency set dhcp enable<br />
See also<br />
EMERGENCY SET IPINTERFACE IPADDRESS<br />
EMERGENCY SHOW<br />
EMERGENCY UPDATE<br />
EMERGENCY SET IPINTERFACE GATEWAY<br />
Syntax<br />
EMERGENCY SET IPINTERFACE GATEWAY <br />
Description<br />
This command set the default gateway ip address to be used when the system runs<br />
in recovery mode.<br />
Options<br />
The following table gives the range of values for each option that can be specified<br />
with this command and a default value (if applicable).
70 Chapter 4 – Emergency<br />
Option Description Default value<br />
ip_address<br />
The default gateway ipaddress in IPv4<br />
format (e.g. 192.168.1.254)<br />
N/A<br />
Example emergency set ipinterface gateway 192.168.1.254<br />
See also<br />
EMERGENCY SET IPINTERFACE<br />
EMERGENCY SHOW<br />
EMERGENCY UPDATE<br />
EMERGENCY SET IPINTERFACE IPADDRESS<br />
Syntax<br />
EMERGENCY SET IPINTERFACE IPADDRESS NETMASK <br />
Description<br />
This command set the ip interface address and netmask to be used when the<br />
system runs in recovery mode.<br />
Options<br />
The following table gives the range of values for each option that can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default value<br />
ip_address<br />
netmask<br />
The ip interface address in IPv4 format<br />
(e.g. 192.168.1.1)<br />
The ip interface netmask in IPv4 format<br />
(e.g. 255.255.255.0)<br />
N/A<br />
N/A<br />
Example<br />
emergency set ipinterface ipaddress 192.168.1.1 netmask<br />
255.255.255.0<br />
See also<br />
EMERGENCY SET IPINTERFACE GATEWAY<br />
EMERGENCY SHOW<br />
EMERGENCY UPDATE<br />
EMERGENCY SHOW<br />
Syntax<br />
EMERGENCY SHOW<br />
Description<br />
This command display the current emergency configuration settings. These<br />
settings are not active until the EMERGENCY UPDATE command is entered or the<br />
Residential Gateway configuration is saved and then the system is restarted.<br />
Example<br />
emergency show
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 71<br />
EMERGENCY CONFIGURATION<br />
- GENERAL PARAMETERS<br />
device ip address: 192.168.1.1<br />
device netmask: 255.255.255.0<br />
gateway ip address: 192.168.1.254<br />
vlan tag id: 2<br />
vlan tagged port: LAN4<br />
See also<br />
EMERGENCY UPDATE<br />
EMERGENCY UPDATE<br />
Syntax<br />
Description<br />
Example<br />
See also<br />
EMERGENCY UPDATE<br />
This command update the Residential Gateway e2prom with the new emergency<br />
configuration data. To display the current emergency configuration settings use<br />
the EMERGENCY SHOW command.<br />
emergency update<br />
EMERGENCY SHOW
72 Chapter 5 – IP<br />
Chapter 5<br />
IP<br />
INTRODUCTION<br />
This chapter describes the main features of the Internet Protocol (IP) and how to<br />
configure and operate the AT-RG613, AT-RG623 and AT-RG656 IP interface.<br />
IP protocols are widely used and available on nearly all hosts and PC systems. They<br />
provide a range of services including remote login, file transfer and Email.<br />
THE INTERNET<br />
The Internet (with a capital “I”) is the name given to the large, worldwide network<br />
of networks based on the original concepts of the ARPAnet. A large number of<br />
government, academic and commercial organizations are connected to the Internet,<br />
and use it to exchange traffic such as Email. The Internet uses the TCP/IP protocols<br />
for all routing. In recent times the term Internet (with a lowercase “i”) has also come<br />
to refer to any network (usually a wide area network), which utilizes the Internet<br />
Protocol. The remainder of this chapter will concentrate on the latter definition, i.e.<br />
that of a generalized network which uses IP as the transport protocol.<br />
The basic unit of data sent through an Internet is a packet or datagram. An IP<br />
network functions by moving packets between routers and/or hosts. A packet<br />
consists of a header followed by the data (see Figure 5 and Table 5). The header<br />
contains the information necessary to move the packet across the Internet. It must be<br />
able to cope with missing and duplicated packets as well as possible fragmentation<br />
(and reassembly) of the original packet.<br />
Packets are sent using a connectionless transport mechanism. A connection is not<br />
maintained between the source and destination addresses; rather, the destination<br />
address is placed in the header and the packet is transmitted on a best effort basis. It<br />
is up to the intermediate systems (routers and gateways) to deliver the packet to the<br />
correct address, using the information in the header.<br />
Successive packets may take different routes through the network to the destination.<br />
There is a strong analogy with the postal delivery system in that letters are placed in<br />
individually addressed envelopes and put into the system in the ‘hope’ that they
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 73<br />
will arrive. Like an Internet, the postal system is very reliable. In an Internet, higher<br />
layers (such as TCP and Telnet) are responsible for ensuring that packets are<br />
delivered in a reliable and sequenced way.<br />
In contrast to a connectionless transport mechanism, a connection-oriented<br />
transport mechanism requires a connection to be maintained between the source<br />
and destination for as long as necessary to complete the exchange of packets<br />
between source and destination. X.25 is an example of a connection-oriented<br />
protocol. A good analogy to X.25 would be a telephone call, in which both parties<br />
verify that they are talking to the correct person before exchanging highly<br />
sequenced data (if both talk at once then nothing intelligible results!), and the<br />
connection is maintained until both parties have finished talking. Its not hard to<br />
imagine the chaos if the telephone system delivered words in the wrong order.<br />
1<br />
2<br />
3<br />
0 1 2 3 4 5 6 7 8 9<br />
0 1 2 3 4 5 6 7 8 9<br />
0 1 2 3 4 5 6 7 8 9<br />
0 1<br />
Version IHL TOS Total Length<br />
Identification flags fragment offset<br />
TTL Protocol Header Checksum<br />
Source IP Address<br />
Destination IP Address<br />
User Data<br />
Figure 5. IP packet or datagram.<br />
Field<br />
Ver<br />
IHL<br />
Type of service<br />
Total length<br />
Identification<br />
Flags<br />
Fragment offset<br />
Time to live<br />
Protocol<br />
Header checksum<br />
Function<br />
The version of the IP protocol that created the datagram.<br />
The length of the IP header in 32-bit words (the minimum<br />
value is 5).<br />
The quality of service (precedence, delay, throughput, and<br />
reliability) desired for the datagram.<br />
The length of the datagram (both header and user data), in<br />
octets.<br />
A 16-bit value assigned by the originator of the datagram,<br />
used during reassembly<br />
Control bits indicating whether the datagram may be<br />
fragmented, and if so, whether other later fragments exist<br />
The offset in the original datagram of the data being carried<br />
in this datagram, for fragmented datagrams<br />
The time in seconds the datagram is allowed to remain in<br />
the Internet system<br />
The high level protocol used to create the message<br />
(analogous to the type field in an Ethernet packet)<br />
A checksum of the header
74 Chapter 5 – IP<br />
Source IP address<br />
Destination IP<br />
address<br />
Options<br />
Padding<br />
User data<br />
32-bit IP address of the sender<br />
32-bit IP address of the recipient<br />
An optional field primarily used for network testing or<br />
Debugging.<br />
All bits set to zero—used to pad the datagram header to a<br />
length that is a multiple of 32 bits.<br />
The actual data being sent.<br />
Table 5. Functions of the fields in an IP datagram.<br />
ADDRESSING<br />
Internet addresses are fundamental to the operation of the TCP/IP Internet.<br />
Each packet must contain an Internet address to determine where to send the<br />
packet. Most packets also require a source address so that the sender of the packet is<br />
known. Addresses are 32-bit quantities which are logically divided into fields. They<br />
must not be confused with physical addresses (such as an Ethernet address); they<br />
serve only to address Internet Protocol packets.<br />
Addresses are organised into five classes (see Table 6).<br />
Class<br />
Maximum number of possible<br />
networks<br />
A 127 16,777,216<br />
B 16,384 65,536<br />
C 2,097,152 255<br />
Maximum number of hosts per<br />
network<br />
D<br />
E<br />
Reserved Class<br />
Reserved Class<br />
Table 6. Internet Protocol address classes and limits on numbers of networks and<br />
hosts.<br />
Each class differs in the number of bits assigned to the host and network portions of<br />
the address (Figure 6).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 75<br />
1 7 24<br />
CLASS A<br />
0 NETWORK HOST<br />
1 1 14 16<br />
CLASS B<br />
1<br />
0 NETWORK HOST<br />
1 1 1 21 8<br />
CLASS C<br />
110 NETWORK HOST<br />
Figure 6. Subdivision of the 32 bits of an Internet address into network and host<br />
fields for class A, B and C networks.<br />
The addressing scheme is designed to allow routers to efficiently extract the host<br />
and network portions of an address. In general a router is only interested in the<br />
network portion of an address.<br />
Class A sets the Most Significant Bit (MSB) to 0 and allocates the next 7 bits to define<br />
the network and the remaining 24 bits to define the host. Class B sets the two MSBs<br />
to 10 and allocates the next 14 bits to designate the network while the remaining 16<br />
refer to the host. Class C sets the three MSBs to ‘110’ and allocates the next 21 bits to<br />
designate the network while the remaining 8 are left to the user to assign as host or<br />
subnet numbers.<br />
The term host refers to any attached device on a subnet, including PCs, mainframes<br />
and routers. Most hosts are connected to only one network. In other words they<br />
have a single IP address. Routers are connected to more than one network and can<br />
have multiple IP addresses. The IP address is expressed in dotted decimal notation<br />
by taking the 32 binary bits and forming 4 groups of 8 bits, each separated by a dot.<br />
For example:<br />
10.4.8.2 is a class A address<br />
10 is the DDN assigned network number<br />
.4.8 are (possibly) user assigned subnet numbers<br />
.2 is the user assigned host number<br />
172.16.9.190 is a class B address<br />
172.16 is the DDN assigned network number<br />
.9 is the user assigned subnet number<br />
.190 is the user assigned host number<br />
The value 0.0.0.0 is used to define the default address, while a value of all ones in<br />
any host portion (i.e. 255) is reserved as the broadcast address. Some older versions<br />
of UNIX use a broadcast value of all zeros, therefore both the value ‘0’ and the value<br />
‘255’ are reserved within any user assigned host portion. The address 172.16.0.0<br />
refers to any host (not every host) on any subnet within the class B address 172.16.
76 Chapter 5 – IP<br />
Similarly 172.16.9.0 refers to any host on subnet 9, whereas 172.16.9.255 is a packet<br />
addressed to every host on subnet 9. The router uses this terminology to indicate<br />
where packets are to be sent.<br />
An address with ‘0’ in the host portion refers to ‘this particular host’ while an<br />
address with ‘0’ in the network portion refers to ‘this particular network’. As<br />
mentioned above a value of all ‘1’ (255) is a broadcast. To reduce loading, IP<br />
consciously tries to limit broadcasts to the smallest possible set of hosts, hence most<br />
broadcasts are ‘directed’. For example 172.16.56.255 is a broadcast to subnet 56 of<br />
network 172.16. A major problem with the IP type of addressing is that it defines<br />
connections not hosts. A particular address, although it is unique, defines a host by<br />
its connection to a particular network. Therefore if the host is moved to another<br />
network the address must also change. The situation is analogous to the postal<br />
system. A related problem can occur when an organisation which has a class C<br />
address finds that they need to upgrade to class B. This involves a total change of<br />
every address for all hosts and routers. Thus the addressing system is not scalable.<br />
Subnets<br />
Related to the two issues discussed above, the rapid growth of the Internet has<br />
meant a proliferation in the number of addresses which must be handled by the core<br />
routers. More addresses means more loading and tends to slow the system down.<br />
This is overcome by minimising the number of network addresses by sharing the<br />
same IP prefix (the assigned network number) with multiple physical networks.<br />
Generally these would all be within the same organisation, although this is not a<br />
requirement. There are two main ways of achieving this; Proxy ARP and subnetting.<br />
Proxy ARP will be discussed later in this section.<br />
A subnet is formed by taking the host portion of the assigned address and dividing<br />
it into two parts. The first part is the ‘set of subnets’ while the second refers to the<br />
hosts on each subnet. For example the DDN may assign a class B address as<br />
172.16.0.0. The system manager would then assign the lower two octets in some way<br />
which makes sense for this particular network. A common method for class B is to<br />
simply use the higher octet to refer to the subnet. Thus there are 254 subnets (0 and<br />
255 are reserved) each with 254 hosts. These subnets need not be physically on the<br />
same media. Generally they would be allocated geographically with subnet 2 being<br />
one site, subnet 3 another and so on. Some sites may have a requirement for<br />
multiple subnets on the same LAN.<br />
This could be to increase the number of hosts or simply to make administration<br />
easier. In this case it is normal (but not required) that the subnets be assigned<br />
contiguously for this site. This makes the allocation of a subnet mask easier.<br />
This mask is needed by the routers to ascertain which subnets are available at each<br />
site. Bits in the mask are set to ‘1’ if the router is to treat the corresponding bit in the<br />
IP address as belonging to the network portion or set to ‘0’ if it belongs to the host<br />
portion. This allows a simple bit-wise logical AND to determine if the address<br />
should be forwarded or not. Although the standard does not require that the subnet<br />
mask must select contiguous bits, it is normal practice to do so. To do otherwise can<br />
make the allocation of numbers rather difficult and prone to errors.<br />
Some example masks are:<br />
11111111.11111111.11111111.00000000 = 255.255.255.0<br />
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 77<br />
This would give 254 subnets on a class B network, each with 254 hosts.<br />
11111111.11111111.11111111.11110000 = 255.255.255.240<br />
<br />
This would give 4094 subnets on a class B network, each with 14 hosts or, 14 subnets<br />
on a class C network each with 14 hosts.<br />
IP SUPPORT ON AT-RG6XX RESIDENTIAL GATEWAY SERIES<br />
In order to use the IP stack, one or more interfaces must be added to the IP stack and<br />
attached to a transport.<br />
Each interface must be configured with an IP address and a subnet mask. Together,<br />
these define the range of addresses which can be reached via the interface without<br />
passing through any other routers.<br />
Each interface (real and virtual) must have a unique subnet; the range of addresses<br />
on each interface must not overlap with any other interface. In situations where<br />
there is no local subnet associated with an interface, unnumbered interfaces may be<br />
used.<br />
Adding and attaching IP interfaces<br />
IP interfaces are added and attached using the commands provided in the ip and<br />
ethernet module respectively.<br />
IP interfaces use typically the services provided by ethernet transports. Ethernet<br />
transport is an abstraction layer used to classify the format of the IP packets that will<br />
be transferred through the network. Another type of transport is, for example, is<br />
pppoe. Packets trasmitted through a pppoe connection or ethernet connection will<br />
have different frame format even if the convey the same type of information to the<br />
IP layer.<br />
Because the system support VLANs, the same ethernet port can be shared between<br />
different VLANs. Therefore itʹs not possible map an ethernet transport directly to a<br />
physical ethernet port.<br />
Instead ethernet transports are mapped to VLANs that from a logical point of view<br />
they act like an ethernet segment as an ethernet port would do in a simple system<br />
without VLANs<br />
To attach an ethernet transport to the Residential Gateway the following steps must<br />
be performed:<br />
Create an ethernet transport using the command:<br />
ethernet add transport eth1 myvlan<br />
Create an interface to the IP stack: using, for example, the command:<br />
ip add interface ip1 192.168.101.2 255.255.255.0<br />
Attach the transport to the interface using the command:<br />
ip attach ip1 eth1
78 Chapter 5 – IP<br />
IP stack and incoming packets<br />
When a packet arrives on an IP interface, the IP stack determines whether:<br />
• the packet should be received locally;<br />
• the packet should be forwarded to another interface<br />
Locally received packets<br />
A packet will be received locally if:<br />
• the destination address of the packet matches any of the IP stack interface<br />
addresses (real or virtual interface, primary or secondary addresses).<br />
• the packet is a broadcast.<br />
• the packet is a multicast to a group that the IP stack belongs to.<br />
• the packet has the Router Alert option set.<br />
The packet is either processed internally within the IP stack (for example, ICMP or<br />
IGMP control messages), or passed up to an application via the appropriate protocol<br />
processing (for example, TCP or UDP data).<br />
For a local application to successfully send a packet back to another host, the IP<br />
stack must be able to find a suitable route to that host.<br />
Forwarding packets<br />
If the IP stack determines that a packet is not destined to be received locally, it will<br />
try to forward the packet. The packet will be forwarded if:<br />
• the destination of the packet can be reached directly via any of the IP stack’s<br />
interfaces.<br />
• a route has been added, either manually or by a routing protocol, specifying a<br />
suitable gateway via which that destination may be reached.<br />
Several address tests are applied before forwarding a packet, for example to prevent<br />
broadcast packets from being forwarded. For more information about these tests,<br />
see RFC1122: Requirements for Internet - Hosts (section 3.2).<br />
If the packet cannot be forwarded, an ICMP “Destination Unreachable” error will be<br />
returned to the sender.<br />
By default, the checksum of forwarded IP packets is not checked. This is for reasons<br />
of efficiency, because calculating the checksum on all packets adds significantly to<br />
the forwarding time and reduces throughput. This default setting is common in<br />
most IP routers. Locally terminated packets always have their checksum checked.<br />
Unconfigured interfaces<br />
An interface with an IP address of 0.0.0.0 is unconfigured. An interface is added as<br />
unconfigured when it is to be configured at a later time, for example, by IPCP or<br />
DHCP.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 79<br />
No traffic will be forwarded from an unconfigured interface. However, an<br />
unconfigured interface may still receive certain types of traffic, such as responses to<br />
DHCP requests.<br />
An unconfigured interface should not be confused with an unnumbered interface.<br />
Unnumbered interfaces<br />
In a routed network, consider two routers that are joining two different subnets via<br />
a point-to-point link. It would usually be necessary to allocate a whole subnet just<br />
for the link between the routers, in addition to the other two subnets.<br />
An unnumbered interface does not have a subnet associated with it and simply<br />
serves as one end of a point-to-point link. An unnumbered link does not have an IP<br />
address, but a router id which is the IP address of one of the router’s other interfaces.<br />
You can have multiple unnumbered interfaces as long as you have at least one<br />
normal (numbered) IP interface in your router so that you can use its IP address as<br />
the router id. The unnumbered interfaces can either use different router id values, or<br />
use the same router id value. Whatever their value, the router id(s) must match the<br />
address of a normal interface.<br />
<br />
Unnumbered interfaces can only be used on point-to-point links. This includes<br />
PPP. You cannot use unnumbered interfaces with Ethernet<br />
Unconfigured interfaces v unnumbered interfaces<br />
An unnumbered interface is not the same as an unconfigured interface.<br />
An unconfigured interface is created by adding an interface without specifying an<br />
IP address (ip add interface myinterface), or by specifying an IP address of 0.0.0.0 (ip<br />
add interface myinterface 0.0.0.0).<br />
You would add an unconfigured interface if the interface address were to be set<br />
automatically later, for example, by IPCP or DHCP. It cannot be used for normal<br />
traffic.<br />
An unnumbered interface is different - it is used for normal traffic but does not have<br />
its own IP address or a local subnet associated with it.<br />
Configuring unnumbered interfaces<br />
Unnumbered interfaces are created using the following CLI command:<br />
ip add interface 255.255.255.255<br />
For example:<br />
ip add interface myinterface 192.168.101.3 255.255.255.255<br />
In this command:<br />
• myinterface is the unnumbered interface name.<br />
• 192.168.101.3 is the router id. The router id must be set to the IP address of<br />
one of the router’s normal interfaces. The main use of the router id is as the source<br />
address for packets sent on an unnumbered interface from local applications or
80 Chapter 5 – IP<br />
routing protocols. Router IDs are described in RFC1812 “Requirements for IP v4<br />
Routers”.<br />
• 255.255.255.255 is a special subnet mask that identifies an unnumbered<br />
interface and distinguishes it from any other type of interface.<br />
You must also add a route before your unnumbered interface can send packets.<br />
Creating a route<br />
Because an unnumbered interface does not have a local subnet associated with it, no<br />
packets can be routed to an unnumbered interface until a route is added. Let us just<br />
consider how this is done.<br />
Usually, for ethernet interface, routes are added with a gateway to be used for a<br />
particular destination.<br />
For example:<br />
ip add route myroute 10.0.0.0 255.0.0.0 gateway 192.168.101.10<br />
This means that all packets for the 10.0.0.0 subnet will be sent to the address<br />
192.168.101.10 as their next hop. The gateway must be reachable directly, so<br />
192.168.101.10 must be on a subnet served by one of the local interfaces.<br />
But, for point-to-point links, you can add a route through the interface, without<br />
specifying a gateway address, for example:<br />
ip add route myroute 10.0.0.0 255.0.0.0 interface myinterface<br />
All packets for the specified destination will be sent via the unnumbered interface<br />
called myinterface. This type of route can be used for all interfaces with point-topoint<br />
links, not just unnumbered interfaces.<br />
Virtual Interfaces<br />
Usually, each transport only has one router interface associated with it,and each<br />
router interface has only one IP address and local subnet associated with.<br />
Virtual interfaces allow you to attach more than one IP interface to the same<br />
transport. Secondary IP addresses allow you to associate more than one IP address<br />
with the same IP interface. Together, these features allow many configurations<br />
which would not otherwise be possible.<br />
Virtual interfaces allow you to create multiple router interfaces on the same<br />
transport, for example, on the same Ethernet port. This allows the IP stack to<br />
communicate with and route between multiple subnets existing on the same LAN.<br />
Configuring virtual interfaces<br />
To configure a virtual interface you need to create an IP interface, but instead of<br />
attaching it to a transport, you need to attach it to a second IP interface that already<br />
has a transport attached to it.<br />
In this way, the two interfaces share the transport that is only attached to one of the<br />
interfaces.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 81<br />
The original interface attached directly to a transport is called the real interface, and<br />
the interface that is attached to the real interface is called the virtual interface.<br />
To configure a virtual interface using the CLI:<br />
(i) Create the real interface, then create an Ethernet transport and attach the IP<br />
interface to the transport:<br />
ip add interface real_ip 192.168.101.2 255.255.255.0<br />
ethernet add transport eth1 myvlan<br />
ip attach real_ip eth1<br />
(ii) Create the virtual interface:<br />
ip add interface virtual_ip 192.168.50.10 255.255.255.0<br />
(iii) Attach the virtual interface to the real interface:<br />
ip attachvirtual virtual_ip real_ip<br />
You can add more than one virtual interface to the same real interface.<br />
Virtual interfaces are created by attaching them to a real interface instead of directly<br />
to a transport. If the real interface is deleted, then all associated virtual interfaces are<br />
detached automatically.<br />
Similarities between virtual interfaces and real<br />
interfaces<br />
A virtual interface is similar to a real interface:<br />
• virtual interfaces may be manipulated in the same way as real interfaces using the<br />
CLI.<br />
• the IP stack will route between virtual interfaces and real interfaces in the same<br />
way that it routes between real interfaces.<br />
<br />
Like real interfaces, virtual interfaces must have a unique subnet which does not<br />
overlap with other interfaces. In order to have the router respond to more than<br />
one IP address on the same subnet, secondary addresses must be used instead<br />
of virtual interfaces.<br />
Differences between virtual interfaces and real<br />
interfaces<br />
When the IP stack receives a packet from a transport that has associated virtual<br />
interfaces, the IP stack must decide which interface the packet arrived on.<br />
The source address of the incoming packet is compared with the subnet of each<br />
virtual interface on that transport. If there is no match, the IP stack assumes that the<br />
packet arrived on the real interface.<br />
The interface that the packet arrived on is important in two scenarios:<br />
• When the Firewall is in use - different rules (such as policies, portfilters and<br />
validators) are configured between different interfaces, so you need to know<br />
which interfaces the packet passes between.
82 Chapter 5 – IP<br />
• Some applications are written to only respond to traffic received on a specific<br />
interface. For example, DHCP server.<br />
Because the traffic for all virtual interfaces is received in the same way as the real<br />
interface, the only reasonable way of selecting an interface is based on source<br />
address as described above. This means that:<br />
• A virtual interface only receives packets with a source address matching its<br />
interface subnet, providing packets arrive via the real interface that the virtual<br />
interface is attached to.<br />
• Packets that arrive with a source address that does not match a local subnet are<br />
deemed to have been received on the real interface, even if the next hop would be<br />
reached through the virtual interface when sending to that destination.<br />
• Any packets from an unconfigured host, for example DHCP or BOOTP requests,<br />
are deemed to be received on the real interface.<br />
<br />
Remember that the source address of the packet can be spoofed by the sender,<br />
therefore security-related decisions should not be based on the ability to<br />
distinguish between virtual interfaces on the same transport.<br />
Secondary IP addresses<br />
Secondary IP addresses differ from virtual interfaces because there is no concept of a<br />
separate local subnet associated with a secondary address.<br />
The secondary addresses share the same subnet with the interface.<br />
Secondary addresses therefore allow the IP stack to have more than one address on<br />
the same subnet. After setting the main interface address, one or more additional<br />
addresses on the same subnet can be added to the interface.<br />
Configuring secondary IP addresses<br />
You can create and configure secondary IP addresses using the CLI.<br />
The following CLI commands allow you to create and configure secondary IP<br />
addresses:<br />
ip interface add secondaryipaddress<br />
ip interface clear secondaryipaddresses<br />
ip interface delete secondaryipaddress<br />
ip interface list secondaryipaddresses<br />
<br />
The ability to specify a subnet mask with a secondary address is superseded by<br />
the functionality of virtual interfaces. You should use virtual interfaces instead.<br />
Support for adding secondary IP addresses including subnet mask specification will<br />
be withdrawn in a future software release.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 83<br />
Functionality of secondary IP addresses<br />
On Ethernet interfaces, secondary IP addresses must be on the same subnet as the<br />
interface. Secondary addresses may be added to virtual interfaces, as well as real<br />
interfaces.<br />
On Point-to-Point links, secondary addresses may be added on a different subnet to<br />
the main interface address. This will provide an additional address which the IP<br />
stack will respond to for traffic arriving on that interface, but with no associated<br />
local subnet.<br />
This is similar to configuring a virtual interface as an unnumbered interface. This is<br />
not a common configuration.<br />
IP Quality of Service<br />
The IP stack includes features which enable different levels of service to be provided<br />
to different classes of routed traffic.<br />
Currently, two traffic classes are offered:<br />
• the Expedited traffic class<br />
• the Default (or Best-effort) traffic class<br />
Expedited class<br />
The Expedited class differs in two ways from the default level of service:<br />
• Lower packet loss; in overload conditions (where there is more traffic than the IP<br />
stack can route) packets from the default traffic class will be dropped in<br />
preference to packets from the expedited traffic class.<br />
• Lower latency; network traffic tends to arrive in bursts; the IP stack ensures that<br />
the latency of expedited traffic is reduced to a minimum by never queuing<br />
packets in the expedited traffic class behind packets in the default traffic class.<br />
These features are applicable to both forwarded and locally terminated traffic.<br />
Example of use of Prioritization<br />
• When forwarding traffic between interfaces where one or more interface has a<br />
limited bandwidth, certain classes of traffic can be given priority over other types<br />
of traffic.<br />
The IP stack is routing traffic between a fast Ethernet LAN and a limitedbandwidth<br />
WAN connection. One or more devices on the LAN wish to send<br />
voice over IP (VoIP) traffic over the WAN connection. It is important that the<br />
VoIP traffic has low packet loss and latency, even when other devices are also<br />
sending traffic to the WAN connection at the same time. The IP stack can ensure<br />
that the VoIP traffic is given preference to other types of traffic.<br />
• The architecture of the IP stack can enable specially written local applications to<br />
receive an enhanced level of service compared to other applications, and<br />
compared to other classes or forwarded traffic For example, the Residential
84 Chapter 5 – IP<br />
Gateway provides routing to a LAN as well as terminating VoIP traffic. The IP<br />
stack can ensure that the VoIP application can send and receive packets with low<br />
packet loss and low latency even in the presence of other routed traffic, or traffic<br />
to other applications (like DHCP server, Firewall, etc).<br />
Quality of Service support<br />
There are three components to the Quality of Service support:<br />
• packet classification<br />
• link bandwidth prioritization<br />
• CPU prioritization<br />
Only packet classification can be configured by CLI.<br />
Packet Classification<br />
When the IP stack first receives a packet, it is passed to the classifier.<br />
The classifier is also known as the Flow Qualifier.<br />
The classifier’s job is to examine certain fields in each IP packet and assign a specific<br />
Quality of Service Class to the packet. As mentioned before, there are currently two<br />
Quality of Service Classes: Expedited and Default.<br />
Packets are assumed to be in the Default class unless they match a specific rule<br />
added to the classifier.<br />
Each rule states that values must be present in fields in order for the packet to be<br />
classified as Expedited. The following fields can be examined:<br />
• the TOS (Type of Service) / DS (Differentiated Services) field in the IP header. This<br />
field may be set by the IP stack originating the packet if the application has<br />
requested it, or by a previous router which has already classified the packets and<br />
marked them using this field.<br />
• The IP Protocol, or the IP Protocol and TCP/UDP source and/or destination port<br />
numbers. In cases where the packets cannot be identified by their TOS/DS field,<br />
rules may be added to identify certain traffic sent to or from certain applications<br />
by the TCP or UDP source and/or destination port numbers, or just by IP<br />
protocols.<br />
• The source IP address. This is usually used in conjunction with the fields<br />
described above. For example, when used in conjunction with checking the<br />
TOS/DS field, this would ensure that only certain hosts could receive expedited<br />
service, other hosts would be ignored even if they set the correct values in the<br />
TOS/DS field.<br />
Rules are added to the classifier separately for each IP Interface. The classifier<br />
configuration on an interface only affects packets arriving on that interface, not<br />
packets forwarded to that interface.<br />
Configuring Flow Qualifiers<br />
To create and configure qualifier rules using the CLI, use the commands described<br />
in this section.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 85<br />
To classify packets based on a specified protocol, use the following command. If the<br />
protocol you specify is TCP or UDP, you can also base the flow qualifier on the<br />
source and destination port of incoming packets:<br />
ip interface add fq protocol<br />
You can also classify packets based on the protocol and the source address of<br />
incoming packets, using:<br />
ip interface add fq srcaddr protocol<br />
To classify packets based on both the source address of incoming packets, and the<br />
DS (Differentiated Services) codepoint field of each IP packet header, use the<br />
command:<br />
ip interface add fq srcaddr codepoint<br />
To classify packets based on the DS (Differentiated Services) field only, use the<br />
command:<br />
ip interface add fq codepoint<br />
Once you have created flow qualifier rules, you can configure them using the<br />
following CLI commands:<br />
ip interface clear fqs<br />
ip interface delete fq<br />
ip interface list fqs<br />
Link bandwidth prioritization<br />
If you are routing from an interface on a high speed link, such as Ethernet, to an<br />
interface on a low speed link, such as DSL, the router may forward more traffic from<br />
the Ethernet interface to the DSL interface than can be transmitted.<br />
When a packet is received, the classifier assigns a QoS class to it (Expedited or<br />
Default). When the IP stack sends a packet to a device driver, it marks the packet<br />
with a priority that is to be used during packet transmission. The QoS class<br />
determines what priority the packet is given. The device driver itself is responsible<br />
for prioritizing the transmission of packets.<br />
The device driver will handle expedited traffic differently from default traffic in two<br />
ways:<br />
• When traffic is queued for transmission, expedited traffic must be queued ahead<br />
of default traffic. This ensures that expedited traffic is not delayed by best-effort<br />
traffic while awaiting transmission.<br />
• When traffic is queued for transmission, the number of packets of default traffic<br />
on the queue must be limited. This ensures that when default traffic is sent to the<br />
interface faster than it can be transmitted, the default packets are discarded. This<br />
is necessary in order to prevent the system from running out of buffers, which<br />
would make them unavailable for use by expedited traffic.<br />
CPU prioritization<br />
The CPU resources of the system may be constrained in certain circumstances, for<br />
example:
86 Chapter 5 – IP<br />
• constrained throughput; the speed of the interfaces may be so fast that packets are<br />
sent to the IP stack faster than it can route them. Under heavy traffic, the<br />
throughput of the IP stack may be constrained by the amount of available<br />
processing power.<br />
• application resource requirements; other applications that run on the same processor<br />
as the router may consume a significant amount of CPU (for example, if a user is<br />
retrieving pages from the embedded webserver). Here, there may be enough CPU<br />
to route all packets, but you do not want individual packets to be delayed while<br />
another process is running, because this added latency would be apparent when<br />
making VoIP calls.<br />
To ensure that CPU resources are available to preferentially handle expedited<br />
traffic, the system incorporates the following features:<br />
• Process priorities; these are used to ensure that tasks handling expedited traffic run<br />
at a higher priority than the rest of the system. For example, device drivers and<br />
encapsulation protocols, certain parts of the IP stack, and local VoIP applications<br />
run at a higher priority compared to the rest of the system.<br />
• Division of tasks; The IP stack is split into separate tasks, with a division between:<br />
• the part of the stack that quickly makes the routing decision and forwards<br />
traffic between interfaces<br />
• and the part of the stack which performs more lengthy but less time-critical<br />
tasks (such as TCP, ICMP and ARP protocol processing).<br />
This ensures lower latency for expedited traffic.<br />
• Post-classification priority processing; after classification, packets are processed in<br />
priority order within the forwarding path. This not only ensures that expedited<br />
packets are still handled even under CPU overload conditions, but also reduces<br />
the adverse effect on latency of best-effort traffic bursts that arrive immediately<br />
before an expedited packet.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 87<br />
TCP/IP Command <strong>Reference</strong><br />
This section describes the commands available on the Residential Gateway to<br />
manage the TCP/IP module.<br />
IP Tracing commands<br />
You can carry out tracing in the IP stack using the following system commands:<br />
• SYSTEM LOG ENABLE|DISABLE; enables/disables the tracing support output<br />
for a specific module and category.<br />
• SYSTEM LOG LIST; displays the tracing options for the modules available in the<br />
current image.<br />
IP CLI commands<br />
The table below lists the IP commands provided by the CLI:<br />
Command<br />
IP ADD DEFAULTROUTE GATEWAY<br />
IP ADD DEFAULTROUTE INTERFACE<br />
IP ADD INTERFACE<br />
IP ADD ROUTE<br />
IP ATTACH<br />
IP ATTACH VIRTUAL<br />
IP CLEAR ARPENTRIES<br />
IP CLEAR INTERFACES<br />
IP CLEAR RIPROUTES<br />
IP CLEAR ROUTES<br />
IP DELETE INTERFACE<br />
IP DELETE ROUTE<br />
IP DETACH INTERFACE<br />
IP INTERFACE ADD FQ CODEPOINT<br />
IP INTERFACE ADD FQ PROTOCOL<br />
IP INTERFACE ADD FQ SRCADDR CODEPOINT<br />
IP INTERFACE ADD FQ SRCADDR PROTOCOL<br />
IP INTERFACE ADD PROXYARPENTRY<br />
IP INTERFACE ADD PROXYARPEXCLUSION<br />
IP INTERFACE ADD SECONDARYIPADDRESS<br />
IP INTERFACE CLEAR FQS<br />
IP INTERFACE CLEAR PROXYARPENTRIES
88 Chapter 5 – IP<br />
IP INTERFACE CLEAR SECONDARYIPADDRESS<br />
IP INTERFACE DELETE FQ<br />
IP INTERFACE DELETE PROXYARPENTRIES<br />
IP INTERFACE DELETE PROXYARPEXCLUSION<br />
IP INTERFACE DELETE<br />
SECONDARYIPADDRESS<br />
IP INTERFACE LIST FQS<br />
IP INTERFACE LIST PROXYARPENTRIES<br />
IP INTERFACE LIST SECONDARYIPADDRESSES<br />
IP LIST ARPENTRIES<br />
IP LIST CONNECTIONS<br />
IP LIST INTERFACES<br />
IP LIST RIPROUTES<br />
IP LIST ROUTES<br />
IP PING<br />
IP SET INTERFACE DHCP<br />
IP SET INTERFACE IPADDRESS<br />
IP SET INTERFACE MTU<br />
IP SET INTERFACE NETMASK<br />
IP SET INTERFACE RIP ACCEPT<br />
IP SET INTERFACE RIP MULTICAST<br />
IP SET INTERFACE RIP SEND<br />
IP SET INTERFACE TCPMSSCLAMP<br />
IP SET INTERFACE RIP SEND<br />
IP SET RIP ADVERTISEDEFAULT<br />
IP SET RIP AUTHENTICATION<br />
IP SET RIP DEFAULTROUTECOST<br />
IP SET RIP HOSTROUTES<br />
IP SET RIP PASSWORD<br />
IP SET RIP POISON<br />
IP SET ROUTE COST<br />
IP SET ROUTE DESTINATION<br />
IP SET ROUTE GATEWAY<br />
IP SET ROUTE INTERFACE<br />
IP SHOW
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 89<br />
IP SHOW DEBUGINFO<br />
IP SHOW INTERFACE<br />
IP SHOW ROUTE<br />
IP ADD DEFAULTROUTE GATEWAY<br />
Syntax IP ADD DEFAULTROUTE GATEWAY <br />
Description This command creates a default route. It acts as a shortcut command that can be<br />
used instead of typing the following:<br />
ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.103.3<br />
<br />
Itʹs possible to create only one default route.<br />
A default route will not be created if a default route has already been created using<br />
the IP ADD ROUTE command or the IP ADD DEFAULTROUTE INTERFACE command.<br />
To have RIP advertise a default route with a default cost metric, see THE IP SET RIP<br />
ADVERTISEDEFAULT and IP SET RIP DEFAULTROUTECOST commands.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable)<br />
Option Description Default Value<br />
gateway_ip<br />
The IP address of the gateway that this<br />
route will use by default, displayed in the<br />
IPv4 format (e.g. 192.168.102.3)<br />
N/A<br />
Example --> ip add defaultroute gateway 192.168.103.3<br />
See also IP ADDROUTE<br />
IP ADD DEFAULT ROUTE INTERFACE<br />
IP ADD DEFAULTROUTE INTERFACE<br />
Syntax IP ADD DEFAULTROUTE INTERFACE <br />
Description This command creates a default route. It acts as a shortcut command that can be<br />
used instead of typing the following:<br />
ip add route default 0.0.0.0 0.0.0.0 interface ip3<br />
<br />
A default route will not be created if a default route has already been created<br />
using the IP ADD ROUTE command or the IP ADD DEFAULTROUTE<br />
INTERFACE command.
90 Chapter 5 – IP<br />
To have RIP advertise a default route with a default cost metric, see the IP SET RIP<br />
ADVERTISEDEFAULT and IP SET RIP DEFAULTROUTECOST commands.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable)<br />
Option Description Default Value<br />
interface<br />
The name of the existing interface that this<br />
route will use. To display interface names,<br />
use the IP LIST INTERFACES command.<br />
N/A<br />
Example --> ip add defaultroute interface ip3<br />
See also IP ADDROUTE<br />
IP ADD DEFAULT ROUTE GATEWAY<br />
IP ADD INTERFACE<br />
Syntax IP ADD INTERFACE [ ]<br />
Description This command adds a named interface and optionally sets its IP address. The IP<br />
address is not mandatory at this stage, but if it is not specified in this command, the<br />
interface will be unconfigured. There are three ways that the IP address can be set<br />
later:<br />
• using the ip set interface ipaddress command<br />
• it is possible to set the interface to obtain its configuration via Dynamic Host<br />
Configuration Protocol (DHCP) using the IP SET INTERFACE DHCP ENABLED<br />
command. By default, DHCP is disabled.<br />
• the interface can obtain its IP configuration via PPP IPCP (Internet Protocol<br />
Control Protocol) negotiation. See PPPoE CLI commands<br />
The IP stack automatically creates a loopback interface for address 127.0.0.1 subnet<br />
mask 255.255.255.0. This interface is not displayed by the IP LIST INTERFACES<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
ipaddress<br />
An arbitrary name that identifies the IP<br />
interface. It can be made up of one or more<br />
letters or a combination of letters and digits,<br />
but it cannot start with a digit.<br />
The IP address of the interface displayed in<br />
the IPv4 format (e.g. 192.168.102.3)<br />
If the IP address is set to the special value<br />
0.0.0.0, the interface is marked as<br />
unconfigured. This value is used when the<br />
N/A<br />
0.0.0.0
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 91<br />
interface address is obtained automatically.<br />
For unnumbered interface, the IP address<br />
parameter is used to specify the router-id of<br />
the interface. The router-id should be the<br />
same as the IP address of one of the routerʹs<br />
numbered interfaces.<br />
netmask<br />
The netmask address of the interface<br />
displayed in the IPv4 format (e.g.<br />
255.255.255.0)<br />
The special value 255.255.255.255 is used to<br />
indicate an unnumbered interface. An<br />
unnumbered interface is configured by<br />
setting the IP address to the interfaceʹs<br />
router-id value, and setting netmask to<br />
255.255.255.255.<br />
N/A<br />
Example --> ip add interface ip1 192.168.103.3 255.255.255.0<br />
See also IP ATTACH<br />
IP SHOW INTERFACE<br />
IP SET INTERFACE IPADDRESS<br />
IP SET INTERFACE DHCP<br />
For information on setting DHCP client configuration options, see DHCP Client CLI<br />
commands.<br />
IP ADD ROUTE<br />
Syntax IP ADD ROUTE {GATEWAY | INTERFACE<br />
}<br />
Description This command creates a static route to a destination network address via a gateway<br />
device or an existing interface. It also allows the creation of a default route.<br />
<br />
A default route will not be created if a default route has already been created<br />
using the IP ADD ROUTE command or the IP ADD DEFAULTROUTE<br />
INTERFACE command.<br />
A route specifies a destination network (or single host), together with a mask to<br />
indicate what range of addresses the network covers, and a next-hop gateway<br />
address or interface. If there is a choice of routes for a destination, the route with the<br />
most specific mask is chosen.<br />
Routes are used when sending datagrams as well as forwarding them, so they are<br />
not relevant only to routers. However, a system with a single interface is likely to<br />
have a single route as a default route to the router on the network that it most often<br />
needs to use. Route metric can only be set using the IP SET ROUTE COST<br />
command.<br />
Options The following table gives the range of values for each option which can be specified
92 Chapter 5 – IP<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
dest_ip<br />
netmask<br />
gateway_ip<br />
interface<br />
An arbitrary name that identifies the route.<br />
It can be made up of one or more letters or a<br />
combination of letters and digits, but it<br />
cannot start with a digit.<br />
To create a default static route to a<br />
destination address, type default as the<br />
route name. Itʹs possible create one route<br />
called default.<br />
The IP address of the destination network<br />
displayed in the IPv4 format (e.g.<br />
192.168.102.3)<br />
The destination netmask displayed in the<br />
IPv4 format (e.g. 255.255.255.0)<br />
The IP address of the gateway that this<br />
route will use, displayed in the IPv4 format<br />
(e.g. 192.168.102.3)<br />
The name of the existing interface that this<br />
route will use. To display interface names,<br />
use the IP LIST INTERFACES command.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Examples There are two examples in this section. Example 1 routes through a gateway.<br />
Example 2 routes through an existing interface.<br />
Example 1<br />
--> ip add route route1 192.168.103.3 255.255.255.0 gateway 192.168.102.3<br />
Example 2<br />
--> ip add route route2 192.168.103.4 255.255.255.0 interface ip1<br />
See also<br />
LIST INTERFACES<br />
IP ATTACH<br />
Syntax IP ATTACH {|} <br />
Description This command attaches an existing IP interface to an existing transport (i.e. a<br />
VLAN) so that data can be transported via the selected transport.<br />
This command implicitly enables the transport being attached, i.e. IP frames passing<br />
through the VLAN used as transport could reach the system main processor.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 93<br />
Option Description Default Value<br />
name<br />
number<br />
transport<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
A name that identifies an existing transport<br />
(i.e. VLAN).<br />
To show the existing transports, use the<br />
TRANSPORT LIST command.<br />
N/A<br />
N/A<br />
N/A<br />
Example In the example below, voip is the name of an ethernet transport created using the<br />
ETHERNET ADD TRANSPORT command:<br />
--> ip attach ip1 voip<br />
See also IP ADD INTERFACE<br />
IP LIST INTERFACES<br />
IP ATTACHVIRTUAL<br />
Syntax IP ATTACHVIRTUAL {|} <br />
Description This command creates a virtual interface. The virtual interface is associated with a<br />
‘real’ IP interface that has already been attached to a transport using the IP<br />
ATTACH command. You can attach multiple virtual interfaces to one ‘real’ IP<br />
interface.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface that will be the virtual interface.<br />
The IP interface should not have a transport<br />
attached to it. To display the interface<br />
names, use the IP LIST INTERFACES<br />
command.<br />
A number that identifies an existing IP<br />
interface that will be the virtual interface.<br />
The IP interface should not have a transport<br />
attached to it. To display interface numbers,<br />
use the IP LIST INTERFACES command.<br />
The number appears in the first column<br />
under the heading ID.<br />
N/A<br />
N/A
94 Chapter 5 – IP<br />
Real_interface<br />
A name that identifies an existing IP<br />
interface. This is the ‘Real’ interface that the<br />
virtual interface will be associated with.<br />
This interface must already be attached to a<br />
transport. To display the interface names,<br />
use the IP LIST INTERFACES command.<br />
N/A<br />
Example --> ip attachvirtual ip_virtual ip_real<br />
See also IP LIST INTERFACES<br />
IP CLEAR ARPENTRIES<br />
Syntax IP CLEAR ARPENTRIES<br />
Description This command clears all ARP entries listed in the IP ARP table.<br />
Example --> ip clear arpentries<br />
IP CLEAR INTERFACES<br />
Syntax IP CLEAR INTERFACES<br />
Description This command clears all IP interfaces that were created using the IP ADD<br />
INTERFACE command.<br />
Example --> ip clear interfaces<br />
See also IP DELETE INTERFACE<br />
IP CLEAR RIPROUTES<br />
Syntax IP CLEAR RIPROUTES<br />
Description This command deletes all the existing dynamic routes that have been obtained from<br />
RIP. It does not delete the static routes; see the IP CLEAR ROUTES command.<br />
Example --> ip clear riproutes<br />
See also IP CLEAR ROUTES<br />
IP SET RIP HOSTROUTES<br />
IP SET INTERFACE RIP ACCEPT<br />
IP SET INTERFACE RIP SEND<br />
IP CLEAR ROUTES<br />
Syntax IP CLEAR ROUTES
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 95<br />
Description This command clears all static routes that were created using the IP ADD ROUTE<br />
command.<br />
Example --> ip clear routes<br />
See also IP DELETE ROUTE<br />
IP DELETE INTERFACE<br />
Syntax IP DELETE INTERFACE {|}<br />
Description This command deletes a single IP interface that was created using the IP ADD<br />
INTERFACE command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
N/A<br />
N/A<br />
Example --> ip delete interface ip1<br />
See also IP CLEAR INTERFACES<br />
IP LIST INTERFACES<br />
IP DELETE ROUTE<br />
Syntax IP DELETE ROUTE {|}<br />
Description This command deletes a single route that was created using the IP ADD ROUTE<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing route. To<br />
display route names, use the IP LIST<br />
ROUTES command.<br />
N/A<br />
number A number that identifies an existing route. N/A
96 Chapter 5 – IP<br />
To display route numbers, use the IP LIST<br />
ROUTES command. The number appears in<br />
the first column under the heading ID.<br />
Example --> ip delete route route1<br />
See also IP LIST ROUTES<br />
IP DETACH INTERFACE<br />
Syntax IP DETACH {|}<br />
Description This command detaches an IP interface from a transport (i.e. a VLAN) where it was<br />
previously attached using the IP ATTACH INTERFACE command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
N/A<br />
N/A<br />
Example --> ip detach ip1<br />
See also IP LIST INTERFACES<br />
IP INTERFACE ADD FQ CODEPOINT<br />
Syntax IP INTERFACE {|} ADD FQ CODEPOINT <br />
Description This command adds a flow qualifier rule that classifies IP packets based on the DS<br />
(Differentiated Services) codepoint field of the IP packet header. Incoming packets<br />
that match this rule are given a higher quality of service (qos) value, which allows<br />
them to be handled at a higher priority than other packets that do not match this<br />
rule.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name A name that identifies an existing IP N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 97<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
number<br />
fqname<br />
ds_codepoint<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
An arbitrary name that identifies the flow<br />
qualifier (fq). It can be made up of one or<br />
more letters or a combination of letters and<br />
digits, but it cannot start with a digit.<br />
A flow qualifier is a rule that allows you to<br />
select a quality of service value to assign to<br />
an incoming packet.<br />
A codepoint is a 6 digit binary number set<br />
in the DS (Differentiated Services) field of<br />
the IP packet header. DS RFCs defines<br />
recommended DS codepoint values for<br />
various PHBs (Per Hop Behaviors). The<br />
PHB supported here is Expedited<br />
Forwarding, which recommends a<br />
codepoint of 101110.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 add fq myfq codepoint 101110<br />
See also IP LIST INTERFACES<br />
IP INTERFACE LIST FQS<br />
IP INTERFACE ADD FQ PROTOCOL<br />
Syntax IP INTERFACE {|} ADD FQ PROTOCOL { | TCP<br />
[] [] | UDP [] []}<br />
Description This command adds a flow qualifier rule that classifies IP packets based on the<br />
specified protocol. If the protocol specified is TCP or UDP, you can also specify the<br />
protocol source and destination port. Incoming packets that match this rule are<br />
given a higher quality of service (qos) value, which allows them to be handled at a<br />
higher priority than other packets that do not match this rule.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
N/A<br />
number A number that identifies an existing IP N/A
98 Chapter 5 – IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
fqname<br />
proto<br />
srcport<br />
dstport<br />
An arbitrary name that identifies the flow<br />
qualifier (fq). It can be made up of one or<br />
more letters or a combination of letters and<br />
digits, but it cannot start with a digit.<br />
A flow qualifier is a rule that allows you to<br />
select a quality of service value to assign to<br />
an incoming packet.<br />
The protocol type that you want to classify.<br />
The protocol can be TCP, UDP, ICMP, GRE<br />
or any numeric value.<br />
For a list of protocol numbers, see RFC1700<br />
The source port of incoming packets. This is<br />
only used if you have set TCP or UDP as the<br />
fq protocol. If you set this to 0, packets<br />
arriving from any port are classified.<br />
The destination port of incoming packets.<br />
This is only used if you have set TCP or<br />
UDP as the fq protocol. If you set this to 0,<br />
packets destined for any port are classified.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example<br />
To prioritise TCP packets with source port 50000 and dest port 80<br />
--> ip interface ip1 add fq myfq1 protocol tcp 50000 80<br />
--> ip interface ip3 add fq myfq1 protocol udp 0 5001<br />
See also IP LIST INTERFACES<br />
IP INTERFACE LIST FQS<br />
IP INTERFACE ADD FQ SRCADDR CODEPOINT<br />
Syntax IP INTERFACE {|} ADD FQ SRCADDR <br />
CODEPOINT <br />
Description This command adds a flow qualifier rule that classifies IP packets based on both the<br />
source IP address of incoming packets, and the DS (Differentiated Services)<br />
codepoint field of each IP packet header.<br />
Incoming packets that match this rule are given a higher quality of service (qos)<br />
value, which allows them to be handled at a higher priority than other packets that<br />
do not match this rule.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 99<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
fqname<br />
srcaddr<br />
ds_codepoint<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
An arbitrary name that identifies the flow<br />
qualifier (fq). It can be made up of one or<br />
more letters or a combination of letters and<br />
digits, but it cannot start with a digit.<br />
A flow qualifier is a rule that allows you to<br />
select a quality of service value to assign to<br />
an incoming packet.<br />
The IP address that will be compared<br />
against the source IP address of incoming<br />
packets, displayed in the following format:<br />
192.168.102.3<br />
A codepoint is a 6 digit binary number set<br />
in the DS (Differentiated Services) field of<br />
the IP packet header. DS RFCs define<br />
recommended DS codepoint values for<br />
various PHBs (Per Hop Behaviors). The<br />
PHB supported here is Expedited Forwarding,<br />
which recommends a codepoint of 101110.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 add fq myfq1 srcaddr 192.168.101.2 codepoint 101110<br />
See also IP LIST INTERFACES<br />
IP INTERFACE LIST FQS<br />
IP INTERFACE ADD FQ SRCADDR PROTOCOL<br />
Syntax IP INTERFACE {|} ADD FQ SRCADDR <br />
PROTOCOL { | TCP | UDP }<br />
Description This command adds a flow qualifier rule that classifies IP packets based on the<br />
source address and protocol of the packet. If the protocol specified is TCP or UDP,<br />
you can also specify the protocol source and destination port. Incoming packets that<br />
match this rule are given a higher quality of service (qos) value, which allows them<br />
to be handled at a higher priority than other packets that do not match this rule.
100 Chapter 5 – IP<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
fqname<br />
srcaddr<br />
proto<br />
srcport<br />
dstport<br />
A name that identifies an existing IP interface. To<br />
display interface names, use the IP LIST<br />
INTERFACES command.<br />
A number that identifies an existing IP interface.<br />
To display interface numbers, use the IP LIST<br />
INTERFACES command. The number appears<br />
in the first column under the heading ID.<br />
An arbitrary name that identifies the flow<br />
qualifier (fq). It can be made up of one or more<br />
letters or a combination of letters and digits, but<br />
it cannot start with a digit.<br />
A flow qualifier is a rule that allows you to select<br />
a quality of service value to assign to an<br />
incoming packet.<br />
The IP address that will be compared against the<br />
source IP address of incoming packets, displayed<br />
in the following format:<br />
192.168.102.3<br />
The protocol type that you want to classify. The<br />
protocol can be TCP, UDP, ICMP, GRE or any<br />
numeric value.<br />
For a list of protocol numbers, RFC1700.<br />
The source port of incoming packets. This is only<br />
used if you have set TCP or UDP as the fq<br />
protocol. If you set this to 0, packets arriving<br />
from any port are classified.<br />
The destination port of incoming packets. This is<br />
only used if you have set TCP or UDP as the fq<br />
protocol. If you set this to 0, packets destined for<br />
any port are classified.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
0<br />
0<br />
Example<br />
To prioritise TCP packets from 192.168.101.2, with source port 50000 and destport 80<br />
--> ip interface ip1 add fq fq1 srcaddr 192.168.101.2 protocol<br />
tcp 50000 80<br />
See also IP LIST INTERFACES<br />
IP INTERFACE LIST FQS<br />
IP INTERFACE ADD PROXYARPENTRY<br />
Syntax IP INTERFACE {|} ADD PROXYARPENTRY []
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 101<br />
Description This command configures proxy ARP functionality on an existing IP interface. This<br />
means that an interface responds to ARP requests for both its own address and for<br />
any address that has been configured as a proxy ARP address.<br />
You can configure proxy ARP functionality on a single address or a range of<br />
addresses. Once you have configured a range of proxy ARP interfaces, you can set<br />
one or more addresses in the range to NOT respond to proxy ARP using the IP<br />
INTERFACE ADD PROXYARPEXCLUSION command.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ipaddress<br />
netmask<br />
A name that identifies an existing IP interface. To<br />
display interface names, use the IP LIST<br />
INTERFACES command.<br />
A number that identifies an existing IP interface.<br />
To display interface numbers, use the IP LIST<br />
INTERFACES command. The number appears<br />
in the first column under the heading ID.<br />
The IP address (or range of addresses) of the<br />
address for which you wish to make proxy ARP<br />
replies, displayed in the IPv4 format (e.g.<br />
192.168.102.3)<br />
The netmask of the subnet for which you wish to<br />
make proxy ARP replies, displayed in the IPv4<br />
format: (e.g. 255.255.255.0)<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example The following command adds proxy ARP support to the entire subnet 192.168.100.0:<br />
--> ip interface ip1 add proxyarpentry 192.168.100.0 255.255.255.0<br />
See also IP INTERFACE ADD PROXYARPEXCLUSION<br />
IP INTERFACE LIST PROXYARPENTRIES<br />
IP INTERFACE ADD PROXYARPEXCLUSION<br />
Syntax IP INTERFACE {|} ADD PROXYARPEXCLUSION <br />
[]<br />
Description This command configures proxy ARP exclusion functionality on an existing IP<br />
interface. This means that once you have configured an interface with a range of<br />
proxy ARP addresses, you can set one or more addresses in the range to NOT<br />
respond with proxy ARP.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value
102 Chapter 5 – IP<br />
name<br />
number<br />
ipaddress<br />
netmask<br />
A name that identifies an existing IP interface. To<br />
display interface names, use the IP LIST<br />
INTERFACES command.<br />
A number that identifies an existing IP interface.<br />
To display interface numbers, use the IP LIST<br />
INTERFACES command. The number appears<br />
in the first column under the heading ID.<br />
The IP address (or range of addresses) that you<br />
want to set as a proxy ARP exclusion entry,<br />
displayed in the IPv4 format (e.g. 192.168.102.3)<br />
The netmask of the subnet you wish to exclude<br />
from proxy ARP, displayed in the IPv4 format<br />
(e.g. 255.255.255.0)<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example The first command below adds proxy ARP support to the subnet 192.168.100.0 . The<br />
second command excludes proxy ARP support from 192.168.100.10 /<br />
255.255.255.254:<br />
--> ip interface ip1 add proxyarpentry 192.168.100.0 255.255.255.0<br />
--> ip interface ip1 add proxyarpexclusion 192.168.100.10 255.255.255.254<br />
This means that the Residential Gateway will make proxy ARP responses for the<br />
entire subnet 192.168.100.0 / 255.255.255.0, EXCEPT for addresses 192.168.100.10 and<br />
192.168.100.11.<br />
See also IP INTERFACE ADD PROXYARPENTRY<br />
IP INTERFACE LIST PROXYARPENTRIES<br />
IP INTERFACE ADD SECONDARYIPADDRESS<br />
Syntax IP INTERFACE {|} ADD SECONDARYIPADDRESS <br />
[]<br />
Description This command adds a secondary IP address to an existing IP interface. A secondary<br />
address may be used to create an extra IP address on an interface for management<br />
purposes, or to allow the IP stack to route between two subnets on the same<br />
interface.<br />
The functionality of secondary IP addresses depends on several parameters<br />
including the type of IP interface and the netmask:<br />
• if a secondary address is on the same subnet as the primary interface address, you<br />
do not need to specify a subnet mask for that secondary address. This applies to<br />
all interface types.<br />
<br />
The ability to specify a subnet mask with a secondary address is superseded by<br />
the functionality of virtual interfaces. You should use virtual interfaces instead.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 103<br />
Option Description Default Value<br />
name<br />
number<br />
netmask<br />
ipaddress<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
The netmask of the secondary IP address<br />
displayed in the Iov4 format (e.g.<br />
255.255.255.0)<br />
To display the secondary IP addresses, use<br />
the IP INTERFACE LIST<br />
SECONDARYIPADDRESSES command.<br />
A secondary IP address that you want to<br />
add to the main IP interface. You can add<br />
any number of secondary IP addresses. The<br />
IP address is displayed in the IPv4 format<br />
(e.g. 192.168.102.3)<br />
To display the secondary IP addresses, use<br />
the IP INTERFACE LIST<br />
SECONDARYIPADDRESSES command.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 add secondaryipaddress 192.168.102.3<br />
255.255.255.0<br />
See also IP LIST INTERFACES<br />
IP INTERFACE LIST SECONDARYIPADDRESSES<br />
IP INTERFACE CLEAR FQS<br />
Syntax IP INTERFACE {|} CLEAR FQS<br />
Description This command deletes all flow qualifiers that have been added to an existing IP<br />
interface using the IP INTERFACE ADD FQ commands.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
N/A<br />
N/A
104 Chapter 5 – IP<br />
number appears in the first column under<br />
the heading ID.<br />
Example --> ip interface ip1 clear fqs<br />
See also IP LIST INTERFACES<br />
IP INTERFACE DELETE FQ<br />
IP INTERFACE CLEAR PROXYARPENTRIES<br />
Syntax IP INTERFACE {|} CLEAR PROXYARPENTRIES<br />
Description This command clears all proxy arp entries and exclusions that were created using<br />
the IP INTERFACE ADD PROXYARPENTRY and IP INTERFACE ADD<br />
PROXYARPEXCLUSION commands.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 clear proxyarpentries<br />
See also IP INTERFACE ADD PROXYARPENTRY<br />
IP INTERFACE ADD PROXYARPEXCLUSION<br />
IP INTERFACE CLEAR SECONDARYIPADDRESSES<br />
Syntax IP INTERFACE {|} CLEAR SECONDARYIPADDRESSES<br />
Description This command deletes all additional IP addresses that have been added to an<br />
existing IP interface using the IP INTERFACE ADD SECONDARYIPADDRESS<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 105<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 clear secondaryipaddresses<br />
See also IP LIST INTERFACES<br />
IP INTERFACE ADD SECONDARYIPADDRESS<br />
IP INTERFACE DELETE SECONDARYIPADDRESS<br />
IP INTERFACE LIST SECONDARYIPADDRESSES<br />
IP INTERFACE DELETE FQ<br />
Syntax IP INTERFACE {|} DELETE FQ <br />
Description This command deletes a single flow qualifier that has been added to an existing IP<br />
interface using the IP INTERFACE ADD FQ commands.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
fqname<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
A name that identifies the flow qualifier (fq). To<br />
display flow qualifier names, use the IP<br />
INTERFACE LIST FQS command.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 delete fq myfq<br />
See also IP LIST INTERFACES<br />
IP INTERFACE LIST FQS
106 Chapter 5 – IP<br />
IP INTERFACE DELETE PROXYARPENTRIES<br />
Syntax IP INTERFACE {|} DELETE PROXYARPENTRIES <br />
Description This command deletes a single proxy arp entry that was created using the IP<br />
INTERFACE ADD PROXYARPENTRY command.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
entrynumber<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
A number that identifies an existing<br />
ProxyArp entry on this IP interface. To<br />
display entry numbers, use the IP<br />
INTERFACE LIST PROXYARPENTRIES<br />
command. The number appears in the first<br />
column under the heading ID.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 delete proxyarpentry 1<br />
See also IP INTERFACE ADD PROXYARPENTRY<br />
IP INTERFACE LIST PROXYARPENTRIES<br />
IP INTERFACE DELETE PROXYARPEXCLUSION<br />
Syntax IP INTERFACE {|} DELETE PROXYARPEXCLUSION <br />
Description This command deletes a single proxy arp exclusion entry that was created using the<br />
IP INTERFACE ADD PROXYARPEXCLUSION command.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 107<br />
number<br />
entrynumber<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
A number that identifies an existing<br />
ProxyArpExclusion entry on this IP<br />
interface. To display entry numbers, use the<br />
IP INTERFACE LIST PROXYARPENTRIES<br />
command. The number appears in the first<br />
column under the heading ID.<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 delete proxyarpexclusion 2<br />
See also IP INTERFACE ADD PROXYARPEXCLUSION<br />
IP INTERFACE LIST PROXYARPENTRIES<br />
IP INTERFACE DELETE SECONDARYIPADDRESS<br />
Syntax IP INTERFACE {|} DELETE SECONDARYIPADDRESS<br />
<br />
Description This command deletes a single secondary IP address that has previously been<br />
added to an existing IP interface using the IP INTERFACE ADD<br />
SECONDARYIPADDRESS command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
secondary<br />
ipaddress<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
The number that identifies a secondary IP<br />
address that you want to delete from the<br />
main IP interface. To display secondary IP<br />
address numbers, use the IP INTERFACE<br />
LIST SECONDARYIPADDRESSES<br />
command. The number appears in the first<br />
column under the heading ID.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 delete secondaryipaddress 1
108 Chapter 5 – IP<br />
See also IP LIST INTERFACES<br />
IP INTERFACE LIST SECONDARYIPADDRESSES<br />
IP INTERFACE LIST FQS<br />
Syntax IP INTERFACE {|} LIST FQS<br />
Description This command lists all flow qualifiers that have been added to an existing IP<br />
interface using the IP INTERFACE ADD FQS command.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 list fqs<br />
Flow Qualifiers for interface: ip1<br />
ID | Name | Src IP Address | Proto | Src Port | Dst Port | ds<br />
---|------|----------------|-------|----------|----------|-------<br />
1 | fq1 | 192.168.101.2 | tcp | 50000 | 80 |101110<br />
-----------------------------------------------------------------<br />
IP INTERFACE LIST PROXYARPENTRIES<br />
Syntax IP INTERFACE {|} LIST PROXYARPENTRIES<br />
Description This command displays information about proxy arp entries and exclusions that<br />
were created using the IP INTERFACE ADD PROXYARPENTRY and IP<br />
INTERFACE ADD PROXYARPEXCLUSION commands.<br />
The following information are displayed:<br />
• interface ID numbers<br />
• IP address and netmask of proxy ARP entries and exclusions<br />
• Exclusion status; true for exclusions, false for inclusions<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 109<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
N/A<br />
N/A<br />
Example --> ip interface ip1 list proxyarpentries<br />
ID | IP Address | Netmask | Exclude<br />
---|---------------|----------------|----------<br />
1 | 192.168.100.0 | 255.255.255.0 | false<br />
2 | 192.168.100.8 | 255.255.255.254| true<br />
-----------------------------------------------<br />
IP INTERFACE LIST SECONDARYIPADDRESSES<br />
Syntax IP INTERFACE {|} LIST SECONDARYIPADDRESSES<br />
Description This command lists the secondary IP addresses that have been added to an existing<br />
IP interface using the IP INTERFACE ADD SECONDARYIPADDRESS command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
N/A<br />
N/A<br />
Example In the example output below, secondary IP addresses without netmasks associated<br />
with them appear as 0.0.0.0 by default.<br />
--> ip interface ip1 list secondaryipaddresses<br />
ID | IP Address | Netmask<br />
-----|-----------------------------------<br />
1 | 192.168.104.6 | 255.255.255.0<br />
2 | 192.168.103.4 | 255.255.255.0<br />
3 | 192.168.103.2 | 255.255.255.0<br />
-----------------------------------------
110 Chapter 5 – IP<br />
See also IP LIST INTERFACES<br />
IP LIST INTERFACE SECONDARYIPADDRESS<br />
IP LIST ARPENTRIES<br />
Syntax IP LIST ARPENTRIES<br />
Description This command displays the ARP table, which lists the following information:<br />
• IP addresses and corresponding MAC addresses obtained by ARP.<br />
• IP interface on which the host is connected<br />
• Static status - `noʹ for dynamically generated ARP entries; `yesʹ for static entries<br />
added by the user.<br />
Example --> ip list arpentries<br />
IP ARP table entries:<br />
IP address | MAC address | Interface | Static<br />
-----------------|-------------------|--------------|--------<br />
10.10.10.10 | 00:20:2b:e0:03:87 | 3 | no<br />
-----------------|-------------------|--------------|--------<br />
20.20.20.20 | 00:20:2b:03:0a:72 | 2 | no<br />
-----------------|-------------------|--------------|--------<br />
30.30.30.30 | 00:20:2b:03:09:c4 | 1 | no<br />
-------------------------------------------------------------<br />
IP LIST CONNECTIONS<br />
Syntax IP LIST CONNECTIONS<br />
Description This command lists the active TCP/UDP connections in use by applications running<br />
on the device. It displays the following information:<br />
• Protocol type (TCP or UDP)<br />
• Local connection address and port number<br />
• Remote connection address and port number<br />
• Connection state for TCP connections<br />
This command does not show raw socket connections or UDP connections opened<br />
internally within the IP stack.<br />
Example The example below shows an active telnet connection, and the listen sockets of the<br />
WebServer, TFTP server and SNMP:<br />
--> ip list connections<br />
Local TCP/UDP connections:<br />
Proto | Local address | Remote address | State<br />
-------|------------------------|------------------------|------------<br />
tcp | 192.168.91.19:23 | 192.168.91.18:1080 | ESTABLISHED<br />
tcp | *:80 | *:* | LISTEN<br />
udp | *:69 | *:* |<br />
udp | *:161 | *:* |
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 111<br />
----------------------------------------------------------------------<br />
IP LIST INTERFACES<br />
Syntax IP LIST INTERFACES<br />
Description This command lists information about IP interfaces that were added using the ip add<br />
interface command. The following information is displayed:<br />
• interface ID numbers<br />
• interface names<br />
• IP addresses (if previously specified)<br />
• DHCP status<br />
• Whether a transport is attached to the interface, and if so, the name of the<br />
transport<br />
• Whether a virtual interface is attached to a real interface. The name of the<br />
attached virtual interface is displayed in the Transport column in square brackets,<br />
for example [ip2]<br />
Example --> ip list interfaces<br />
IP Interfaces:<br />
ID | Name | IP Address | DHCP | Transport<br />
-----|--------------|------------------|----------|---------------<br />
1 | ppp_device | 192.168.102.2 | disabled | pppoe1<br />
2 | ip0 | 192.168.1.1 | disabled | default<br />
------------------------------------------------------------------<br />
See also IP SHOW INTERFACE<br />
IP SET INTERFACE DHCP<br />
IP LIST RIPROUTES<br />
Syntax IP LIST RIPROUTES<br />
Description This command lists information about the routes that have been obtained from RIP.<br />
It displays the following information:<br />
• destination IP addresses<br />
• destination netmask<br />
• gateway address<br />
• cost - The number of hops counted as the cost of the route.<br />
• timeout - the number of seconds that this RIP route will remain in the routing<br />
table unless updated by RIP.<br />
• source interface - the name of the existing interface that this route uses<br />
Example --> ip list riproutes
112 Chapter 5 – IP<br />
IP RIP routes:<br />
Destination | Mask | Gateway | Cost | Time | Source<br />
---------------|---------------|-----------------|------|------|-------<br />
192.168.101.1 | 255.255.255.0 | 10.10.10.10 | 1 | 3000 | ip2<br />
-----------------------------------------------------------------------<br />
See also IP SET RIP HOSTROUTES<br />
IP SET INTERFACE RIP ACCEPT<br />
IP SET INTERFACE RIP SEND<br />
IP LIST ROUTES<br />
Syntax IP LIST ROUTES<br />
Description This command lists information about existing routes. It displays the following<br />
information:<br />
IP routes:<br />
• route ID numbers<br />
• route names<br />
• destination IP addresses (if previously specified)<br />
• destination netmask address (if previously specified)<br />
• Either the gateway address or the name of the destination interface (whichever is<br />
set)<br />
Example --> ip list routes<br />
ID | Name | Destination | Netmask | Gateway/Interface<br />
-----|----------|------------------|------------------|-----------------<br />
2 | route2 | 192.168.102.3 | 255.255.255.0 | ip1<br />
1 | route1 | 192.168.50.50 | 255.255.255.0 | 192.168.68.68<br />
-----------------------------------------------------------------------<br />
See also IP SHOW ROUTE<br />
IP PING<br />
Syntax IP PING <br />
Description This command pings a specified destination IP address.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
dest-ip<br />
The IP address of the destination machine<br />
that you want to ping, displayed in the IPv4<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 113<br />
format (192.168.102.3)<br />
Example --> ip ping 192.168.102.3<br />
ip: ping - reply received from 192.168.102.3<br />
If ping was unsuccessful, the following output is displayed:<br />
ip: ping - no reply received.<br />
IP SET INTERFACE DHCP<br />
Syntax IP SET INTERFACE {|} DHCP {ENABLED|DISABLED}<br />
Description This command specifies whether a named interface should obtain its configuration<br />
via DHCP.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
enabled<br />
disabled<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
The interface obtains its configuration<br />
information from DHCP client.<br />
The interface does not use DHCP client<br />
configuration information.<br />
N/A<br />
N/A<br />
disabled<br />
Example --> ip set interface ip2 dhcp enabled<br />
See also IP SET INTERFACE IPADDRESS<br />
IP SET INTERFACE MTU<br />
IP LIST INTERFACES<br />
For information on setting DHCP client configuration options, see DHCP Client CLI<br />
commands.<br />
IP SET INTERFACE IPADDRESS<br />
Syntax IP SET INTERFACE {|} IPADDRESS []<br />
Description This command sets the IP address for an existing IP interface.
114 Chapter 5 – IP<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option<br />
name<br />
number<br />
ip address<br />
netmask<br />
Description<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
The IP address of the interface displayed in<br />
the following IPv4 format (e.g.<br />
192.168.102.3)<br />
If the IP address is set to the special value<br />
0.0.0.0, the interface is marked as<br />
unconfigured. This value is used when the<br />
interface address is obtained automatically.<br />
For unnumbered interfaces, the IP address<br />
parameter is used to specify the router-id of<br />
the interface. The router-id should be the<br />
same as the IP address of one of the routerʹs<br />
numbered interfaces.<br />
The netmask of the interface displayed in<br />
the IPv4 format (e.g. 255.255.255.0)<br />
The special value 255.255.255.255 is used to<br />
indicate an unnumbered interface.<br />
An unnumbered interface is configured by<br />
setting the IP address to the interfaceʹs<br />
router-id value, and setting netmask to<br />
255.255.255.255.<br />
Default Value<br />
N/A<br />
N/A<br />
0.0.0.0<br />
If no netmask is<br />
supplied, the<br />
natural mask of<br />
the IP address is<br />
used.<br />
Example --> ip set interface ip4 ipaddress 192.168.102.3 255.255.255.0<br />
See also IP SET INTERFACE MTU<br />
IP SET INTERFACE DHCP<br />
IP LIST INTERFACES<br />
IP SET INTERFACE MTU<br />
Syntax IP SET INTERFACE {|} MTU <br />
Description This command sets the MTU (Maximum Transmission Unit) for an existing IP<br />
interface.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 115<br />
Option Description Default Value<br />
name<br />
number<br />
mtu<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
Maximum Transmission Unit: maximum<br />
packet size (in bytes) that an interface can<br />
handle. The MTU should be set to a value<br />
appropriate for the transport attached to the<br />
interface (typically from 576 to 1500 bytes).<br />
For example, Ethernet and most other<br />
transports support an MTU of 1500 bytes,<br />
whereas PPPoE supports an MTU of 1492<br />
bytes.<br />
N/A<br />
N/A<br />
1500<br />
Example --> ip set interface ip2 mtu 800<br />
See also IP SET INTERFACE IPADDRESS<br />
IP SET INTERFACE DHCP<br />
IP LIST INTERFACES<br />
IP SET INTERFACE NETMASK<br />
Syntax IP SET INTERFACE {|} netmask<br />
Description This command sets the netmask for an existing IP interface.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option<br />
name<br />
number<br />
Description<br />
A name that identifies an existing IP interface. To<br />
display interface names, use the IP LIST<br />
INTERFACES command<br />
A number that identifies an existing IP interface.<br />
To display interface numbers, use the IP LIST<br />
INTERFACES command. The number appears<br />
in the first column under the heading ID.<br />
Default Value<br />
N/A<br />
N/A
116 Chapter 5 – IP<br />
netmask<br />
The netmask of the interface displayed in the<br />
IPv4 format (e.g. 255.255.255.0)<br />
The special value 255.255.255.255 is used to<br />
indicate an unnumbered interface.<br />
An unnumbered interface is configured by<br />
setting the IP address to the interface’s router-id<br />
value, and setting netmask to 255.255.255.255.<br />
N/A<br />
Example --> ip set interface ip6 netmask 255.255.255.0<br />
See also IP SET INTERFACE IPADDRESS<br />
IP LIST INTERFACES<br />
IP SET INTERFACE RIP ACCEPT<br />
Syntax IP SET INTERFACE {|} RIP ACCEPT {NONE|V1|V2|ALL}<br />
Description This command specifies whether or not an existing interface accepts RIP messages.<br />
You can specify what version of RIP messages are accepted by the interface.<br />
When receiving RIP v1 messages, the IP stack tries to use the information it has<br />
available to determine the appropriate subnet mask for the addresses received.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option<br />
name<br />
number<br />
NONE<br />
V1<br />
V2<br />
ALL<br />
Description<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACE command. The<br />
number appears in the first column under<br />
the heading ID.<br />
The interface does not accept RIP messages.<br />
The interface only accepts RIP version 1<br />
messages (RFC1058).<br />
The interface only accepts RIP version 2<br />
messages (RFC1723).<br />
The interface accepts RIP version 1<br />
(RFC1058) and RIP version 2 (RFC1723)<br />
messages.<br />
Default Value<br />
N/A<br />
N/A<br />
none<br />
Example --> ip set interface ip3 rip accept none<br />
See also IP SET INTERFACE RIP SEND<br />
IP SET INTERFACE RIP MULTICAST
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 117<br />
IP SET RIP HOSTROUTES<br />
IP SET RIP POISON<br />
IP SHOW<br />
IP LIST INTERFACES<br />
IP SET INTERFACE RIP MULTICAST<br />
Syntax IP SET INTERFACE {|} RIP MULTICAST {ENABLED |<br />
DISABLED}<br />
Description This command allows you to enable/disable whether RIP version 2 messages are<br />
sent via multicast.<br />
RIP version 2 messages sent via multicast are only received by the hosts on the<br />
network that are configured to listen to the RIP v2 multicast address. If this<br />
command is disabled, RIP version 2 messages are sent via broadcast and are<br />
received by all the hosts on the network.<br />
You need to set RIP to send v2 messages using the IP SET INTERFACE RIP SEND<br />
command in order for the IP SET INTERFACE RIP MULTICAST ENABLED<br />
command to send version 2 messages via multicast.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
Allows RIP version 2 messages to be sent<br />
via multicast.<br />
Disables RIP version 2 messages being sent<br />
via multicast. Messages are sent via<br />
broadcast instead.<br />
N/A<br />
N/A<br />
disabled<br />
Example --> ip set interface ip1 rip multicast enabled<br />
See also IP LIST INTERFACES<br />
IP SET INTERFACE RIP SEND<br />
IP SET INTERFACE RIP SEND<br />
Syntax IP SET INTERFACE {|} RIP SEND {NONE|V1|V2|ALL}
118 Chapter 5 – IP<br />
Description This command specifies whether or not an existing interface can send RIP messages.<br />
You can specify which version of RIP messages will broadcast routing information<br />
on the interface. Routing information is broadcast every 30 seconds or when the RIP<br />
routing table is changed.<br />
<br />
RIP version 1 does not allow specification of subnet masks; a RIP version 1 route<br />
that appears to be to an individual host might in fact be to a subnet, and treating<br />
it as a route to the whole network may be the best way to make use of the<br />
information.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
NONE<br />
RIP SEND V1<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
The interface does not accept RIP messages.<br />
The interface only sends RIP version 1 messages<br />
(RFC1058)<br />
N/A<br />
N/A<br />
RIP SEND V2<br />
RIP SEND<br />
ALL<br />
The interface only sends RIP version 2 messages<br />
(RFC1723). If set, RIP version 2 is used on all<br />
non-loopback interfaces.<br />
The interface sends RIP version 1 (RFC1058) and<br />
RIP version 2 (RFC1723) messages.<br />
none<br />
Example<br />
--> ip set interface ip1 rip send v1<br />
See also IP SET INTERFACE RIP ACCEPT<br />
IP SET RIP HOSTROUTES<br />
IP SET RIP POISON<br />
IP SHOW<br />
IP LIST INTERFACES<br />
IP SET INTERFACE TCPMSSCLAMP<br />
Syntax IP SET INTERFACE TCPMSSCLAMP {ENABLED|DISABLED}<br />
Description This command enables/disables TCP MSS (Maximum Segment Size) Clamp<br />
functionality on an existing IP interface. When TCP MSS Clamp is enabled on an<br />
interface, all TCP traffic routed through that interface will be examined. If a TCP<br />
SYN (synchronize/start) segment is sent with a maximum segment size larger than
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 119<br />
the interface MTU (Maximum Transmission Unit), the MSS option will be rewritten<br />
in order to allow TCP traffic to pass through the interface without requiring<br />
fragmentation.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
TCP SYN segments routed through this<br />
interface will be examined and, if necessary,<br />
modified.<br />
The IP stack will not examine or modify<br />
TCP traffic routed through this interface.<br />
N/A<br />
disabled<br />
Example --> ip set interface ip2 tcpmssclamp enabled<br />
See also IP SET INTERFACE MTU<br />
IP SHOW<br />
IP SET RIP ADVERTISEDEFAULT<br />
Syntax IP SET RIP ADVERTISEDEFAULT {ENABLED | DISABLED}<br />
Description This command enables/disables the advertising of a default route via RIP. If you set<br />
this to enabled, then create a default route using the IP ADD DEFAULTROUTE<br />
commands, the route will also be added to those advertised by the RIP protocol.<br />
The cost associated with the route is the value set using the IP SET RIP<br />
DEFAULTROUTECOST command.<br />
You must enable default advertising before you create the default route.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLED<br />
DISABLED<br />
Enables RIP to advertise a default route<br />
with the cost metric set using the IP SET RIP<br />
DEFAULTROUTECOST command.<br />
Disables advertisement of a default route.<br />
disabled<br />
Example --> ip set rip advertisedefault enabled<br />
See also IP ADD DEFAULTROUTE GATEWAY
120 Chapter 5 – IP<br />
IP ADD DEFAULTROUTE INTERFACE<br />
IP SET RIP DEFAULTROUTECOST<br />
IP SET RIP AUTHENTICATION<br />
Syntax IP SET RIP AUTHENTICATION {ENABLED | DISABLED}<br />
Description This command enables/disables RIP v2 plain text authentication.<br />
If enabled, a plain text authentication string is placed in RIP v2 packets.<br />
RIP v2 packets will only be accepted if they contain an authentication entry with the<br />
correct password string.<br />
Packets with no authentication or the wrong password will be rejected.<br />
To set an authentication password, use the IP SET RIP PASSWORD command.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLED<br />
DISABLED<br />
Accepts RIP v2 packets that contain an<br />
authentication entry with the correct<br />
password string.<br />
Packets with no authentication or the wrong<br />
password are rejected.<br />
Rejects RIP v2 packets containing an<br />
authentication entry.<br />
disabled<br />
Example --> ip set rip authentication enabled<br />
See also IP SET RIP PASSWORD<br />
IP SHOW<br />
IP SET RIP DEFAULTROUTECOST<br />
Syntax IP SET RIP DEFAULTROUTECOST <br />
Description This command sets the number of hops counted as the cost of a default route<br />
advertised via RIP.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
cost<br />
The number of hops counted as the cost of<br />
the default route. The cost value can be any<br />
positive integer between 1 and 15.<br />
1
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 121<br />
Example --> ip set rip defaultroutecost 10<br />
See also IP ADD DEFAULTROUTE GATEWAY<br />
IP ADD DEFAULTROUTE INTERFACE<br />
IP SET RIP ADVERTISEDEFAULT<br />
IP SET RIP HOSTROUTES<br />
Syntax IP SET RIP HOSTROUTES {ENABLED | DISABLED}<br />
Description Specifies whether IP interfaces will accept RIP routes to specific routes.<br />
<br />
RIP version 1 does not allow specification of subnet masks; a RIP version 1 route<br />
that appears to be to an individual host might in fact be to a subnet, and treating<br />
it as a route to the whole network may be the best way to make use of the<br />
information.<br />
To display the current state of rip hostroutes, use the IP SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLED<br />
DISABLED<br />
Sets the hostroutes flag to on. The interface<br />
accepts RIP routes to specific hosts.<br />
Sets the hostroutes flag to off.<br />
RIP version 1 routes to individual hosts are<br />
treated as routes to the network containing<br />
the host.<br />
RIP version 2 routes to individual hosts are<br />
ignored.<br />
disabled<br />
Example --> ip set rip hostroutes enabled<br />
See also IP SET INTERFACE RIP ACCEPT<br />
IP SET INTERFACE RIP SEND<br />
IP SHOW<br />
IP SET RIP PASSWORD<br />
Syntax IP SET RIP PASSWORD <br />
Description This command sets an authentication string that is placed in RIP v2 packets if ip set<br />
rip authentication is enabled.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).
122 Chapter 5 – IP<br />
Option Description Default Value<br />
password<br />
An authentication password used by RIP v2<br />
packets if ip set rip authentication is<br />
enabled. The password is a string of 0 to 16<br />
characters.<br />
N/A<br />
Example --> ip set rip password vancouver<br />
See also IP SET RIP AUTHENTICATION<br />
IP SHOW<br />
IP SET RIP POISON<br />
Syntax IP SET RIP POISON {ENABLED | DISABLED}<br />
Description Enables or disables the poisoned reverse flag. If this flag is on, the AT-RG613, AT-<br />
RG623 and AT-RG656 performs poisoned reverse as defined in RFC 1058; see that<br />
RFC for discussion of the details.<br />
In short, though, the effect of Poison Reverse is to specifically advertise routes, with<br />
metric set to 16, if those routes are no longer accessible for some reason. Hosts<br />
receiving these advertisements will then mark these routes as unusable. This<br />
process results in a quicker updating of other hosts routing tables. The alternative is<br />
to simply not advertise the inaccessible routes, and let other hosts eventually age<br />
them out.<br />
To display the current state of the poisoned reverse flag, use the IP SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLED<br />
DISABLED<br />
Sets the poisoned reverse flag to on. The AT-<br />
RG613, AT-RG623 and AT-RG656 TCP/IP<br />
performs poisoned reverse as defined in<br />
RFC 1058.<br />
Sets the poisoned reverse flag to off.<br />
disabled<br />
Example --> ip set rip poison enabled<br />
See also IP SET INTERFACE RIP ACCEPT<br />
IP SET INTERFACE RIP SEND<br />
IP SET RIP HOSTROUTES<br />
IP SHOW<br />
IP SET ROUTE COST<br />
Syntax IP SET ROUTE {|} COST
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 123<br />
Description This command sets the number of hops counted as the cost of the route for a route<br />
previously created using the IP ADD ROUTE command.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
cost<br />
A name that identifies an existing route. To<br />
display route names, use the IP LIST<br />
ROUTES command.<br />
A number that identifies an existing route.<br />
To display route numbers, use the IP LIST<br />
ROUTES command. The number appears in<br />
the first column under the heading ID.<br />
The number of hops counted as the cost of<br />
the route. This may affect the choice of<br />
route when the route is competing with<br />
routes acquired from RIP. (Using a mixture<br />
of RIP and static routing is not advised).<br />
The cost value can be any positive integer.<br />
N/A<br />
N/A<br />
1<br />
Example --> ip set route route1 cost 3<br />
See also IP ADD ROUTE<br />
IP SET ROUTE DESTINATION<br />
IP SET ROUTE GATEWAY<br />
IP LIST ROUTES<br />
IP SET ROUTE DESTINATION<br />
Syntax IP SET ROUTE {|} DESTINATION <br />
Description This command sets the destination network address of a route previously created<br />
using the IP ADD ROUTE command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing route. To<br />
display route names, use the IP LIST<br />
ROUTES command.<br />
A number that identifies an existing route.<br />
To display route numbers, use the IP LIST<br />
ROUTES command. The number appears in<br />
the first column under the heading ID.<br />
N/A<br />
N/A<br />
dest-network The IP address of the destination network N/A
124 Chapter 5 – IP<br />
displayed in the IPv4 format (e.g.<br />
192.168.102.3)<br />
netmask<br />
The destination netmask displayed in the<br />
IPv4 format (e.g. 255.255.255.0)<br />
N/A<br />
Example<br />
--> ip set route route1 destination 192.168.103.3 255.255.255.0<br />
See also IP SET ROUTE GATEWAY<br />
IP SET ROUTE COST<br />
IP LIST ROUTES<br />
IP SET ROUTE GATEWAY<br />
Syntax IP SET ROUTE {|} GATEWAY <br />
Description This command sets the gateway address of a route previously created using the IP<br />
ADD ROUTE command.<br />
If you want the route to go directly to its destination and not via a gateway, specify<br />
0.0.0.0 as the gateway.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
gateway<br />
A name that identifies an existing route. To<br />
display route names, use the IP LIST<br />
ROUTES command.<br />
A number that identifies an existing route.<br />
To display route numbers, use the IP LIST<br />
ROUTES command. The numbers appear in<br />
the first column under the heading ID.<br />
The IP address of the gateway, which is the<br />
next device along the path to the destination<br />
network, displayed in the IPv4 format (e.g.<br />
192.168.102.3)<br />
If you added a route directly to an interface,<br />
the gateway address is set by default to<br />
0.0.0.0 so that no gateway is specified.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> ip set route route1 gateway 192.168.102.3<br />
See also IP ADD ROUTE<br />
IP SET ROUTE DESTINATION
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 125<br />
IP SET ROUTE COST<br />
IP LIST ROUTES<br />
IP SET ROUTE INTERFACE<br />
Syntax IP SET ROUTE {|} INTERFACE {|NONE}<br />
Description This command sets the interface used by a route previously created by the IP ADD<br />
ROUTE command. If you want the existing route to route to an address via a<br />
gateway device, use none so that no interface is set.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
interface<br />
NONE<br />
A name that identifies an existing route. To<br />
display route names, use the IP LIST<br />
ROUTES command.<br />
A number that identifies an existing route.<br />
To display route numbers, use the IP LIST<br />
ROUTES command. The number appears in<br />
the first column under the heading ID.<br />
The name of the existing interface that the<br />
ip routes through, displayed in the IPv4<br />
format (e.g. 192.168.102.3)<br />
To display interface names, use the IP LIST<br />
INTERFACES command.<br />
No interface is set. This is used for routes<br />
that route via a gateway device instead of<br />
an interface.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> ip set route r1 interface eth1<br />
See also IP LIST INTERFACES<br />
IP LIST ROUTES<br />
IP SHOW<br />
Syntax IP SHOW<br />
Description Shows current RIP configuration and any other information global to the router.<br />
Example --> ip show<br />
Global IP configuration:<br />
Host routes: true<br />
Poison reverse: false
126 Chapter 5 – IP<br />
See also IP SET RIP HOSTROUTES<br />
IP SET RIP POISON<br />
IP SHOW INTERFACE<br />
Syntax IP SHOW INTERFACE {|}<br />
Description This command displays the following information about a named interface:<br />
• IP address and netmask (if set)<br />
• MTU (Maximum Transmission Unit)<br />
• Status of DHCP and NAT<br />
• Status of TCP MSS Clamp<br />
• Status of RIP send and RIP accept<br />
• Status of RIP multicast<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
A number that identifies an existing IP<br />
interface. To display interface numbers, use<br />
the IP LIST INTERFACES command. The<br />
number appears in the first column under<br />
the heading ID.<br />
N/A<br />
N/A<br />
Example --> ip show interface ip2<br />
IP Interface: ip2<br />
IP address: 192.168.102.3<br />
Netmask: 255.255.255.0<br />
MTU: 1500<br />
DHCP: disabled<br />
TCP MSS Clamp: disabled<br />
Accept RIP V1: true<br />
Send RIP V1: false<br />
Accept RIP V2: true<br />
Send RIP V2: false<br />
Multicast RIP V2: disabled<br />
--> ip show interface ip3<br />
IP Interface: ip3 - virtual [ip2]<br />
IP address: 192.168.50.10<br />
Netmask: 255.255.255.0<br />
MTU: 1500<br />
DHCP: disabled
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 127<br />
TCP MSS Clamp: disabled<br />
Accept RIP V1: true<br />
Send RIP V1: false<br />
Accept RIP V2: true<br />
Send RIP V2: false<br />
Multicast RIP V2: disabled<br />
See also IP SHOW<br />
IP SHOW ROUTE<br />
IP LIST INTERFACES<br />
IP SHOW ROUTE<br />
Syntax IP SHOW ROUTE {|}<br />
Description This command displays the following information about a named route:<br />
• Destination IP address<br />
• Netmask<br />
• Gateway IP address (if applicable)<br />
• Cost: the number of hops counted as the cost of the route<br />
• Interface name (if applicable)<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existingroute. To<br />
display route names, use the IP LIST<br />
ROUTES command.<br />
A number that identifies an existing route.<br />
To display route numbers, use the IP LIST<br />
ROUTES command. The number appears in<br />
the first column under the heading ID.<br />
N/A<br />
N/A<br />
Example --> ip show route route3<br />
IP route: route3<br />
Destination: 192.168.102.3<br />
Netmask: 255.255.255.0<br />
Gateway: 192.168.108.3<br />
Cost: 1<br />
Interface:<br />
See also IP SHOW<br />
IP LIST ROUTES
128 Chapter 6 – Transports<br />
Chapter 6<br />
Transports<br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 residential Gateway to manage the Transport module.<br />
<br />
Throughout this section, the syntax is used to generically<br />
represent a transport module like PPPOE or Ethernet.<br />
This module allows you to clear, delete, list and display information about existing<br />
transports that were created using the add transport<br />
commands. To carry out more detailed configuration of transports, see the<br />
corresponding transport module chapter:<br />
• For PPPoE commands, see PPPoE CLI commands<br />
• For Ethernet commands, see Ethernet CLI commands
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 129<br />
Transports CLI commands<br />
The table below lists the Transports commands provided by the CLI:<br />
Command<br />
TRANSPORTS CLEAR<br />
TRANSPORTS DELETE<br />
TRANSPORTS LIST<br />
TRANSPORTS SHOW<br />
TRANSPORTS CLEAR<br />
Syntax TRANSPORTS CLEAR<br />
Description This command deletes all transports that were created using the <br />
ADD TRANSPORT command.<br />
Example --> transports clear<br />
See also TRANSPORTS DELETE<br />
TRANSPORTS DELETE<br />
Syntax TRANSPORTS DELETE {|}<br />
Description This command deletes a single transport that was created using the<br />
ADD TRANSPORT command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value for each option (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing transport.<br />
To display transport names, use the<br />
TRANSPORTS LIST command.<br />
A number that identifies an existing<br />
transport. To display transport numbers,<br />
use the TRANSPORTS LIST command.<br />
N/A<br />
N/A<br />
Example --> transports delete eth1<br />
See also TRANSPORTS CLEAR<br />
TRANSPORTS LIST
130 Chapter 6 – Transports<br />
TRANSPORTS LIST<br />
Syntax TRANSPORTS LIST<br />
Description This command lists all currently existing transports. It displays the following<br />
information about the transports:<br />
Services:<br />
• transport identification number<br />
• transport name<br />
• transport type (PPP or Ethernet)<br />
• Number of transmitted/received packets for each transport<br />
Example --> transports list<br />
ID | Name | Type<br />
-----|--------------|-----------------------------------------------------<br />
1 | default | Ethernet | TxPkts: 142/0 RxPkts: 10625/0<br />
2 | voip | Ethernet | TxPkts: 0/0 RxPkts: 0/0<br />
--------------------------------------------------------------------------<br />
See also TRANSPORTS SHOW<br />
TRANSPORTS SHOW<br />
Syntax TRANSPORTS SHOW {|}<br />
Description This command displays detailed information about an existing transport.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing transport.<br />
To display transport names, use the<br />
TRANSPORTS LIST command.<br />
A number that identifies an existing<br />
transport. To display transport numbers,<br />
use the TRANSPORTS LIST command.<br />
N/A<br />
N/A<br />
Example --> transports show default<br />
Ethernet Status<br />
Service<br />
Creator<br />
Description<br />
Ethernet<br />
Vlan<br />
: CLI<br />
: default<br />
: default
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 131<br />
If In Octets : 953676<br />
If Out Octets : 8962<br />
If In Errors : 0<br />
If Out Errors : 0<br />
Packets Sent : 142<br />
Good Packets Received : 10726<br />
Enabled<br />
: true<br />
Termination<br />
: Ip Interface: ip0<br />
Ether Channel<br />
Port<br />
: ethernet0<br />
See also TRANSPORTS LIST
132 Chapter 7 – Ethernet<br />
Chapter 7<br />
Ethernet<br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 residential Gateway to manage the Ethernet module<br />
Ethernet CLI commands<br />
The table below lists the Ethernet commands provided by the CLI.<br />
Command<br />
ETHERNET ADD TRANSPORT<br />
ETHERNET CLEAR TRANSPORTS<br />
ETHERNET DELETE TRANSPORT<br />
ETHERNET LIST PORTS<br />
ETHERNET LIST TRANSPORTS<br />
ETHERNET SHOW TRANSPORT<br />
ETHERNET ADD TRANSPORT<br />
Syntax ETHERNET ADD TRANSPORT <br />
Description This command adds a named ethernet transport that will manage traffic related<br />
only to the specified VLAN.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
vlanname<br />
A name that identifies an existing VLAN.<br />
See VLAN SHOW command to see the<br />
VLANs currently defined in the system.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 133<br />
Example --> ethernet add transport voip<br />
See also ETHERNET LIST TRANSPORTS<br />
ETHERNET LIST PORTS<br />
VLAN SHOW<br />
ETHERNET CLEAR TRANSPORTS<br />
Syntax ETHERNET CLEAR TRANSPORTS<br />
Description This command deletes all ethernet transports that were created using the<br />
ETHERNET ADD TRANSPORT command.<br />
<br />
Be very careful when using this command due to side effects.<br />
Removing all the transports result in detaching all the IP interfaces from the<br />
VLANs and therefore the unit can not longer be reached by any IP interface (i.e.<br />
via a telnet connection).<br />
Example --> ethernet clear transports<br />
See also ETHERNET DELETE TRANSPORT<br />
ETHERNET DELETE TRANSPORT<br />
Syntax ETHERNET DELETE TRANSPORT {|}<br />
<br />
Removing the transport named ʺdefaultʺ results in system failure. All the other<br />
IP interfaces will not be able to communicate externally.<br />
Description This command deletes a single ethernet transport.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing Ethernet<br />
transport. To display transport names, use<br />
the ETHERNET LIST TRANSPORTS<br />
command.<br />
A number that identifies an existing<br />
Ethernet transport. To display transport<br />
numbers, use the ETHERNET LIST<br />
TRANSPORTS command.<br />
N/A<br />
N/A<br />
Example --> ethernet delete transport eth1
134 Chapter 7 – Ethernet<br />
See also ETHERNET LIST TRANSPORTS<br />
ETHERNET LIST PORTS<br />
Syntax ETHERNET LIST PORTS<br />
Description This command lists the valid ports that can be used to transport ethernet data.<br />
Example --> ethernet list ports<br />
Valid port names:<br />
ethernet 0<br />
ethernet 1<br />
ETHERNET LIST TRANSPORTS<br />
Syntax ETHERNET LIST TRANSPORTS<br />
Description This command lists all ethernet transports that have been created using the<br />
ETHERNET ADD TRANSPORT command. It displays the transport identification<br />
number and name, and the name of the port that it uses to transport ethernet data.<br />
Example --> ethernet list transports<br />
Ethernet transports:<br />
ID | Name | Port<br />
-----|-----------|------------<br />
1 | default | ethernet0<br />
2 | voip | ethernet1<br />
------------------------------<br />
See also ETHERNET LIST PORTS<br />
ETHERNET SHOW TRANSPORT<br />
Syntax ETHERNET SHOW TRANSPORT {|}<br />
Description This command displays the name and port used by an existing Ethernet transport.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing Ethernet<br />
transport. To display transport names, use<br />
the ETHERNET LIST TRANSPORTS<br />
command.<br />
A number that identifies an existing<br />
Ethernet transport. To display transport<br />
numbers, use the ETHERNET LIST<br />
N/A<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 135<br />
TRANSPORTS command.<br />
Example --> ethernet show transport default<br />
Ethernet transport: default<br />
Description: Default<br />
Port: ethernet0<br />
See also ETHERNET LIST TRANSPORTS
136 Chapter 8 – Security & Firewall<br />
Chapter 8<br />
Security & Firewall<br />
Introduction<br />
This section describes the AT-RG613, AT-RG623 and AT-RG656 built-in security<br />
facilities, and how to configure and monitor them.<br />
The Internet is a network that allows access to vast amounts of information and<br />
potential customers. However, the Internet is not controlled and certain individuals<br />
use it destructively. These individuals attack other users’ computer systems for<br />
entertainment and/or profit.<br />
The security system is designed to allow safe access to the Internet by enforcing a set<br />
of access rules between the various interfaces of the product. To configure these<br />
rules at least two interfaces have to be defined — one interface is attached to the<br />
public network (e.g., the Internet), and the other interface is attached to an internal<br />
private network (intranet) that requires protection. The security prevents<br />
unrestricted access to the private network and protects the computer systems from<br />
attack.<br />
The security system provides a single link between the private network and the<br />
public network, it is also uniquely positioned to provide a single point where all<br />
traffic entering and leaving the private network can be logged and monitored. This<br />
information is useful for providing a security audit trail.<br />
Currently, two main security technologies are recognized that are briefly explained<br />
in the following.<br />
Application Gateway<br />
This is the traditional approach used to build a firewall, where every connection<br />
between two networks is made via an application program (called a proxy) specific<br />
for that protocol. A session from the private network is terminated by the proxy,<br />
which then creates another separate session to the end destination.<br />
Typically, a proxy is designed with a detailed knowledge of how the protocol works<br />
and what is allowed or not. This approach is very CPU intensive and very<br />
restrictive. Only protocols that have specific proxies configured are allowed through<br />
the security system; all other traffic is rejected. In practice most third-party proxies
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 137<br />
are transparent proxies, which pass all traffic between the two sessions without<br />
regard to the data.<br />
Stateful Inspection<br />
A more recent approach to security design uses a method called “stateful inspection”.<br />
Stateful inspection is also referred to as dynamic packet filtering or context-based access<br />
control (CBAC).<br />
In this technology, an inspection module understands data in packets from the<br />
network layer (IP headers) up to the application layer. The inspection module<br />
checks every packet passing through the security system and makes access decisions<br />
based on the source, destination and service requested. The term stateful refers to the<br />
security system’s ability to remember the status of a flow. For example, whether a<br />
packet from the public Internet is returning traffic for a flow originated from the<br />
private intranet. The TCP state of TCP flows is also monitored, allowing<br />
inappropriate traffic to be discarded. The benefit of this approach is that stateful<br />
inspection security systems are generally faster, less demanding on hardware, and<br />
more adaptive to new Internet applications.<br />
Security support on AT-RG6xx Residential Gateway<br />
series<br />
The Security module is the main module in the AT-RG613, AT-RG623 and AT-RG656<br />
Residential Gateway that acts as server to the other two security modules, Firewall<br />
and NAT, forming the Security System (see Figure 7).<br />
The Security module makes it possible to:<br />
• enable/disable all modules in the Security System (including the child modules;<br />
NAT and Firewall)<br />
• add IP interfaces to the Security System to create security interfaces that are used<br />
to configure the NAT and Firewall child modules.<br />
• configure TCP/UDP ports that can be opened dynamically to allow sessions<br />
required by certain applications.<br />
• enable/disable binary address replacement for sessions using dynamically opened<br />
ports<br />
The AT-RG613, AT-RG623 and AT-RG656 security system implementation has the<br />
following features:<br />
• Dynamic packet filtering (stateful inspection) technology.<br />
• Application of dynamic filtering to traffic flows, using the base rule that all access<br />
from the outside (i.e., public interfaces) is denied unless specifically permitted<br />
and all access from the inside (i.e., private interfaces) is allowed unless<br />
specifically denied.<br />
• The firewall will open only the required ports for the duration of a user session.<br />
• The firewall can be configured to limit internal access to the public network based<br />
on a policy setting.
138 Chapter 8 – Security & Firewall<br />
Security module<br />
Firewall module<br />
NAT<br />
module<br />
Figure 7. Security modules on AT-RG6xx Residential Gateway series.<br />
Security Interfaces<br />
On the AT-RG613, AT-RG623 and AT-RG656 it is possible to define three type of<br />
security interfaces interfaces : Internal, External and DMZ (see Figure 8)<br />
• An Internal interface is an IP interface that is attached to a network that needs to<br />
be protected from the network attached to the External interface. For example, an<br />
interface attached to a private LAN is an internal interface.<br />
• The External interface is an IP interface that is attached to a network, for example<br />
the Internet, containing hosts that may pose a security threat to hosts on the<br />
internal interfaces.<br />
• A DMZ (demilitarized zone) is an IP interface serving a small network that acts as<br />
a neutral zone between the inside network and the outside network. A DMZ is a<br />
portion of the local network that is almost completely open to the external<br />
network. There may be some restriction at external access to the DMZ, but much<br />
less than the restriction of access to the internal<br />
To define an existing IP interface as a security interface use the SECURITY ADD<br />
INTERFACE command.<br />
To show the security interfaces currently defined, use the SECURITY LIST<br />
INTERFACES command.<br />
<br />
Only one external security interface and one DMZ security interface can be<br />
defined.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 139<br />
External Network<br />
external interface<br />
DMZ Network<br />
DMZ interface<br />
internal interface<br />
Internal Network<br />
internal interface<br />
Internal Network<br />
internal interface<br />
Internal Network<br />
Figure 8. Security interfaces on AT-RG6xx Residential Gateway series.<br />
Dynamic Port Opening and Triggers<br />
Dynamic Port Opening is a companion feature to the filtering rules.<br />
The Dynamic port opening feature solves a typical security problem related to<br />
Internet applications that require secondary ports to be open in order for a session<br />
to operate.<br />
For example, an FTP control session operates on port 21, but FTP uses port 20 as a<br />
secondary port for the data transfer process. The more ports that are open, the<br />
greater the security risk. So, the “Dynamic Port Opening” service makes it possible<br />
to designate certain secondary ports that will only be opened when there is an active<br />
session on their associated primary port.<br />
AT-RG613, AT-RG623 and AT-RG656 use triggers to tell to the security mechanism<br />
to expect these secondary sessions and how to handle them. Rather than allowing a<br />
range of port numbers, triggers handle the situation dynamically, allowing the<br />
secondary sessions only when appropriate.<br />
The trigger mechanism works without having to understand the application<br />
protocol or reading the payload of the packet, (although the payload does need to be<br />
read when using NAT if address replacement has to be performed).<br />
Dynamic Port Opening makes use of triggers in the following way.<br />
The user configures the Residential Gateway with a list of primary port numbers for<br />
the applications that they want to handle using the SECURITY ADD TRIGGER<br />
command and uses the startport and endport fields to specify the range of primary<br />
port number(s).<br />
The Primary port number refers to the TCP/UDP port number to which the primary<br />
(starting) session of the application is established.<br />
Every time the router detects that an outgoing session has been established to one of<br />
these primary port numbers, it creates an entry in a table of currently open primary
140 Chapter 8 – Security & Firewall<br />
sessions. The table entry contains the IP addresses of the devices at each end of the<br />
session.<br />
Subsequently, if an incoming session-establishment packet arrives at the router, the<br />
source and destination addresses of the packet are compared against the entries in<br />
the table of currently open primary sessions.<br />
If there are no matches, the packet is discarded. If there are one or more matches,<br />
then the router carries out a port-probing process.<br />
In the port-probing process, the router runs through the list of matching sessions.<br />
For each session, it sends a packet to the private IP address in the table entry. The<br />
destination port number in this packet is the destination port number in the<br />
incoming packet.<br />
In the case of TCP, the probe packet is a TCP SYN packet. In the case of UDP, the<br />
packet is just a small UDP packet.<br />
Depending on the response that the router gets back from the probe packet, it can<br />
work out whether the local host was expecting to receive an incoming session to that<br />
port number.<br />
If the port probing process does find a local host that was expecting the incoming<br />
session, then the session is established. If a local host is not found, then the packet is<br />
discarded.<br />
This mechanism enables the router to allow in only those incoming secondary<br />
sessions that should be allowed in, and can reject malicious attempts to establish<br />
incoming sessions.<br />
Although FTP is given as an example of a protocol that requires dynamic port<br />
opening, because FTP is such a very common application, the dynamic port opening<br />
for FTP is enabled in the software by default, and does not have to be configured by<br />
the user.<br />
Non-Activity Timeout<br />
The dynamic port opening process opens secondary ports, as described above.<br />
Typically, it will detect when a session using a secondary port is being closed (ie an<br />
exchange of FIN, FIN/ACK packets) and stop passing packets for that session.<br />
However, UDP sessions do not have a specific close-down process. Also, TCP<br />
sessions might be terminated without a proper close-down (for example, the host at<br />
one end of the session might be simply turned off). So, there needs to be a criterion<br />
for deciding when to remove a session in these cases. The method that the router<br />
uses is for the user to configure an inactivity time. If there has been no activity (no<br />
exchange of packets) on the secondary session for the specified period of time, the<br />
session is closed (ie the router will no longer forward any packets for that session).<br />
Session Chaining<br />
There are some applications (Netmeeting is the most well-known of these) in which<br />
the secondary sessions may, themselves, spawn their own secondary sessions. This<br />
process is known as session chaining.<br />
If a dynamic port opening definition is being configured for such an application,<br />
then the user needs to configure this definition to have session chaining on.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 141<br />
In this case, when secondary sessions are successfully established, the<br />
source/destination addresses of the session will also be added to the table of<br />
currently open primary sessions.<br />
To set a trigger for a session chaining that will enable chaining of TCP sessions, use<br />
the SECURITY SET TRIGGER SESSIONCHAINING command.<br />
To set a trigger for a session chaining that will enable chaining of UDP sessions, use<br />
the SECURITY SET TRIGGER UDPSESSIONCHAINING command.<br />
<br />
TCP session chaining must be always enabled if UDP session chaining is to be<br />
used. Itʹs not possible define a UDP session chaining without previously<br />
enabling TCP session chaining.<br />
Disabling TCP session chaining also automatically disables UDP session<br />
chaining.<br />
Firewall<br />
The AT-RG613, AT-RG623 and AT-RG656 security system implements a stateful<br />
Firewall providing high security by blocking certain incoming traffic based on<br />
stateful information.<br />
Each time outbound packets are sent from an internal host to an external host, the<br />
following information is logged by the Firewall:<br />
• port number<br />
• sequencing information<br />
• additional flags for each connection associated with that particular internal host<br />
All inbound packets are compared against this logged information and only allowed<br />
through the Firewall if it can be determined that they are part of an existing<br />
connection. This makes it very difficult for hackers to break through the stateful<br />
Firewall, because they would need to know addresses, port numbers, sequencing<br />
information and individual connection flags for an existing session to an internal<br />
host.<br />
Firewall behaviour is managed by the firewall module. The firewall module offers<br />
the ablitiy to:<br />
• control what kind of Firewall activity is logged<br />
• protect the internal network using stateful firewall functionality<br />
• create policies<br />
• add validators to policies<br />
• add portfilters to to policies<br />
• enable/disable and configure Intrusion Detection Settings (IDS)<br />
In order to access firewall features, the firewall module must be enabled using the<br />
firewall enable command.<br />
Figure 9 shows the entities involved in the firewall module and their relationships.
142 Chapter 8 – Security & Firewall<br />
Policy<br />
A policy is a relationship between two security interfaces where it is possible to<br />
assign portfilter and validator rules between them.<br />
There are three different security interface combinations that Firewall policies can be<br />
created between:<br />
• the external interface and the internal interface<br />
• the external interface and the DMZ interface<br />
• the DMZ interface and the internal interface<br />
To add a policy between one of the three above interface combinations use the<br />
FIREWALL ADD POLICY command.<br />
Portifilter<br />
A portfilter is a rule that determines how the Firewall should handle packets being<br />
transported between two security interfaces that are defined in an existing policy.<br />
The rules define:<br />
• what protocol type is allowed (specified using the protocol number or the<br />
protocol name)<br />
• the range of source and destination port numbers allowed<br />
• the direction that packets are allowed to travel in (inbound, outbound, neither or<br />
both)<br />
To add a portfilter to an existing policy use the FIREWALL ADD PORTFILTER<br />
command.<br />
More than one portfilter object can be added to the same policy.<br />
Validator<br />
A validator is a rule that determines how the Firewall handles packets based on the<br />
source or destination IP address. The policy that the validator belongs to determines<br />
whether packets to/from the specified IP address are allowed or blocked<br />
To add a validator to an existing policy use the FIREWALL ADD VALIDATOR<br />
command.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 143<br />
Firewall<br />
IDS<br />
policies<br />
li t<br />
policy<br />
#1<br />
policy<br />
#2<br />
refers to an interface combination<br />
(e.g. external-internal)<br />
policy<br />
#<br />
portfilters<br />
li t<br />
portfilter<br />
#1<br />
portfilter<br />
#2<br />
could refer to ports and traffic<br />
direction Source/Destination<br />
could refer to transport protocol<br />
and traffic direction<br />
portfilter<br />
#<br />
could refer to application and<br />
traffic direction protocol<br />
validators<br />
li t<br />
validator<br />
#1<br />
validator<br />
#2<br />
refers to Source/Destination ,IP<br />
address and traffic direction<br />
validator<br />
#<br />
Figure 9. Firewall module and related objects.<br />
Intrusion Detection<br />
Intrusion Detection is a feature that looks for traffic patterns that correspond to<br />
certain known types of attack from suspicious hosts that attempt to damage the<br />
network or to prevent legitimate users from using it.<br />
The Intrusion Detection protects the system from the following kinds of attacks:<br />
• DOS (Denial of Service) attacks - a DOS attack is an attempt by an attacker to<br />
prevent legitimate hosts from accessing a service.<br />
• Port Scanning - an attacker scans a system in an attempt to identify any open<br />
ports.<br />
• Web Spoofing - an attacker creates a ʹshadowʹ of the World Wide Web on their<br />
own machine, however a legitimate host sees this as the ʹrealʹ WWW. The attacker<br />
uses the shadow WWW to monitor the hostʹs activities and send false data to and<br />
from the hostʹs machine.
144 Chapter 8 – Security & Firewall<br />
Intrusion Detection works differently for each type of attack:<br />
• For DOS (Denial of Service) attacks, itʹs possible to set three maximum parameter<br />
levels:<br />
• the maximum number of ICMP packets allowed before a flood is detected<br />
(using FIREWALL SET IDS MAXICMP command)<br />
• the maximum number of pings allowed before an Echo Storm is detected<br />
(using FIREWALL SET IDS MAXPING command)<br />
• the maximum number of unfinished TCP handshakes allowed before a<br />
flood is detected (using FIREWALL SET IDS<br />
MAXTCPOPENHANDSHAKE command)<br />
Once a maximum level is reached, an intrusion attempt is detected and the attacker<br />
is blocked by the Firewall for the time limit specified by the FIREWALL SET IDS<br />
DOSATTACKBLOCK command (default is 30 minutes).<br />
• For Port Scan attacks, once an attacker scanning your systemʹs ports has been<br />
identified, they are blocked by the Firewall for the time limit specified in the<br />
FIREWALL SET IDS SCANATTACKBLOCK command.<br />
• For Web Spoofing attacks, packets destined for the victim of a spoofing attack are<br />
blocked by the Firewall for the time limit specified in the FIREWALL SET IDS<br />
VICTIMPROTECTION command.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 145<br />
Security Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the Security<br />
module.<br />
Security CLI commands<br />
The table below lists the security commands provided by the CLI.<br />
Command<br />
SECURITY ADD INTERFACE<br />
SECURITY ADD TRIGGER TCP|UDP<br />
SECURITY ADD TRIGGER NETMEETING<br />
SECURITY CLEAR INTERFACES<br />
SECURITY CLEAR TRIGGERS<br />
SECURITY DELETE INTERFACE<br />
SECURITY DELETE TRIGGER<br />
SECURITY<br />
SECURITY LIST INTERFACES<br />
SECURITY LIST TRIGGERS<br />
SECURITY SET TRIGGER UDPSESSIONCHAINING<br />
SECURITY SET TRIGGER ADDRESSREPLACEMENT<br />
SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT<br />
SECURITY SET TRIGGER ENDPORT<br />
SECURITY SET TRIGGER MAXACTINTERVAL<br />
SECURITY SET TRIGGER MULTIHOST<br />
SECURITY SET TRIGGER SESSIONCHAINING<br />
SECURITY SET TRIGGER STARTPORT<br />
SECURITY SHOW INTERFACE<br />
SECURITY SHOW TRIGGER<br />
SECURITY STATUS<br />
SECURITY ADD INTERFACE<br />
Syntax SECURITY ADD INTERFACE {EXTERNAL|INTERNAL|DMZ}<br />
Description This command adds an existing IP interface to the Security package to create a
146 Chapter 8 – Security & Firewall<br />
security interface, and specifies what type of interface it is depending on how it<br />
connects to the network.<br />
Once security interfaces have been added, they can be used in the NAT and/or<br />
Firewall configurations.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
EXTERNAL<br />
INTERNAL<br />
DMZ<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
An interface that connects to the external<br />
network.<br />
An interface that connects to the internal<br />
network<br />
An interface that connects to the demilitarized<br />
zone (DMZ)<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> security add interface ip1 internal<br />
See also IP LIST INTERFACES<br />
FIREWALL CLI COMMANDS<br />
NAT CLI COMMANDS<br />
SECURITY ADD TRIGGER TCP|UDP<br />
Syntax SECURITY ADD TRIGGER {TCP|UDP} <br />
Description This command adds a trigger to the Security module.<br />
A trigger allows an application to open a secondary port in order to transport<br />
packets.<br />
Some applications, such as FTP, need to open secondary ports - they have a control<br />
session port (21 for FTP) but also need to use a second port in order to transport<br />
data. Adding a trigger means that you do not have to define static portfilters to open<br />
ports for each secondary session. If you did this, the ports would remain open for<br />
potential use (or misuse, see the command FIREWALL SET IDS<br />
SCANATTACKBLOCK) until the portfilters were deleted. A trigger opens a<br />
secondary port dynamically, and allows you to specify the length of time that it can<br />
remain inactive before it is closed.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name An arbitrary name that identifies the N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 147<br />
trigger. It can be made up of one or more<br />
letters or a combination of letters and digits,<br />
but it cannot start with a digit.<br />
TCP<br />
UDP<br />
startport<br />
endport<br />
maxactinterval<br />
Adds a trigger for a TCP application to the<br />
security package.<br />
Adds a trigger for a UDP application to the<br />
security package.<br />
Sets the start of the trigger port range for<br />
the control session.<br />
Sets the end of the trigger port range for the<br />
control session.<br />
Sets the maximum interval time (in<br />
milliseconds) between the use of secondary<br />
port sessions. If a secondary port opened by<br />
a trigger has not been used for the specified<br />
time, it is closed.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
3000<br />
Example The following example creates an FTP (File Transfer Protocol) trigger:<br />
--> security add trigger t1 tcp 21 21 3000<br />
See also SECURITY LIST TRIGGERS<br />
SECURITY ADD TRIGGER NETMEETING<br />
Syntax SECURITY ADD TRIGGER NETMEETING<br />
Description This command allows you to add a trigger to allow Netmeeting to transport data<br />
through the security package.<br />
This application opens a secondary port session. You do not have to set the port<br />
range or maxactinterval for a Netmeeting trigger - the CLI automatically sets this for<br />
you.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
An arbitrary name that identifies the<br />
trigger. It can be made up of one or more<br />
letters or a combination of letters and digits,<br />
but it cannot start with a digit.<br />
N/A<br />
Example --> security add trigger t2 netmeeting<br />
See also SECURITY LIST TRIGGERS<br />
SECURITY ADD TRIGGER TCP|UDP
148 Chapter 8 – Security & Firewall<br />
SECURITY CLEAR INTERFACES<br />
Syntax SECURITY CLEAR INTERFACES<br />
Description This command removes all security interfaces that were added to the Security<br />
package using the SECURITY ADD INTERFACE command.<br />
Example --> security clear interfaces<br />
See also SECURITY DELETE INTERFACE<br />
SECURITY CLEAR TRIGGERS<br />
Syntax SECURITY CLEAR TRIGGERS<br />
Description This command deletes all triggers that were added to the Security module using the<br />
SECURITY ADD TRIGGER commands.<br />
Example --> security clear triggers<br />
See also SECURITY DELETE TRIGGER<br />
SECURITY DELETE INTERFACE<br />
Syntax SECURITY DELETE INTERFACE <br />
Description This command removes a single security interface that was added to the Security<br />
package using the SECURITY ADD INTERFACE command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing security<br />
interface. To display interface names, use<br />
the SECURITY LIST INTERFACES<br />
command.<br />
N/A<br />
Example --> security delete interface f1<br />
See also SECURITY CLEAR INTERFACES<br />
SECURITY LIST INTERFACES<br />
SECURITY DELETE TRIGGER<br />
Syntax SECURITY DELETE TRIGGER <br />
Description This command deletes a single trigger that was added to the Security module using
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 149<br />
the SECURITY ADD TRIGGER commands.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGER command.<br />
N/A<br />
Example --> security delete trigger t2<br />
See also SECURITY LIST TRIGGERS<br />
SECURITY CLEAR TRIGGERS<br />
SECURITY<br />
Syntax SECURITY {ENABLE | DISABLE}<br />
Description This command explicitly enables/disables all modules in the Security package<br />
(including the child modules; NAT and Firewall).<br />
<br />
<br />
You must enable the Security package if you want to use the NAT and/or<br />
Firewall modules to configure security for your system.<br />
If you disable the Security package during a session, any configuration changes<br />
made to the Security, NAT or Firewall modules when the package was enabled<br />
remain in the system, so that you can re-enable them later in the session. If you<br />
need to reboot the Residential Gateway but want to save the security<br />
configuration between sessions, use the system config save command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLED<br />
DISABLED<br />
Enables all modules in the Security package<br />
(Security, NAT and Firewall modules).<br />
Disables all modules in the Security<br />
package (Security, NAT and Firewall<br />
modules).<br />
disabled<br />
Example --> security enable<br />
See also FIREWALL SET SECURITYLEVEL
150 Chapter 8 – Security & Firewall<br />
SECURITY LIST INTERFACES<br />
Syntax SECURITY LIST INTERFACES<br />
Description This command lists the following information about security interfaces that were<br />
added to the Security package using the SECURITY ADD INTERFACE command:<br />
• Interface ID number<br />
• Interface name<br />
• Interface type (external, internal or DMZ)<br />
Example --> security list interfaces<br />
Security Interfaces:<br />
ID | Name | Type<br />
-----|----------|----------<br />
1 | i1 | internal<br />
2 | i2 | external<br />
3 | i3 | dmz<br />
---------------------------<br />
See also SECURITY SHOW INTERFACE<br />
SECURITY LIST TRIGGERS<br />
Syntax SECURITY LIST TRIGGERS<br />
Description This command lists triggers that were added to the Security module using the<br />
SECURITY ADD TRIGGER command. It displays the following information about<br />
triggers:<br />
• Trigger ID number<br />
• Trigger name<br />
• Trigger transport type (TCP or UDP)<br />
• Port range<br />
• Interval<br />
Example --> security list triggers<br />
Security Triggers:<br />
ID | Name | Type | Port Range | Interval<br />
---------------------------------------------<br />
1 | tr1 | tcp | 21 - 21 | 3000<br />
2 | tr2 | tcp | 1720 - 1720 | 3000<br />
---------------------------------------------<br />
See also SECURITY SHOW TRIGGER<br />
SECURITY SET TRIGGER UDPSESSIONCHAINING<br />
Syntax SECURITY SET TRIGGER UDPSESSIONCHAINING {ENABLE | DISABLE}
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 151<br />
Description This command determines whether or not a UDP dynamic session can become also<br />
a triggering session.<br />
If UDP session chaining is enabled, both UDP and TCP dynamic sessions also<br />
become triggering sessions, which allows multi-level session triggering.<br />
<br />
<br />
UDP session chaining can be enabled only if a TCP session chaining is already<br />
enabled on the same trigger using the security set trigger sessionchaining<br />
command.<br />
This CLI command is case-sensitive. The command must be typed exactly as<br />
they appear in the syntax section on this page otherwise a syntax error message<br />
is returned.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGERS command.<br />
Enables UDP sessionchaining on an existing<br />
trigger. TCP and UDP session chaining is<br />
allowed if the SECURITY SET TRIGGER<br />
SESSIONCHAINING command is enabled.<br />
Disables UDP session chaining on an<br />
existing trigger. TCP session chaining is<br />
allowed if the SECURITY SET TRIGGER<br />
SESSIONCHAINING command is enabled.<br />
N/A<br />
disabled<br />
Example --> security set trigger t3 UDPsessionchaining enable<br />
See also SECURITY SET TRIGGER SESSIONCHAINING<br />
SECURITY SET TRIGGER ADDRESSREPLACEMENT<br />
Syntax SECURITY SET TRIGGER ADDRESSREPLACEMENT<br />
{NONE|TCP|UDP|BOTH}<br />
Description The settings in this command are only effective if you enable address translation<br />
using the command SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT.<br />
This command allows you to specify what type of address replacement is set on an<br />
trigger. Incoming and outgoing packets are searched in order to find any IP<br />
addresses embedded in the payload. Any IP addresses that are found are then<br />
compared with the public and private addresses being used by NAT. If the<br />
addresses that have been found would have been translated by NAT (had they been
152 Chapter 8 – Security & Firewall<br />
in the packet header), then they are translated and the original addresses in the<br />
payload are replaced by the translated addresses.<br />
You can specify whether you want to carry out address replacement on TCP<br />
packets, on UDP packets or on both TCP and UDP packets.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
NONE<br />
TCP<br />
UDP<br />
BOTH<br />
A name that identifies an trigger. To display<br />
trigger names, use the SECURITY LIST<br />
TRIGGERS command.<br />
Disables address replacement.<br />
Sets address replacement on TCP packets<br />
for an existing trigger.<br />
Sets address replacement on UDP packets<br />
for an existing trigger.<br />
Sets address replacement on TCP and UDP<br />
packets for an existing trigger.<br />
N/A<br />
none<br />
Example --> security set trigger t2 addressreplacement tcp<br />
See also SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT<br />
SECURITY SET TRIGGER<br />
BINARYADDRESSREPLACEMENT<br />
Syntax SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT {ENABLE |<br />
DISABLE}<br />
Description This command enables/disables binary address replacement on an existing trigger.<br />
You can then set the type of address replacement (TCP, UDP, both or none) using<br />
the command SECURITY SET TRIGGER ADDRESSREPLACEMENT.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGERS command.<br />
Enables the use of binary address<br />
replacement on an existing trigger.<br />
Disables the use of binary address<br />
replacement on an existing trigger.<br />
N/A<br />
disabled
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 153<br />
Example --> security set trigger t5 binaryaddressreplacement enable<br />
See also SECURITY SET TRIGGER ADDRESSREPLACEMENT<br />
SECURITY LIST TRIGGERS<br />
SECURITY SET TRIGGER ENDPORT<br />
Syntax SECURITY SET TRIGGER ENDPORT <br />
Description This command sets the end of the port number range for an existing trigger.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGERS command.<br />
N/A<br />
portnumber Sets the end of the trigger port range. N/A<br />
Example --> security set trigger t3 endport 21<br />
See also SECURITY SET TRIGGER STARTPORT<br />
SECURITY SET TRIGGER MAXACTINTERVAL<br />
Syntax SECURITY SET TRIGGER MAXACTINTERVAL <br />
Description This command sets the maximum activity interval limit on existing session entries<br />
for an existing trigger.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
interval<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGERS command.<br />
Sets the maximum interval time (in<br />
milliseconds) between the use of secondary<br />
port sessions. If a secondary port opened by<br />
a trigger has not been used for the specified<br />
time, it is closed.<br />
N/A<br />
N/A<br />
Example --> security set trigger t2 maxactinterval 5000<br />
See also SECURITY LIST TRIGGERS
154 Chapter 8 – Security & Firewall<br />
SECURITY SET TRIGGER MULTIHOST<br />
Syntax SECURITY SET TRIGGER MULTIHOST {ENABLE | DISABLE}<br />
Description This command sets whether or not a secondary session can be initiated to/from<br />
different remote hosts or the same remote host on an existing trigger.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGERS command.<br />
A secondary session can be initiated to/from<br />
different remote hosts.<br />
A secondary session can only be initiated<br />
to/from the same remote host.<br />
N/A<br />
disabled<br />
Example --> security set trigger t1 multihost enable<br />
See also SECURITY LIST TRIGGERS<br />
SECURITY SET TRIGGER SESSIONCHAINING<br />
Syntax SECURITY SET TRIGGER SESSIONCHAINING {ENABLE | DISABLE}<br />
Description This command determines whether or not triggering sessions can be chained. If<br />
session chaining is enabled, TCP dynamic sessions also become triggering sessions,<br />
which allows multi-level session triggering.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGERS command.<br />
Enables TCP sessionchaining on an existing<br />
trigger.<br />
Disables all session chaining (TCP and<br />
UDP) on an existing trigger.<br />
N/A<br />
disabled<br />
Example --> security set trigger t4 sessionchaining enable<br />
See also SECURITY SET TRIGGER UDPSESSIONCHAINING
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 155<br />
SECURITY SET TRIGGER STARTPORT<br />
Syntax SECURITY POLICY SET TRIGGER STARTPORT <br />
Description This command sets the start of the port number range for an existing trigger.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGERS command.<br />
N/A<br />
portnumber Sets the start of the trigger port range. N/A<br />
Example --> security set trigger t3 startport 21<br />
See also SECURITY SET TRIGGER ENDPORT<br />
SECURITY SHOW INTERFACE<br />
Syntax SECURITY SHOW INTERFACE <br />
Description This command displays information about a single interface that was added to the<br />
Security package using the SECURITY ADD INTERFACE command. The following<br />
interface information is displayed:<br />
• Interface name<br />
• Interface type (external, internal or DMZ)<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGERS command.<br />
N/A<br />
Example --> security show interface f2<br />
Interface name: f2<br />
Interface type: internal<br />
See also SECURITY LIST INTERFACES<br />
SECURITY SHOW TRIGGER<br />
Syntax SECURITY SHOW TRIGGER
156 Chapter 8 – Security & Firewall<br />
Description This command displays information about a single trigger that was added to the<br />
Security module using the SECURITY ADD TRIGGER command. The following<br />
trigger information is displayed:<br />
• Trigger name<br />
• Transport type (TCP or UDP)<br />
• Start of the port range<br />
• End of the port range<br />
• Multiple host permission (true/false)<br />
• Maximum activity interval (in milliseconds)<br />
• Session chaining permission (true/false)<br />
• Session chaining on UDP permission (true/false)<br />
• Binary address replacement permission (true/false)<br />
• Address translation type (UDP, TCP, none or both)<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing trigger.<br />
To display trigger names, use the<br />
SECURITY LIST TRIGGERS command.<br />
N/A<br />
Example --> security show trigger t2<br />
Security Trigger: t2<br />
See also SECURITY LIST TRIGGERS<br />
Transport Type: tcp<br />
Starting port number: 1000<br />
Ending port number: 1000<br />
Allow multiple hosts: false<br />
Max activity interval: 30000<br />
Session chaining: false<br />
Session chaining on UDP: false<br />
Binary address replacement: false<br />
Address translation type: none<br />
SECURITY STATUS<br />
Syntax SECURITY STATUS<br />
Description This command displays the following information about the Security package:<br />
• Security status (enabled or disabled)<br />
• Firewall status (enabled or disabled)<br />
• Firewall security level setting (none, high, low, or medium)
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 157<br />
• Firewall session logging (enabled or disabled)<br />
• Firewall blocking logging (enabled or disabled)<br />
• Firewall intrusion logging (enabled or disabled)<br />
• NAT status (enabled or disabled)<br />
Example --> security status<br />
Security enabled.<br />
Firewall disabled.<br />
Firewall security level: none.<br />
Firewall session logging enabled.<br />
Firewall blocking logging enabled.<br />
Firewall intrusion logging disabled.<br />
NAT enabled<br />
See also SECURITY<br />
FIREWALL SET SECURITYLEVEL
158 Chapter 8 – Security & Firewall<br />
Firewall Command <strong>Reference</strong><br />
This section describes the commands available on AT-RG613, AT-RG623 and AT-<br />
RG656 Residential Gateway to enable, configure and manage the Firewall module.<br />
Firewall CLI commands<br />
The table below lists the firewall commands provided by the CLI:<br />
Command<br />
FIREWALL ADD POLICY<br />
FIREWALL ADD PORTFILTER<br />
FIREWALL ADD VALIDATOR<br />
FIREWALL CLEAR POLICIES<br />
FIREWALL CLEAR PORTFILTERS<br />
FIREWALL DELETE POLICY<br />
FIREWALL DELETE PORTFILTER<br />
FIREWALL DELETE VALIDATOR<br />
FIREWALL ENABLE|DISABLE<br />
FIREWALL ENABLE|DISABLE IDS<br />
FIREWALL ENABLE|DISABLE BLOCKINGLOG<br />
FIREWALL ENABLE|DISABLE INTRUSIONLOG<br />
FIREWALL ENABLE|DISABLE SESSIONLOG<br />
FIREWALL LIST POLICIES<br />
FIREWALL LIST PORTFILTERS<br />
FIREWALL LIST PROTOCOLS<br />
FIREWALL LIST VALIDATORS<br />
FIREWALL SET IDS DOSATTACKBLOCK<br />
FIREWALL SET IDS MAXICMP<br />
FIREWALL SET IDS MAXPING<br />
FIREWALL SET IDS MAXTCPOPENHANDSHAKE<br />
FIREWALL SET IDS SCANATTACKBLOCK<br />
FIREWALL SET IDS BLACKLIST<br />
FIREWALL SET IDS VICTIMPROTECTION<br />
FIREWALL SET SECURITYLEVEL<br />
FIREWALL SHOW IDS
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 159<br />
FIREWALL SHOW POLICY<br />
FIREWALL SHOW PORTFILTER<br />
FIREWALL SHOW VALIDATOR<br />
FIREWALL STATUS<br />
FIREWALL ADD POLICY<br />
Syntax FIREWALL ADD POLICY {EXTERNAL-INTERNAL|EXTERNAL-DMZ|DMZ-<br />
INTERNAL} [ALLOWONLY-VAL]|[BLOCKONLY-VAL]<br />
Description This command creates a policy between two interface types. There are three types of<br />
policy that you can add to the firewall:<br />
• a policy between the external interface and the internal interface<br />
• a policy between the external interface and the DMZ interface<br />
• a policy between the DMZ interface and the internal interface<br />
A policy is the collective term for the rules that apply to incoming and outgoing<br />
traffic between two interface types. Once a policy is created using the FIREWALL<br />
ADD POLICY command, itʹs possible to create rules for the policy using the<br />
FIREWALL ADD PORTFILTER command.<br />
The FIREWALL ADD VALIDATOR command allows you to block/allow traffic<br />
based on the source and/or destination IP addresses and masks.<br />
The FIREWALL ADD POLICY command controls whether traffic is<br />
blocked/allowed for all of the validators that belong to a policy. There are two<br />
options:<br />
• allow only traffic to and/or from the IP address(es) set in the FIREWALL ADD<br />
VALIDATOR command. All other traffic is blocked by the Firewall.<br />
• block only traffic to and/or from the IP address(es) set in the FIREWALL ADD<br />
VALIDATOR command. All other traffic is allowed through the Firewall.<br />
Itʹs possible to set a Firewall security level that contains default policies using the<br />
FIREWALL SET SECURITYLEVEL command. Then, itʹs possible to customize the<br />
Firewall by adding specific portfilters and validators.<br />
<br />
If the allowonly-val or blockonly-val option is not specified, the blockonly-val option<br />
is considered as the default option value.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
An arbitrary name that identifies the policy.<br />
It can be made up of one or more letters or a<br />
combination of letters and digits, but it<br />
N/A
160 Chapter 8 – Security & Firewall<br />
cannot start with a digit.<br />
EXTERNAL-<br />
INTERNAL<br />
EXTERNAL-<br />
DMZ<br />
DMZ-<br />
INTERNAL<br />
ALLOWONLY-<br />
VAL<br />
BLOCKONLY-<br />
VAL<br />
A connection between the external network<br />
interface and the internal network interface.<br />
A connection between the external network<br />
interface and the de-militarized zone<br />
(DMZ).<br />
A connection between the de-militarized<br />
zone (DMZ) and the internal network<br />
interface.<br />
Allows only traffic to and/or from the IP<br />
address(es) set in the FIREWALL ADD<br />
VALIDATOR command. All other traffic is<br />
blocked.<br />
Blocks only traffic to and/or from the IP<br />
address(es) set in the FIREWALL ADD<br />
VALIDATOR command. All other traffic is<br />
allowed.<br />
N/A<br />
blockonly-val<br />
Example --> firewall add policy ext-dmz external-dmz blockonly-val<br />
See also FIREWALL SET SECURITYLEVEL<br />
FIREWALL ADD PORTFILTER<br />
FIREWALL ADD VALIDATOR<br />
FIREWALL ADD PORTFILTER<br />
Syntax FIREWALL ADD PORTFILTER {PROTOCOL }<br />
{INBOUND|OUTBOUND|BOTH}<br />
FIREWALL ADD PORTFILTER {TCP|UDP} <br />
{INBOUND|OUTBOUND|BOTH}<br />
FIREWALL ADD PORTFILTER <br />
{FTP|HTTP|ICMP|SMTP|TELNET} {INBOUND|OUTBOUND|BOTH}<br />
Description This command adds a portfilter to an existing firewall policy.<br />
Portfilters are individual rules that determine what kind of traffic (based on type of<br />
protocol or type of transport or type of application) can pass between the two<br />
interfaces specified in the FIREWALL ADD POLICY command.<br />
There are three ways that a portfilter can be defined, depending on the type of<br />
protocol that must be managed by the portfilter:<br />
• specify the number of a non-TCP or non-UDP protocol (for more information, see<br />
http://www.ietf.org/rfc/rfc1700.txt)<br />
• specify TCP or UDP protocol, together with an applicationʹs start/end port<br />
numbers
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 161<br />
• specify one of the listed protocols, applications or services. These are provided by<br />
the Firewall as popular examples that you can use. You do not need to specify the<br />
portnumber - the Firewall does this for you.<br />
It is VERY IMPORTANT to understand that when portfilters are created for TCP or<br />
UDP, then the effect of the filter is to allow/disallow packets that are starting a<br />
UDP or TCP session. Once a session has been established, the firewall recognizes<br />
subsequent packets in the session as belonging to an established session, and<br />
allows then through. This is because this is a Stateful firewall, and so is aware of<br />
the states of UDP/TCP sessions.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
policyname<br />
number<br />
startport<br />
endport<br />
INBOUND<br />
OUTBOUND<br />
BOTH<br />
An arbitrary name that identifies the<br />
portfilter. It can be made up of one or more<br />
letters or a combination of letters and digits,<br />
but it cannot start with a digit.<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
FIREWALL LIST POLICIES command.<br />
The number of a non-TCP or non-UDP<br />
protocol. Protocol numbers can be found at<br />
http://www.ietf.org/rfc/rfc1700.txt.<br />
The start of the port range for a TCP or UDP<br />
protocol.<br />
The end of the port range for a TCP or UDP<br />
protocol.<br />
Allows transport of packets of the specified<br />
protocol, application or service from an<br />
outside interface to an inside interface.<br />
Outbound transport of the packets is not<br />
allowed.<br />
Allows transport of packets of the specified<br />
protocol, application or service from an<br />
inside interface to an outside interface.<br />
Inbound transport of the packets is not<br />
allowed.<br />
Allows inbound and outbound transport of<br />
packets of the specified protocol,<br />
application or service between inside and<br />
outside interfaces.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Examples - specifying a protocol
162 Chapter 8 – Security & Firewall<br />
The following example allows IGMP (Internet Group Management Protocol)<br />
packets inbound from the external interface to the DMZ interface. IGMP is protocol<br />
number 2 (see http://www.ietf.org/rfc/rfc1700.txt).<br />
First, we need to create a policy:<br />
--> firewall add policy ext-dmz external-dmz<br />
Then we can add the portfilter to it:<br />
--> firewall add portfilter pf1 ext-dmz protocol 2 inbound<br />
- specifying a TCP/UDP protocol<br />
The following example allows DNS (Domain Name Service) sessions to be<br />
established in an outbound direction from the internal interface to the external<br />
interface. DNS uses UDP port 53 (see http://www.ietf.org/rfc/rfc1700.txt).<br />
First, we need to create a policy:<br />
--> firewall add policy ext-int external-internal<br />
Then we can add the portfilter to it:<br />
--> firewall add portfilter pf2 ext-int udp 53 53 outbound<br />
- using a provided protocol, application or service<br />
The following example allows SMTP (Simple Mail Transfer Protocol) sessions to be<br />
created in both the inbound and outbound directions between the internal interface<br />
and the DMZ interface. This is a popular protocol that is provided by the Firewall.<br />
You do not need to specify the portnumber - the Firewall does this for you.<br />
First, we need to create a policy:<br />
--> firewall add policy dmz-int dmz-internal<br />
Then we can add the portfilter to it:<br />
--> firewall add portfilter pf3 dmz-int smtp both<br />
See also FIREWALL LIST POLICIES<br />
See the Well Known Port Numbers section of RFC 1700 for a list of port numbers<br />
and protocols for particular services (see http://www.ietf.org/rfc/rfc1700.txt).<br />
FIREWALL ADD VALIDATOR<br />
Syntax FIREWALL ADD VALIDATOR {INBOUND|OUTBOUND|BOTH}<br />
<br />
Description This command adds a validator to an existing Firewall policy. A validator<br />
allows/blocks traffic based on the source/destination IP address and netmask.<br />
The command allows you to specify:<br />
• the IP address(es) and netmask(s) of the IP frames that are allowed to pass the<br />
firewall or that must be blocked by the firewall
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 163<br />
• the direction of traffic that must be allowed/blocked<br />
Once a validator is added to a policy, specifying the IP address and direction values,<br />
the same validator can be reused adding the validator to other policies.<br />
<br />
In order to add validators to a Firewall policy, the policy must have been<br />
previously created, which defines how traffic is allowed/blocked, using the<br />
allowonly-val or blockonly-val options in the FIREWALL ADD POLICY<br />
command:<br />
allowonly-val: only traffic based on the direction setting and the IP address(es)<br />
specified in the FIREWALL ADD VALIDATOR command is allowed. All other<br />
traffic is blocked.<br />
blockonly-val: only traffic based on the direction and the IP address(es) specified<br />
in the FIREWALL ADD VALIDATOR command is blocked. All other traffic is<br />
allowed.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
policyname<br />
INBOUND<br />
OUTBOUND<br />
BOTH<br />
An arbitrary name that identifies the<br />
portfilter. It can be made up of one or more<br />
letters or a combination of letters and digits,<br />
but it cannot start with a digit.<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
FIREWALL LIST POLICIES command.<br />
Validator acts on traffic originated from<br />
and/or directed to the IP addresses defined<br />
by the ipaddress and hostipmask fields in the<br />
following directions (depending on the<br />
interfaces involved by the policy):<br />
from External to Internal<br />
from External to DMZ<br />
from DMZ to Internal<br />
Validator acts on traffic originated from<br />
and/or directed to the IP addresses defined<br />
by the ipaddress and hostipmask fields in the<br />
following directions (depending on the<br />
interfaces involved by the policy):<br />
from Internal to External<br />
from DMZ to External<br />
from Internal to DMZ<br />
Validator acts on traffic originated from<br />
and/or directed to the IP addresses defined<br />
by the ipaddress and hostipmask fields in the<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A
164 Chapter 8 – Security & Firewall<br />
following directions (depending on the<br />
interfaces involved by the policy):<br />
from External to Internal and viceversa<br />
from External to DMZ and viceversa<br />
from DMZ to Internal and viceversa<br />
ipaddress<br />
hostipmask<br />
The IP address (or base address of the range<br />
of IP addresses) to which validator will<br />
apply. The address is in the IPv4 format<br />
(e.g. 192.168.102.3).<br />
The ipaddress value can represent either<br />
Source or Destination IP address.<br />
The netmask defining the range of IP<br />
addresses managed by the validator in the<br />
IPv4 format (e.g. 255.255.255.0).<br />
For example, if the validator is to apply to a<br />
whole class-c range then use the hostipmask<br />
255.255.255.0.<br />
If the validator is to apply to just a single IP<br />
address, use the specific IP mask<br />
255.255.255.255<br />
N/A<br />
N/A<br />
Example In the following example, a policy is created, then a validator added to block<br />
inbound and outbound traffic from/to the IP address stated. All other traffic is<br />
allowed.<br />
--> firewall add policy ext-int external-internal blockonly-val<br />
--> firewall add validator v1 ext-int both 192.168.102.3 255.255.255.255<br />
FIREWALL CLEAR POLICIES<br />
Syntax FIREWALL CLEAR POLICIES<br />
Description This command deletes all existing policies from the firewall configuration. Any<br />
portfilters associated with the policies are also deleted by this command.<br />
Example --> firewall clear policies<br />
See also FIREWALL ADD POLICY<br />
FIREWALL DELETE POLICY<br />
FIREWALL CLEAR PORTFILTERS<br />
Syntax FIREWALL CLEAR PORTFILTERS <br />
Description This command deletes all portfilters that were added to an existing firewall policy<br />
using the FIREWALL ADD PORTFILTER command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 165<br />
Option Description Default Value<br />
policyname<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
FIREWALL LIST POLICIES command.<br />
N/A<br />
Example --> firewall clear portfilters ext-int<br />
See also FIREWALL DELETE PORTFILTER<br />
FIREWALL LIST POLICIES<br />
FIREWALL DELETE POLICY<br />
Syntax FIREWALL DELETE POLICY <br />
Description This command deletes a single existing policy from the firewall configuration. All<br />
portfilters associated with the policy are also deleted by this command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
FIREWALL LIST POLICIES command.<br />
N/A<br />
Example --> firewall delete policy ext-dmz<br />
See also FIREWALL CLEAR POLICIES<br />
FIREWALL LIST POLICIES<br />
FIREWALL DELETE PORTFILTER<br />
Syntax FIREWALL DELETE PORTFILTER <br />
Description This command deletes a single portfilter that was added to a firewall policy using<br />
the FIREWALL ADD PORTFILTER command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
policyname<br />
A name that identifies an existing portfilter.<br />
To display portfilter names, use the<br />
FIREWALL LIST PORTFILTER command.<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
N/A<br />
N/A
166 Chapter 8 – Security & Firewall<br />
FIREWALL LIST POLICIES command.<br />
Example --> firewall delete portfilter pf3 ext-int<br />
See also FIREWALL LIST POLICIES<br />
FIREWALL LIST PORTFILTERS<br />
FIREWALL CLEAR PORTFILTERS<br />
FIREWALL DELETE VALIDATOR<br />
Syntax FIREWALL DELETE VALIDATOR <br />
Description This command deletes a single validator from a named policy.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
policyname<br />
A name that identifies an existing validator.<br />
To display validator names, use the<br />
FIREWALL LIST VALIDATORS command.<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
FIREWALL LIST POLICIES command.<br />
N/A<br />
N/A<br />
Example --> firewall delete validator v1 ext-int<br />
FIREWALL ENABLE|DISABLE<br />
Syntax FIREWALL {ENABLE | DISABLE}<br />
Description This command enables/disables the entire Firewall module except for the IDS<br />
portion of the module (see the command FIREWALL ENABLE|DISABLE IDS).<br />
<br />
Security module must be also enabled (using the command SECURITY<br />
ENABLE) in order to use the features of the Firewall module.<br />
When the Firewall is enabled, all IP traffic on existing security interfaces that are<br />
NOT included in a Firewall policy is blocked. For details on setting default<br />
policy security levels on security interfaces, see the FIREWALL SET<br />
SECURITYLEVEL command.<br />
If the Firewall module is disabled during a session, any configuration changes<br />
made when the Firewall was enabled remain in the Firewall, so that itʹs possible<br />
re-enable them later in the session.<br />
If the system must be rebooted and the Firewall configuration must be saved<br />
between sessions, use the SYSTEM CONFIG SAVE command.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 167<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE Enables the Firewall module N/A<br />
DISABLE Disables the Firewall module. N/A<br />
Example --> firewall enable<br />
See also FIREWALL ENABLE|DISABLE IDS<br />
FIREWALL SET SECURITYLEVEL<br />
FIREWALL ENABLE|DISABLE IDS<br />
Syntax FIREWALL {ENABLE | DISABLE} IDS<br />
Description This command enables or disables the IDS (Intrusion Detection Service) portion of<br />
the Firewall.<br />
<br />
This module must be enabled in order to activate the settings specified in the<br />
FIREWALL IDS commands.<br />
This module depends on the Security module, which must be enabled before the<br />
enabling of the IDS can take effect.<br />
Itʹs not necessary to enable the Firewall module in order for the IDS to be active.<br />
If the IDS is disabled during a session, any configuration changes made when<br />
IDS was enabled remain, and can be re-enabled later in the session.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
Enables the IDS portion of the Firewall<br />
module.<br />
Disables the IDS portion of the Firewall<br />
module.<br />
disable<br />
Example --> firewall enable IDS<br />
See also FIREWALL ENABLE|DISABLE
168 Chapter 8 – Security & Firewall<br />
FIREWALL ENABLE|DISABLE BLOCKINGLOG<br />
Syntax FIREWALL {ENABLE | DISABLE} BLOCKINGLOG<br />
Description This command enables/disables whether Firewall blocking activity is logged.<br />
<br />
To display logging information, the SYSTEM LOG feature must be enabled.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE The blocking log is displayed enable<br />
DISABLE The blocking log is not displayed enable<br />
Example --> firewall enable blocking log<br />
See also FIREWALL ENABLE|DISABLE<br />
FIREWALL ENABLE|DISABLE INTRUSIONLOG<br />
Syntax FIREWALL {ENABLE | DISABLE} INTRUSIONLOG<br />
Description This command enables/disables whether details of attempted Firewall intrusion<br />
activity are logged.<br />
<br />
To display logging information, the SYSTEM LOG feature must be enabled.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
The intrusion log is displayed.<br />
The intrusion log is not displayed.<br />
disable<br />
Example --> firewall enable intrusionlog<br />
See also FIREWALL ENABLE|DISABLE BLOCKINGLOG<br />
FIREWALL ENABLE|DISABLE SESSIONLOG<br />
FIREWALL ENABLE|DISABLE SESSIONLOG<br />
Syntax FIREWALL {ENABLE | DISABLE} SESSIONLOG
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 169<br />
Description This command enables/disables whether Firewall session events are logged.<br />
<br />
To display logging information, the SYSTEM LOG feature must be enabled.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
The log of session events is displayed<br />
The log of session events is not displayed.<br />
enable<br />
Example --> firewall enable sessionlog<br />
See also FIREWALL ENABLE|DISABLE BLOCKINGLOG<br />
FIREWALL LIST POLICIES<br />
Syntax FIREWALL LIST POLICIES<br />
Description This command lists the following information about policies that were added to the<br />
firewall using the FIREWALL ADD POLICY command:<br />
• Policy ID number<br />
• Policy name<br />
• Interface Type 1 and Interface Type 2 - the two interface types between which a<br />
policy exists (external - internal, external - DMZ or internal - DMZ)<br />
• Validator Allow Only status - true means that allowonly-val was set when the<br />
policy was created. False means that either blockonly-val was set, or no validator<br />
status was set (blockonly-val is the default setting if no status is specified).<br />
Example --> firewall list policies<br />
Firewall Policies:<br />
ID | Name | Type 1 | Type 2 | validator allow only<br />
--------------------------------------------------------<br />
1 | ext-dmz | external | dmz | true<br />
--------------------------------- ----------------------<br />
See also FIREWALL SHOW POLICY<br />
FIREWALL LIST PORTFILTERS<br />
Syntax FIREWALL LIST PORTFILTERS <br />
Description This command lists portfilters that were added to a firewall policy using the<br />
FIREWALL ADD PORTFILTER command. It displays the following information:<br />
• Portfilter ID number
170 Chapter 8 – Security & Firewall<br />
• Portfilter name<br />
• Type - port number range or specified port number<br />
• Port range used by the specified TCP or UDP protocol (e.g., 53 for DNS, 25 for<br />
SMTP). For non-TCP/UDP protocols, the port range is set to 0-0.<br />
• In - displays the inbound permission setting (true or false)<br />
• Out - displays the outbound permission setting (true or false)<br />
• Raw - displays whether or not the portfilter uses a non-TCP/UDP protocol (true<br />
or false)<br />
• TCP - displays whether or not the portfilter uses a TCP protocol (true or false)<br />
• UDP - displays whether or not the portfilter uses a UDP protocol (true or false)<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
policyname<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
FIREWALL LIST POLICIES command.<br />
N/A<br />
Example --> firewall list portfilters ext-int<br />
Firewall Port Filters:<br />
ID | Name | Type | Port Range | In | Out | Raw | TCP | UDP<br />
----------------------------------------------------------------------<br />
1 | pf3 | 6 | 25 - 25 |true |true |false |true |false<br />
2 | pf2 | 17 | 53 - 53 |false |true |false |false |true<br />
3 | pf1 | 2 | 0 - 0 |true |false |true |false |false<br />
-----------------------------------------------------------------------<br />
See also FIREWALL LIST POLICIES<br />
FIREWALL SHOW PORTFILTER<br />
For a list of the port numbers and/or numbers assigned to protocols, see<br />
http://www.ietf.org/rfc/rfc1700.txt.<br />
FIREWALL LIST VALIDATORS<br />
Syntax FIREWALL LIST VALIDATORS <br />
Description This command lists the following information about validators added to a policy<br />
using the FIREWALL ADD VALIDATOR command:<br />
• Validator ID number<br />
• Validator name<br />
• Direction (inbound, outbound or both)<br />
• Host IP address
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 171<br />
• Host mask address<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
policyname<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
FIREWALL LIST POLICIES command.<br />
N/A<br />
Example --> firewall list validators ext-int<br />
Firewall Host Validators:<br />
ID | Name | Direction | Host IP | Mask<br />
-------------------------------------------------------------<br />
2 | v1 | both | 192.168.103.2 | 255.255.255.0<br />
1 | v2 | inbound | 192.168.103.1 | 255.255.255.0<br />
See also FIREWALL ADD VALIDATOR<br />
FIREWALL SHOW VALIDATOR<br />
FIREWALL SET IDS DOSATTACKBLOCK<br />
Syntax FIREWALL SET IDS DOSATTACKBLOCK <br />
Description This command sets, in the Intrusion Detection Setting (IDS), the duration of the<br />
block that is put in place when a DOS (Denial of Service) is detected. A DOS attack<br />
is an attempt by an attacker to prevent legitimate users from using a service. If a<br />
DOS attack is detected, all hosts that seem to be causing the attack are blocked by<br />
the firewall for a set time limit. This command allows you to specify the duration of<br />
the block.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
duration<br />
The length of time (in seconds) for which<br />
the firewall blocks suspicious hosts once a<br />
DOS attack attempt has been detected by<br />
the firewall.<br />
1800 (30 minutes)<br />
FIREWALL SET IDS MAXICMP<br />
Syntax FIREWALL SET IDS MAXICMP <br />
Description This command sets the maximum number of ICMP packets per second that are<br />
allowed by the Firewall before an ICMP Flood is detected. An ICMP Flood is a DOS
172 Chapter 8 – Security & Firewall<br />
(Denial of Service) attack. An attacker tries to flood the network with ICMP packets<br />
in order to prevent transportation of legitimate network traffic.<br />
Once the maximum number of ICMP packets per second is reached, an attempted<br />
ICMP Flood is detected. The firewall blocks the suspected attacker for the time limit<br />
specified in the FIREWALL SET IDS DOSATTACKBLOCK command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
max<br />
The number of ICMP packets per second<br />
which is deemed to be the threshold for a<br />
ICMP flood attack.<br />
N/A<br />
Example --> firewall set IDS MaxICMP 200<br />
FIREWALL SET IDS MAXPING<br />
Syntax FIREWALL SET IDS MAXPING <br />
Description This command sets the maximum number of pings per second that are allowed by<br />
firewall before an Echo Storm is detected. Echo Storm is a DOS (Denial of Service)<br />
attack. An attacker sends oversized ICMP datagrams to the system using the `pingʹ<br />
command. This can cause the system to crash, freeze or reboot, resulting in denial of<br />
service to legitimate users.<br />
Once the maximum number of pings per second is reached, an attempted DOS<br />
attack is detected. The firewall blocks the suspected attacker for the time limit<br />
specified in the FIREWALL SET IDS DOSATTACKBLOCK command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
max<br />
The maximum number (per second) of<br />
pings that are allowed before an Echo Storm<br />
attempt is detected.<br />
15<br />
Example --> firewall set IDS MaxPING 25<br />
FIREWALL SET IDS MAXTCPOPENHANDSHAKE<br />
Syntax FIREWALL SET IDS MAXTCPOPENHANDSHAKE <br />
Description This command sets the maximum number of unfinished TCP handshaking sessions<br />
per second that are allowed by firewall before a SYN Flood is detected. SYN Flood<br />
is a DOS (Denial of Service) attack. When establishing normal TCP connections,<br />
three packets are exchanged:
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 173<br />
• A SYN (synchronize) packet is sent from the host to the network server<br />
• A SYN/ACK packet is sent from the network server to the host<br />
• An ACK (acknowledge) packet is sent from the host to the network server<br />
If the host sends unreachable source addresses in the SYN packet, the server sends<br />
the SYN/ACK packets to the unreachable addresses and keeps resending them. This<br />
creates a backlog queue of unacknowledged SYN/ACK packets. Once the queue is<br />
full, the system will ignore all incoming SYN requests and no legitimate TCP<br />
connections can be established.<br />
Once the maximum number of unfinished TCP handshaking sessions is reached, an<br />
attempted DOS attack is detected. The firewall blocks the suspected attacker for the<br />
time limit specified in the FIREWALL SET IDS DOSATTACKBLOCK command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
max<br />
The maximum number (per second) of<br />
unfinished TCP handshaking sessions that<br />
are allowed before a SYN Flood attempt is<br />
detected.<br />
100<br />
Example --> firewall set IDS MaxTCPopenhandshake 150<br />
FIREWALL SET IDS SCANATTACKBLOCK<br />
Syntax FIREWALL SET IDS SCANATTACKBLOCK <br />
Description This command allows you to set, in the Intrusion Detection System (IDS), the<br />
duration of the blaock that is put in place when a scan attack is detected. The<br />
firewall detects when the system is being scanned by a suspicious host attempting<br />
to identify any open ports. If scan activity is detected, all hosts that are seen to be<br />
making attacks are blocked by the firewall for a set time limit. This command allows<br />
you to specify the duration of the block.<br />
<br />
This CLI command is case-sensitive. You must type the command attributes<br />
exactly as they appear in the command description on this page. If you do not<br />
use the same case-sensitive syntax, the command fails and the CLI displays a<br />
syntax error message.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
duration<br />
The length of time (in seconds) that the<br />
firewall blocks all suspicious hosts for, after<br />
it has detected scan activity on the Firewall.<br />
86400<br />
(one day)
174 Chapter 8 – Security & Firewall<br />
Example --> firewall set IDS SCANattackblock 43200<br />
FIREWALL SET IDS BLACKLIST<br />
Syntax FIREWALL SET IDS BLACKLIST {ENABLE | DISABLE | CLEAR}<br />
Description This command sets the blacklist IDS (Intrusion Detection Setting). Blacklisting<br />
denies an external host access to the system if IDS has detected certain types of<br />
intrusion from that host. Access to the network is denied for ten minutes.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
CLEAR<br />
Enables blacklisting of an external host if<br />
IDS has detected an intrusion from that<br />
host.<br />
Disables blacklisting of an external host if<br />
IDS has detected an intrusion from that<br />
host.<br />
Clears blacklisting of an external host.<br />
disable<br />
Example --> firewall set IDS blacklist enable<br />
FIREWALL SET IDS VICTIMPROTECTION<br />
Syntax FIREWALL SET IDS VICTIMPROTECTION {ENABLE | DISABLE}<br />
Description This command enables/disables the victim protection Intrusion Detection Setting<br />
(IDS). Enabling this command protects the victim from an attempted spoofing<br />
attack.<br />
Web spoofing allows an attacker to create a `shadowʹ copy of the World Wide Web.<br />
All access to the shadow Web goes through the attackerʹs machine, so the attacker<br />
can monitor all of the victimʹs activities and send false data to or from the victimʹs<br />
machine.<br />
If victim protection is enabled, packets destined for the victim host of a spoofing<br />
style attack are blocked. The command allows you to specify the duration of the<br />
block.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
Enables victim protection and blocks<br />
packets destined for the victim host.<br />
Disables victim protection.<br />
disable
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 175<br />
duration<br />
The length of time (in seconds) that the<br />
firewall blocks packets destined for the<br />
victim of a spoofing style attack.<br />
600<br />
(10 minutes)<br />
Example --> firewall set IDS victimprotection enable 800<br />
FIREWALL SET SECURITYLEVEL<br />
Syntax FIREWALL SET SECURITYLEVEL {NONE | HIGH | MEDIUM | LOW |<br />
USERDEFINED }<br />
Description This command allows you to set which security level is used by the Firewall. There<br />
are three default security levels (high, medium and low) that contain different<br />
security configuration information for each interface connection. Once you have<br />
selected a security level, all IP traffic except the default policies specified will be<br />
blocked by the Firewall.<br />
The security level none blocks all IP traffic for every security interface. The<br />
userdefined option allows you to select a security configuration that you have<br />
previously created. There are three types of interface connections:<br />
• Between the external interface and internal interface<br />
• Between the external interface and the de-militarized zone (DMZ)<br />
• Between the DMZ and the internal interface<br />
Selecting a security level deletes the previous security level, and any policies or<br />
portfilters set, and replaces them with the newly selected level.<br />
You can add your own security policies using the FIREWALL ADD POLICY<br />
command.<br />
Options The following tables describes the default policies enabled in the firewall for each of<br />
the high, medium and low security levels. The tables tell you whether a certain<br />
service can be accepted in or allowed out by a specific policy:<br />
HIGH<br />
SECURITY LEVEL<br />
External < ><br />
Internal<br />
External < ><br />
DMZ<br />
DMZ < ><br />
Internal<br />
Service Port In Out In Out In Out<br />
http 80 x ✓ ✓ ✓ ✓ ✓<br />
dns 53 x ✓ x ✓ x ✓<br />
telnet 23 x x x x x x<br />
smtp 25 x ✓ ✓ ✓ ✓ ✓<br />
pop3 110 x ✓ ✓ ✓ ✓ ✓<br />
nntp 119 x x x x x x<br />
real audio/video 7070 x x x x x x<br />
icmp N/A x ✓ x ✓ x ✓<br />
H.323 1720 x x x x x x<br />
T.120<br />
1503 x x x x x x<br />
SSH 22 x x x x x x
176 Chapter 8 – Security & Firewall<br />
MEDIUM<br />
SECURITY LEVEL<br />
External < ><br />
Internal<br />
External < ><br />
DMZ<br />
DMZ < ><br />
Internal<br />
Service Port In Out In Out In Out<br />
http 80 x ✓ ✓ ✓ ✓ ✓<br />
dns 53 x ✓ ✓ ✓ ✓ ✓<br />
telnet 23 x ✓ x ✓ x ✓<br />
smtp 25 x ✓ ✓ ✓ ✓ ✓<br />
pop3 110 x ✓ ✓ ✓ ✓ ✓<br />
nntp 119 x ✓ ✓ ✓ ✓ ✓<br />
real audio/video 7070 ✓ x x ✓ x ✓<br />
icmp N/A x ✓ x ✓ x ✓<br />
H.323 1720 x ✓ x ✓ x ✓<br />
T.120 1503 x ✓ x ✓ x ✓<br />
SSH 22 x ✓ x ✓ x ✓<br />
LOW<br />
SECURITY LEVEL<br />
External < ><br />
Internal<br />
External < ><br />
DMZ<br />
DMZ < ><br />
Internal<br />
Service Port In Out In Out In Out<br />
http 80 x ✓ ✓ ✓ ✓ ✓<br />
dns 53 ✓ ✓ ✓ ✓ ✓ ✓<br />
telnet 23 x ✓ ✓ ✓ ✓ ✓<br />
smtp 25 x ✓ ✓ ✓ ✓ ✓<br />
pop3 110 x ✓ ✓ ✓ ✓ ✓<br />
nntp 119 x ✓ ✓ ✓ ✓ ✓<br />
real audio/video 7070 ✓ x ✓ ✓ ✓ ✓<br />
icmp N/A ✓ ✓ ✓ ✓ ✓ ✓<br />
H.323 1720 ✓ ✓ ✓ ✓ ✓ ✓<br />
T.120 1503 ✓ ✓ ✓ ✓ ✓ ✓<br />
SSH 22 ✓ ✓ ✓ ✓ ✓ ✓<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable):<br />
Option Description Default Value<br />
NONE<br />
HIGH<br />
MEDIUM<br />
LOW<br />
USERDEFINED<br />
Your system blocks all IP traffic between<br />
interfaces.<br />
Your system uses the high firewall security<br />
level, providing a high level of firewall<br />
security between interfaces.<br />
Your system uses the medium firewall<br />
security level, providing a medium level of<br />
firewall security between interfaces.<br />
Your system uses the low firewall security<br />
level, providing a low level of firewall<br />
security between interfaces.<br />
Your system uses a security configuration<br />
that you have previously created.<br />
none
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 177<br />
slevel<br />
The name of the security configuration level<br />
that you have previously created.<br />
N/A<br />
Example --> firewall set securitylevel medium<br />
See also FIREWALL ADD POLICY<br />
For more information on ports assigned to protocols, see<br />
http://www.ietf.org/rfc/rfc1700.txt<br />
FIREWALL SHOW IDS<br />
Syntax FIREWALL SHOW IDS<br />
Description This command displays the following information about the Firewall IDS settings:<br />
• IDS enabled status (true or false)<br />
• Blacklist status (true or false)<br />
• Use Victim Protection status (true or false)<br />
• DOS attack block duration (in seconds)<br />
• Scan attack block duration (in seconds)<br />
• Victim protection block duration (in seconds)<br />
• Maximum TCP open handshaking count allowed (per second)<br />
• Maximum ping count allowed (per second)<br />
• Maximum ICMP count allowed (per second)<br />
Example --> firewall show IDS<br />
Firewall IDS:<br />
IDS Enabled: true<br />
Use Blacklist: true<br />
Use Victim Protection: true<br />
Dos Attack Block Duration: 1800<br />
Scan Attack Block Duration: 10<br />
Victim Protection Block Duration: 600<br />
Max TCP Open Handshaking Count: 100<br />
Max PING Count: 20<br />
Max ICMP Count: 100<br />
FIREWALL SHOW POLICY<br />
Syntax FIREWALL SHOW POLICY <br />
Description This command displays information about a single policy that was added to the<br />
firewall using the FIREWALL ADD POLICY command.<br />
A policy exists between two interface types that were set using the FIREWALL ADD<br />
POLICY command. This command displays what these interface types are, and the<br />
allow only validator status; true means that allowonly-val was set when the policy
178 Chapter 8 – Security & Firewall<br />
was created; false means that either blockonly-val was set, or no validator status was<br />
set (blockonly-val is the default setting if no status is specified).<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
FIREWALL LIST POLICIES command.<br />
N/A<br />
Example --> firewall show policy p2<br />
Firewall Policy: ext-dmz<br />
Interface Type 1: external<br />
Interface Type 2: dmz<br />
See also FIREWALL LIST POLICIES<br />
FIREWALL SHOW PORTFILTER<br />
Syntax FIREWALL SHOW PORTFILTER <br />
Description This command displays information about a single portfilter that was added to a<br />
firewall policy using the FIREWALL POLICY ADD PORTFILTER command. The<br />
following portfilter information is displayed:<br />
• Portfilter name<br />
• Transport type used by the protocol (e.g., 6 for SMTP)<br />
• Start of the port range<br />
• End of the port range<br />
• Inbound permission (true or false)<br />
• Outbound permission (true or false)<br />
• Raw IP - whether the portfilter uses a non-TCP/UDP protocol (true or false)<br />
• TCP permission - whether the portfilter uses a TCP protocol (true or false)<br />
• UDP permission - whether the portfilter uses a UDP protocol (true or false)<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing portfilter.<br />
To display portfilter names, use the<br />
FIREWALL LIST PORTFILTERS command.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 179<br />
policyname<br />
A name that identifies an existing firewall<br />
policy. To display policy names, use the<br />
FIREWALL LIST POLICIES command.<br />
N/A<br />
Example --> firewall show portfilter pf3 ext-int<br />
Firewall Port Filter: pf3<br />
Transport type: 6<br />
Port number start: 25<br />
Port number end: 25<br />
Inbound permission: true<br />
Outbound permission: true<br />
Raw IP: false<br />
TCP permission: true<br />
UDP permission: false<br />
See also FIREWALL LIST POLICIES<br />
FIREWALL LIST PORTFILTERS<br />
FIREWALL SHOW VALIDATOR<br />
Syntax FIREWALL SHOW VALIDATOR <br />
Description This command displays information about a single validator that was added to<br />
firewall policy using the FIREWALL ADD VALIDATOR command. The following<br />
validator information is displayed:<br />
• Validator name<br />
• Direction (inbound, outbound or both)<br />
• Base IP address of the range to which the validator applies<br />
• Netmask defining the range of addresses to which the validator applies<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
policyname<br />
A name that identifies an existing validator. To<br />
display validator names, use the FIREWALL<br />
LIST VALIDATORS command.<br />
A name that identifies an existing firewall policy.<br />
To display policy names, use the FIREWALL<br />
LIST POLICIES command.<br />
N/A<br />
N/A<br />
Example --> firewall show validator v1<br />
Firewall Host Validator: v1<br />
Direction: both<br />
Host IP: 192.168.103.2<br />
Host Mask: 255.255.255.0
180 Chapter 8 – Security & Firewall<br />
See also FIREWALL ADD VALIDATOR<br />
FIREWALL LIST VALIDATORS<br />
FIREWALL STATUS<br />
Syntax FIREWALL STATUS<br />
Description This command displays the following information about the Firewall:<br />
• Firewall status (enabled or disabled)<br />
• Security level setting (none, high, low or medium)<br />
• Firewall logging status:<br />
• session logging (enabled or disabled)<br />
• blocking logging (enabled or disabled)<br />
• intrusion logging (enabled or disabled)<br />
Example --> firewall status<br />
Firewall enabled.<br />
Firewall security level: medium.<br />
Firewall session logging enabled.<br />
Firewall blocking logging enabled.<br />
Firewall intrusion logging disabled.<br />
See also FIREWALL ENABLE|DISABLE<br />
FIREWALL SET SECURITYLEVEL<br />
FIREWALL ENABLE|DISABLEBLOCKINGLOG<br />
FIREWALL ENABLE|DISABLE SESSIONLOG
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 181<br />
Chapter 9<br />
Network Address Translation - NAT<br />
Network Address Translation<br />
NAT stands for Network Address Translation. In short, it is a mechanism by which<br />
the IP addresses of packets are changed as they go through a routing device. The<br />
reason for doing such a translation is to enable a device to appear to have one<br />
address to hosts on one side of the NATing router, and another address to hosts on<br />
the other side of the NATing router.<br />
At first glance, it might seem a very strange thing to want to change the addresses<br />
inside IP packets. However, there are some useful applications for this, briefly<br />
explained in the following.<br />
Address conservation<br />
The most common application of NAT is to make better use of the increasingly scant<br />
resource that is the public IP address. As the number of people connecting to the<br />
Internet has exploded, it has reached the stage where there are just not enough IP<br />
addresses available to give an individual address to every Internet-connected<br />
device. So, a prime purpose of NAT is to enable a whole network to access the<br />
Internet using just a single public IP address (see figure 10).
182 Chapter 9 – Network Address Translation - NAT<br />
10.0.0.3<br />
10.0.0.2<br />
24.2.249.4<br />
Internet<br />
AT-RG6xx<br />
10.0.0.1<br />
(Router with NAT)<br />
10.0.0.4<br />
Figure 10. Address Conservation using NAT<br />
Security<br />
The security provided by NAT is really a by-product of the address conservation<br />
purpose. The fact is that NAT aims to translate the source addresses of packets<br />
originating from within the local private network; when reply packets come back<br />
from the Internet, they can be passed back to the hosts on the Private network as the<br />
NAT process keeps an internal table that enables it to know which replies are<br />
actually destined to which private hosts.<br />
So, if a packet comes from the Internet that is not a reply to a packet sent from the<br />
inside, then that NAT process does not know who to forward it to, and has to drop<br />
it.<br />
So, this makes it very difficult for devices on the Internet to initiate incoming<br />
sessions to hosts on the private network; when the packet that is trying to initiate<br />
the session arrives at the NAT device, it gets dropped.<br />
In addition, because the NAT process has to process all the packets passing through<br />
it, in order to pass them to the right internal host, it is quite easy to build in an<br />
ability to look for attacks – SYN floods, Pings of Death, IP Spoofing etc are quite<br />
easy to recognize as packets are being examined on the way through the NAT<br />
device.<br />
How does NAT work?<br />
The trick to NAT is to make use of the Port fields in TCP and UDP.<br />
In TCP and UDP packets, there are 4 fields that identify a particular session:<br />
The particular value of the source port number in a session is not important, so the<br />
NAT device is free to change the source port numbers in packets. This freedom to<br />
change the source port number is the central key to NAT. This enables it to make
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 183<br />
sure that every TCP or UDP session that it sends out to the Internet has a UNIQUE<br />
source port number.<br />
Consider the problem that would occur if the NAT device was not free to change the<br />
source port number; only the source address:<br />
If two hosts on the private LAN happened to create sessions using the same source<br />
port number, and same destination address and same destination port number, then<br />
the only thing that would be different between the packets in one session and those<br />
in the other session would be the source IP addresses. However, once the NAT<br />
device had changed the source IP addresses to the global IP address, there would be<br />
nothing to differentiate the packets. The host at the other end of the connection<br />
would think that all the packets were from the same session, which would cause<br />
chaos.<br />
So, it is very important that the NAT device is also able to change the source port<br />
number, so that the problem described above will never happen.<br />
Therefore the NAT device can intercept TCP and UDP sessions coming from Private<br />
hosts, change the source addresses AND source port numbers in the packets, and<br />
store away the original IP address and port number in a table, along with the newly<br />
substituted port number (so that the original values can be restored in the reply<br />
packet when it comes).<br />
So, the process that occurs is:<br />
• the NAT device receives the packet<br />
• changes the source IP address in the packets to the global IP address<br />
• looks up in its table for an entry containing the source port number and original<br />
source address of the packet<br />
• if it finds an entry, it takes the substitution port number in the table entry,<br />
and changes the source port number of the packet to this substitution<br />
number<br />
• if it does not find an entry, it generates a new substitution port number, and<br />
creates a new table entry containing the original source IP address of the<br />
packet, its original source port number, and the newly generated<br />
substitution port number. Changes the source port number of the packet to<br />
this substitution number.<br />
• Sends the packet on out the public interface.<br />
• the packet goes off to the destination host, which sends a reply, in which source<br />
and destination IP address are swapped, and source and destination port number<br />
are swapped<br />
• the reply packet arrives back at the NAT device, which receives it<br />
• the destination port number is looked for in the table<br />
• if it is found, the packet is recognized as being a reply for an existing<br />
session, and the source IP and source Port number in the table entry are put<br />
into the destination IP address and destination port number fields of the<br />
packet, and the packet is then sent onto the private LAN.<br />
• If it is not found, then it is not clear where the packet should be sent, and so<br />
it is dropped.
184 Chapter 9 – Network Address Translation - NAT<br />
What about protocols other than UDP and TCP?<br />
The description above involves a lot of use of port numbers. Unfortunately, the<br />
port-number fields are only present in TCP and UDP packets. For other IP protocols,<br />
like ICMP, OSPF, GRE, IPSEC, etc other methods have to be used.<br />
In the case of ICMP, things are a little more complicated. For Ping packets, there is<br />
an identifier field in the packet, that uniquely identifies each ping – NAT can make<br />
use of this field in a similar way to the UDP/TCP port number. For other ICMP<br />
information messages (port unreachable, host unreachable, etc) there are often IP<br />
addresses of the hosts inside the data section of the packet - there is extra work<br />
required for the NAT device to look inside the ICMP packet, and translate these<br />
addresses as necessary.<br />
For most other IP protocols, though, there usually is not a field in the packet that can<br />
uniquely identify a communication session (and therefore, which host on the LAN<br />
to send the replies to). So, usually, a static mapping (probably user configured) has<br />
to be used – e.g. a mapping like ‘all GRE packets arriving at the public interface,<br />
with a particular destination address, will be sent to a particular address on the<br />
private LAN’.<br />
So, there typically just is not the flexibility with the other protocols that there is with<br />
TCP and UDP.<br />
How can you let sessions into servers on the private<br />
LAN?<br />
Up until now, we have been looking at the situation where a host on the private<br />
LAN initiates a session to some external host. So, the NAT device intercepts the<br />
packets on the way out, and is associating source port numbers with internal IP<br />
addresses.<br />
However, what about the case where an external host wants to connect a host on the<br />
Private LAN? This session will, of course, be initiated by an incoming packet<br />
arriving at the public interface. It has been stated above that in general, such a<br />
packet will have to be dropped – if it is not a reply to an outgoing packet, there is no<br />
information about which internal host to forward it to.<br />
However, you may wish to actually make it possible for incoming sessions to access<br />
certain hosts on the private LAN. This has to be done by configuring specific static<br />
port mappings. For example, a mapping can be configured such that any TCP<br />
session coming into port 80 on the public interface is forwarded to a particular host<br />
on the private LAN; and any TCP session coming into port 25 on the public interface<br />
is forwarded to another (or maybe the same) host on the private LAN, and so on.<br />
In this way, servers on the private LAN can be made available for connections from<br />
external hosts. Of course, for any given port number, only one mapping is possible –<br />
so it is only possible to make one Web Server, one Mail Server, one FTP server, etc<br />
available.<br />
In the diagram below, we see a case of allowing external access to an FTP server and<br />
a WWW server. This would be achieved by have two static mappings on the NAT<br />
device:<br />
Incoming sessions to TCP port 21 are mapped to internal IP address 192.168.0.3<br />
Incoming sessions to TCP port 80 are mapped to internal IP address 192.168.0.2
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 185<br />
ftp://24.x.x.x (port 21)<br />
FTP Server IP:<br />
192.168.0.3<br />
WAN IP<br />
24.10.2.45<br />
Internet<br />
AT-RG6xx<br />
http://24.x.x.x (port 80)<br />
Web Server IP:<br />
192.168.0.2<br />
Figure 11. External access to an FTP server<br />
NAT support on AT-RG6xx Residential Gateway<br />
series<br />
AT-RG613, AT-RG623 and AT-RG656 NAT module is designed to provide the<br />
following features:<br />
• global IP address pools<br />
• reserved mappings<br />
• application level gateways (ALGs)<br />
NAT services are available between External security interface and Internal Security<br />
interfaces.<br />
In order to access NAT services, the NAT module must be enabled between a a pair<br />
of interfaces by using the NAT ENABLE command and assigning an arbitrary name<br />
to this relationship.<br />
<br />
<br />
Before enabling NAT, the Security module must be already enabled using<br />
SECURITY ENABLE command.<br />
See Security section for details regarding security interfaces.<br />
Global IP Address Pools<br />
A Global Address Pool is a pool of addresses seen from the external network. By<br />
default, each external interface creates a Global Address Pool with a single address –<br />
the address assigned to that interface.<br />
For outbound sessions, an address is picked from a pool by hashing the source IP<br />
address for a pool index and then hashing again for an address index. For inbound
186 Chapter 9 – Network Address Translation - NAT<br />
sessions to make use of the global pool, it is necessary to create a reserved mapping.<br />
See below for more information on reserved mappings.<br />
Reserved Mappings<br />
Reserved mapping is used to support NAT traversal.<br />
NAT traversal is a mechanism that makes a service (listening port) on an internal<br />
computer accessible to external computers. NAT traversal operates by having the<br />
NAT listen for incoming messages on a selected port on its external interface. When<br />
the NAT receives a message, it uses its internal interface to forward the packet to the<br />
same port number on a selected internal computer (And any responses from the<br />
internal computer are forwarded to the requesting external computer).<br />
Reserved mappings can also be used so that different internal hosts can share a<br />
global address by mapping different ports to different hosts.<br />
For example, Host A is an FTP server and Host B is a web server.<br />
By choosing a particular IP address in the global address pool, and mapping the<br />
FTP port on this address to the FTP port on Host A and the HTTP port on the global<br />
address to the HTTP port on Host B, both internal hosts can share the same global<br />
address.<br />
To add a reserved mapping rule to an existing NAT relation, use NAT ADD<br />
RESVMAP INTERFACE command.<br />
With this command it is possible set a mapping rule based on port number or<br />
protocol number.<br />
Setting the protocol number to 255(0xFF) means that the mapping will apply to all<br />
protocols. Setting the port number to 65535(0xFFFF) for TCP or UDP protocols<br />
means that the mapping will apply to all port numbers for that protocol.<br />
Application Level Gateways (ALGs)<br />
Some applications embed address and/or port information in the payload of the<br />
packet.<br />
The most notorious of these is FTP. For most applications, it is sufficient to create a<br />
trigger with address replacement enabled. However, there are 3 applications for<br />
which a specific ALG is provided: FTP, NetBIOS and DNS.<br />
Interactions of NAT and other security features.<br />
Firewall filters and reserved mappings.<br />
So far, the NAT reserved mappings have been considered independently of the<br />
firewall.<br />
If the firewall is not enabled, then all that is required to enable NAT to allow in TCP<br />
sessions to a certain port number is to create a reserved mapping for that particular<br />
TCP port number.<br />
However, if the firewall is enabled, there is a matter of precedence to consider if<br />
reserved mapping has been created for a particular TCP port but the firewall is not<br />
configured to allow in TCP data for that port.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 187<br />
In this case the blocking by the firewall will take precedence<br />
So, when the firewall has been enabled, care must be taken to ensure that when<br />
NAT reserved mapping are created, the firewall is also configured to allow in the<br />
traffic for which the reserve mapping is defined.<br />
NAT and Dynamic Port Opening<br />
The description of Dynamic Port Opening (see Security section) discussed that<br />
feature in the context of the firewall – ie the Dynamic Port Opening feature was<br />
presented as being required to allow secondary sessions in through the firewall.<br />
It should be noted that, by default, incoming sessions are not allowed through by<br />
NAT either. So, if NAT is enabled, even if the firewall is not enabled, then if you<br />
wish to be able to access services that involve incoming secondary sessions, then<br />
you will need to create Dynamic Port Opening definitions for those services.<br />
So, for example, if you have NAT enabled on the router, and wish for users on the<br />
LAN to be able to successfully access external RealServers, it will be necessary to<br />
create a dynamic port opening definition.<br />
NAT and secondary IP addresses<br />
NAT services work also with secondary IP addresses.<br />
In this case itʹs necessary create a secondary IP address using IP INTERFACE ADD<br />
SECONDARYIPADDRESS command and then create a security interface based on<br />
this secondary IP interface.<br />
Then a global pool must be added and a reserved mapping configured. If using<br />
PPPoE encapsulation, secondary IP addresses in the global pool must be on a<br />
separate subnet. If the secondary IP addresses are on the same subnet as the external<br />
IP address, the addresses are not visible to the external network.
188 Chapter 9 – Network Address Translation - NAT<br />
NAT Command <strong>Reference</strong><br />
This section describes the commands available on AT-RG613, AT-RG623 and AT-<br />
RG656 residential Gateway to enable, configure and manage NAT module.<br />
NAT CLI commands<br />
The table below lists the nat commands provided by the CLI:<br />
Command<br />
NAT ADD GLOBALPOOL<br />
NAT ADD RESVMAP GLOBALIP<br />
NAT ADD RESVMAP INTERFACENAME<br />
NAT CLEAR GLOBALPOOLS<br />
NAT CLEAR RESVMAPS<br />
NAT DELETE GLOBALPOOL<br />
NAT DELETE RESVMAP<br />
NAT DISABLE<br />
NAT ENABLE<br />
NAT IKETRANSLATION<br />
NAT LIST GLOBALPOOLS<br />
NAT LIST RESVMAPS<br />
NAT SHOW GLOBALPOOL<br />
NAT SHOW RESVMAP<br />
NAT STATUS<br />
NAT ADD GLOBALPOOL<br />
Syntax NAT ADD GLOBALPOOL {INTERNAL|DMZ} <br />
{SUBNETMASK |ENDADDRESS }<br />
Description The nat enable command creates an IP address for the external security interface.<br />
However, you may want to use more than one external IP address. For example, if<br />
your ISP provides multiple IP addresses, you might want to map one external<br />
address to your internal web server, and map another external address to your<br />
internal mail server.<br />
This command creates a pool of external network addresses. A network address<br />
pool is a range of IP addresses that is visible outside your network. NAT translates<br />
packets between the external addresses and the internal addresses that each address<br />
is mapped to.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 189<br />
There are two ways to specify a range of IP addresses:<br />
• specify the interfacename IP address and a subnet mask<br />
• specify the interfacename IP address that represents the first address in the range,<br />
then specify the last address in the range<br />
If you want to map IP addresses to individual hosts on an internal interface, you can<br />
use the command NAT ADD RESVMAP.<br />
<br />
Before adding a global address pool, the NAT module must be enabled using<br />
the command NAT ENABLE.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
interfacename<br />
INTERNAL<br />
DMZ<br />
ipaddress<br />
mask<br />
endaddress<br />
An arbitrary name that identifies a global<br />
network address or pool of addresses. It can<br />
be made up of one or more letters or a<br />
combination of letters and digits, but it<br />
cannot start with a digit.<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an internal interface (DMZ or internal)<br />
using the NAT ENABLE command. To<br />
display security interfaces, use the<br />
SECURITY LIST INTERFACES command.<br />
Maps the global IP addresses to hosts on the<br />
network attached to the internal interface.<br />
Maps the global addresses to hosts on the<br />
network attached to the DMZ interface.<br />
The IP address of the interfacename that is<br />
visible outside the network.<br />
The subnet mask that defines the range of<br />
addresses in the pool.<br />
The last IP address in the range of addresses<br />
that make up the global address pool.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example 1 This example creates a network address pool that allows NAT to translate packets<br />
between the external interface and the DMZ interface type.<br />
First, NAT is enabled between the external interface and the DMZ interface type:<br />
--> nat enable n1 extinterface dmz<br />
Then the global address pool is created, by defining IP address and netmask:
190 Chapter 9 – Network Address Translation - NAT<br />
--> nat add globalpool gp1 extinterface dmz 192.168.102.3<br />
subnetmask 255.255.255.0<br />
Example 2 This example creates a network address pool that allows NAT to translate packets<br />
between the external interface and the internal interface type.<br />
First NAT is enabled between the external interface and the internal interface type:<br />
--> nat enable n2 extinterface internal<br />
Then the global pool is created, by defining the start and end addresses of the pool:<br />
--> nat add globalpool gp2 extinterface internal 192.168.103.2<br />
endaddress 192.168.103.50<br />
See also NAT ENABLE<br />
NAT STATUS<br />
SECURITY LIST INTERFACES<br />
Once you have created an address pool, packets received on a specific IP address<br />
can be mapped to individual hosts inside the network. See NAT ADD RESVMAP.<br />
NAT ADD RESVMAP GLOBALIP<br />
Syntax NAT ADD RESVMAP GLOBALIP {TCP<br />
|UDP | ICMP | IGMP | IP| EGP| RSVP| OSPF| IPIP| ALL }<br />
Description This command maps an IP address from a global pool (created using the NAT ADD<br />
GLOBALPOOL command) to an individual IP address inside the network. NAT<br />
translates packets between the external IP address and the individual host based on<br />
the transport information given in this command.<br />
<br />
Note: Before you can add a reserved mapping, you must create a NAT<br />
relationship using the command NAT ENABLE.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
interfacename<br />
An arbitrary name that identifies a reserved<br />
mapping configuration. It can be made up<br />
of one or more letters or a combination of<br />
letters and digits, but it cannot start with a<br />
digit.<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
N/A<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 191<br />
globalip<br />
internalip<br />
(TCP) portno<br />
(UDP) portno<br />
ICMP<br />
IGMP<br />
IP<br />
EGP<br />
RSVP<br />
OSPF<br />
IPIP<br />
ALL<br />
An external IP address that is a member of a<br />
global address pool created using the ADD<br />
GLOBALPOOL command.<br />
The IP address of an individual host inside<br />
the network (attached to the internal or<br />
DMZ interface).<br />
The TCP port number that you want to use<br />
in your reserved mapping configuration.<br />
The UDP port number that you want to use<br />
in your reserved mapping configuration.<br />
Internet Control Message Protocol (ICMP)<br />
packets are to be translated. ICMP messages<br />
are used for out-of-band messages related<br />
to network operation or mis-operation. See<br />
http://www.ietf.org/rfc/rfc0792.txt.<br />
Internet Group Management Protocol<br />
(IGMP) is set as the transport type. Allows<br />
Internet hosts to participate in multicasting.<br />
See http://www.ietf.org/rfc/rfc1112.txt.<br />
Internetwork Protocol (IP). Provides all of<br />
the Internetʹs data transport services.<br />
http://www.ietf.org/rfc/rfc791.txt and<br />
http://www.ietf.org/rfc/rfc919.txt.<br />
Exterior Gateway Protocol (EGP) packets<br />
are to be translated. This is a protocol for<br />
exchanging routing information between<br />
autonomous systems. See<br />
http://www.ietf.org/rfc/rfc904.txt.<br />
Resource Reservation Protocol (RSVP<br />
packets are to be translated. Supports the<br />
reservation of resources across an IP<br />
network. See<br />
http://www.ietf.org/rfc/rfc2205.txt.<br />
Open Shortest Path First (OSPF) packets are<br />
to be translated. A link-state routing<br />
protocol. See http://www.ietf.org/rfc/rfc1583.<br />
IP-within-IP Encapsulation packets are to be<br />
translated. This protocol encapsulates an IP<br />
datagram within a datagram. See<br />
http://www.ietf.org/rfc/rfc2896.txt.<br />
All traffic is translated between the global<br />
IP address and the specified inside address<br />
that it is mapped to.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> nat add resvmap rm1 globalip extinterface 192.168.68.68<br />
10.10.10.10 tcp 25
192 Chapter 9 – Network Address Translation - NAT<br />
See also NAT ENABLE<br />
NAT LIST GLOBALPOOLS<br />
NAT STATUS<br />
SECURITY LIST INTERFACES<br />
NAT ADD RESVMAP INTERFACE NAME<br />
Syntax NAT ADD RESVMAP INTERFACENAME {TCP<br />
|UDP |ICMP|IGMP|IP|EGP|RSVP|OSPF|IPIP|ALL}<br />
Description This command maps an external IP security interface (included in a NAT<br />
relationship created using the NAT ENABLE command) to an individual IP address<br />
inside the network. NAT translates packets between the external IP address and the<br />
individual host based on the transport information given in this command.<br />
<br />
Note: Before you can add a reserved mapping, you create a NAT relationship<br />
using the command NAT ENABLE.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
interfacename<br />
internalip<br />
(TCP) portno<br />
(UDP) portno<br />
ICMP<br />
An arbitrary name that identifies a reserved<br />
mapping configuration. It can be made up<br />
of one or more letters or a combination of<br />
letters and digits, but it cannot start with a<br />
digit.<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
The IP address of an individual host inside<br />
the network (connected to the internal or<br />
DMZ interfaces).<br />
The TCP port number that you want to use<br />
in your reserved mapping configuration.<br />
The UDP port number that you want to use<br />
in your reserved mapping configuration.<br />
Internet Control Message Protocol (ICMP)<br />
packets are to be translated. ICMP messages<br />
are used for out-of-band messages related<br />
to network operation or mis-operation. See<br />
http://www.ietf.org/rfc/rfc0792.txt.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 193<br />
IGMP<br />
IP<br />
EGP<br />
RSVP<br />
OSPF<br />
IPIP<br />
ALL<br />
Internet Group Management Protocol<br />
(IGMP) packets are to be translated. Allows<br />
Internet hosts to participate in multicasting.<br />
See http://www.ietf.org/rfc/rfc1112.txt.<br />
Internetwork Protocol (IP). Provides all of<br />
the Internetʹs data transport services.<br />
http://www.ietf.org/rfc/rfc791.txt and<br />
http://www.ietf.org/rfc/rfc919.txt.<br />
Exterior Gateway Protocol (EGP) packets<br />
are to be translated. Protocol for exchanging<br />
routing information between autonomous<br />
systems. See http://www.ietf.org/rfc/rfc904.txt.<br />
Resource Reservation Protocol (RSVP<br />
packets are to be translated. Supports the<br />
reservation of resources across an IP<br />
network. See<br />
http://www.ietf.org/rfc/rfc2205.txt.<br />
Open Shortest Path First (OSPF packets are<br />
to be translated. A link-state routing<br />
protocol. See http://www.ietf.org/rfc/rfc1583.<br />
IP-within-IP Encapsulation packets are to be<br />
translated. This protocol encapsulates an IP<br />
datagram within a datagram. See<br />
http://www.ietf.org/rfc/rfc2896.txt.<br />
All traffic is translated between the global<br />
IP address and the specified inside address<br />
that it is mapped to.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> nat add resvmap rm1 interfacename extinterface 10.10.10.10<br />
tcp 25<br />
See also NAT ENABLE<br />
SECURITY LIST INTERFACES<br />
NAT CLEAR GLOBALPOOLS<br />
Syntax NAT CLEAR GLOBALPOOLS <br />
Description This command deletes all address pools that were added to a specific outside<br />
interface using the NAT ADD GLOBALPOOL command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
interfacename<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
N/A
194 Chapter 9 – Network Address Translation - NAT<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
Example --> nat clear globalpools extinterface<br />
See also NAT ADD GLOBALPOOL<br />
SECURITY LIST INTERFACES<br />
NAT CLEAR RESVMAPS<br />
Syntax NAT CLEAR RESVMAPS <br />
Description This command deletes all NAT reserved mappings that were added to an outside<br />
security interface using the NAT ADD RESVMAP command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
interfacename<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
N/A<br />
Example --> nat clear resvmaps extinterface<br />
See also NAT DELETE RESVMAP<br />
SECURITY LIST INTERFACES<br />
NAT DELETE GLOBALPOOL<br />
Syntax NAT DELETE GLOBALPOOL <br />
Description This command deletes a single address pool that was added to a specific external<br />
interface using the NAT ADD GLOBALPOOL command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing global IP<br />
address. To display global IP addresses, use<br />
the NAT LIST GLOBALPOOLS command.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 195<br />
interfacename<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
N/A<br />
Example --> nat delete globalpool gp1 extinterface<br />
See also NAT ADD GLOBALPOOL<br />
NAT LIST GLOBALPOOLS<br />
SECURITY LIST INTERFACES<br />
NAT DELETE RESVMAP<br />
Syntax NAT DELETE RESVMAP <br />
Description This command deletes a single NAT reserved mapping that was added to an<br />
external security interface using the NAT ADD RESVMAP command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
interfacename<br />
A name that identifies an existing global IP<br />
address. To display global IP addresses, use<br />
the NAT LIST RESVMAPS command.<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
N/A<br />
N/A<br />
Example --> nat delete resvmap rm1 extinterface<br />
See also NAT ENABLE<br />
NAT LIST RESVMAPS<br />
SECURITY LIST INTERFACES<br />
NAT DISABLE<br />
Syntax NAT DISABLE <br />
Description This command disables a NAT relationship that was previously enabled between a<br />
a security interface and another generic interface type, using the NAT ENABLE<br />
command. NAT is disabled between the security interface and all the interfaces that<br />
belong to the chosen interface type.
196 Chapter 9 – Network Address Translation - NAT<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
The name of an existing NAT relationship<br />
created between a security interface and an<br />
interface type using the NAT ENABLE<br />
command. To display enabled NAT objects,<br />
use the NAT STATUS command.<br />
N/A<br />
Example --> nat disable nat1<br />
See also NAT ENABLE<br />
NAT STATUS<br />
NAT ENABLE<br />
Syntax NAT ENABLE {INTERNAL|DMZ}<br />
Description This command enables NAT between an existing security interface and a network<br />
interface type. NAT is enabled between the security interface and all the interfaces<br />
that belong to the chosen network interface type.<br />
<br />
Note - You must enable the Security package using the command SECURITY<br />
ENABLE if you want to use the NAT module.<br />
An interface is either an inside or outside interface. The network attached to an inside<br />
interface needs to be protected from the network attached to an outside interface.<br />
For example, the network attached to an internal interface (inside) needs to be<br />
protected from the network attached to a DMZ (outside). Also, you can only enable<br />
NAT between two different interface types. For example, if interfacename is an<br />
external interface type, you can enable NAT between the interfacename and the<br />
internal or the DMZ interface type, but not the external interface type. The following<br />
interface combinations are the only ones that you can use:<br />
• external (outside) and internal (inside)<br />
• external (outside) and DMZ (inside)<br />
• DMZ (outside) and internal (inside)<br />
The existing security interface must be an outside interface. NAT translates packets<br />
between the outside interface and the inside interface type. In this way, the IP<br />
address of a host on a network attached to an inside interface is hidden from a host<br />
on a network attached to an outside interface.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 197<br />
name<br />
interfacename<br />
INTERNAL<br />
DMZ<br />
An arbitrary name that identifies a NAT<br />
object enabled between a security interface<br />
and an interface type. It can be made up of<br />
one or more letters or a combination of<br />
letters and digits, but it cannot start with a<br />
digit.<br />
The name of an existing security interface<br />
(external or DMZ) that was added to the<br />
Security package using the SECURITY ADD<br />
INTERFACE command. To display security<br />
interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
Allows NAT to be enabled/disabled<br />
between the interface interfacename and all<br />
interfaces of the internal interface type.<br />
Allows NAT to be enabled/disabled<br />
between the interface interfacename and all<br />
interfaces of the DMZ interface type. The<br />
interfacename must be an external interface<br />
type.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> nat enable nat1 extinterface internal<br />
See also NAT DISABLE<br />
NAT STATUS<br />
SECURITY LIST INTERFACES<br />
SECURITY ADD INTERFACE<br />
NAT IKETRANSLATION<br />
Syntax NAT IKETRANSLATION {COOKIES | PORTS}<br />
Description This command supports NAT IPSec traversal. It allows you to specify how Internet<br />
Key Exchange (IKE) packets are translated.<br />
IKE establishes a shared security policy and authenticates keys for services that require keys, such as IPSec.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
COOKIES<br />
PORTS<br />
Source port will not be translated for IKE<br />
packets; IKE cookies are used to identify<br />
IKE sessions.<br />
Source port will be translated for IKE<br />
packets.<br />
ports<br />
ports<br />
Example --> nat iketranslation cookies
198 Chapter 9 – Network Address Translation - NAT<br />
NAT LIST GLOBALPOOLS<br />
Syntax NAT LIST GLOBALPOOLS <br />
Description This command lists the following NAT address pool information for a specific<br />
outside interface:<br />
• Address pool identification number<br />
• Address pool name<br />
• Type of inside interface (internal or DMZ)<br />
• Subnet configuration status (true if the network pool was set using a subnet mask,<br />
false if it was set using a range of IP addresses)<br />
• IP address - the outside network IP address or the first address in the range of<br />
network pool addresses<br />
• Mask/End Address - the outside subnet mask of the outside network IP address<br />
or the last address in the range of network pool addresses<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 199<br />
Option Description Default Value<br />
interfacename<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
N/A<br />
Example<br />
--> nat list globalpools extinterface<br />
NAT global address pool:<br />
ID | Name | Type | Subnet | IP address | Mask/End Address<br />
----------------------------------------------------------------------<br />
1 | gp1 | dmz | true | 192.168.102.3 | 255.255.255.0<br />
2 | g2 | internal | false | 192.168.103.2 | 192.168.103.50<br />
----------------------------------------------------------------------<br />
See also SECURITY LIST INTERFACES<br />
NAT SHOW GLOBALPOOL<br />
NAT LIST RESVMAPS<br />
Syntax NAT LIST RESVMAPS <br />
Description This command lists the following reserved mapping information for a specific<br />
outside security interface:<br />
• Reserved mapping identification number<br />
• Reserved mapping name<br />
• Global address - the IP address of the outside security interface that is mapped to<br />
the inside IP address<br />
• Internal address - the IP address inside the network that the global IP address is<br />
mapped to<br />
• Transport type (IGMP, IPIP etc.)<br />
• Port - TCP or UDP port used by the transport type. If a non-TCP/UDP protocol is<br />
used, the port is set to 0.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value
200 Chapter 9 – Network Address Translation - NAT<br />
interfacename<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
N/A<br />
Example<br />
--> nat list resvmaps extinterface<br />
NAT reserved mappings:<br />
ID | Name | Global Address | Internal Address | Type | Port<br />
-----------------------------------------------------------------------<br />
1 | rm2 | 192.168.103.2 | 10.10.10.10 | tcp | 25<br />
2 | rm1 | 192.168.103.15 | 20.20.20.20 | udp | 21<br />
-----------------------------------------------------------------------<br />
See also SECURITY LIST INTERFACES<br />
NAT SHOW GLOBALPOOL<br />
Syntax NAT SHOW GLOBALPOOL <br />
Description This command displays information about a single network address pool that has<br />
been added to an outside interface:<br />
• Type of inside interface (internal or DMZ)<br />
• Subnet configuration status (true if the network pool was set using a subnet mask,<br />
false if it was set using a range of IP addresses)<br />
• IP address - the outside network IP address or the first address in the range of<br />
addresses<br />
• Subnet Mask or End Address - the subnet mask used to define the global address<br />
range or the last address in the range of addresses<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
interfacename<br />
A name that identifies an existing global IP<br />
address. To display global IP addresses, use<br />
the NAT LIST GLOBALPOOLS command.<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
N/A<br />
N/A<br />
Example --> nat show globalpool gpl extinterface<br />
NAT global address pool: gp1
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 201<br />
Interface type: dmz<br />
Subnet configuration: true<br />
IP address: 192.168.102.3<br />
Subnet mask or End Address: 255.255.255.0<br />
See also NAT LIST GLOBALPOOLS<br />
SECURITY LIST INTERFACES<br />
NAT SHOW RESVMAP<br />
Syntax NAT SHOW RESVMAP <br />
Description This command displays the following information about a single reserved mapping<br />
configuration that has been added to an outside security interface:<br />
• Global IP address<br />
• Internal IP address<br />
• Transport type<br />
• Port number<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
interfacename<br />
A name that identifies an existing global<br />
pool. To display global pool names, use the<br />
NAT LIST RESVMAPS command.<br />
The name of an existing security interface<br />
(external or DMZ) created and connected to<br />
an inside interface (DMZ or internal) using<br />
the NAT ENABLE command. To display<br />
security interfaces, use the SECURITY LIST<br />
INTERFACES command.<br />
N/A<br />
N/A<br />
Example --> nat show resvmap rm1 extinterface<br />
NAT reserved mapping: rm1<br />
Global IP address: 192.168.103.15<br />
Internal IP address: 20.20.20.20<br />
Transport type: tcp<br />
Port number: 25<br />
See also NAT LIST RESVMAPS<br />
SECURITY LIST INTERFACES<br />
NAT STATUS<br />
Syntax NAT STATUS
202 Chapter 9 – Network Address Translation - NAT<br />
Description This command lists the outside security interfaces and inside interface types that<br />
NAT is currently enabled between. It displays the following information:<br />
• NAT object identification number<br />
• NAT object name<br />
• Outside security interface name<br />
• Inside interface type<br />
Example --> nat status<br />
NAT enabled on:<br />
ID | Name | Interface | Type<br />
------------------------------------------<br />
1 | n2 | ip2 | internal<br />
2 | n1 | if1 | internal<br />
------------------------------------------<br />
See also NAT ENABLE
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 203<br />
Chapter 10<br />
IGMP snooping and IGMP proxy<br />
Multicasting Overview<br />
Multicasting is a technique developed to send packets from one location in the<br />
Internet to many other locations, without any unnecessary packet duplication. In<br />
multicasting, one packet is sent from a source and is replicated as needed in the<br />
network to reach as many end-users as necessary.<br />
The concept of a group is crucial to multicasting. Every multicast requires a<br />
multicast group; the sender (or source) transmits to the group address, and only<br />
members of the group can receive the multicast data. A group is defined by a Class<br />
D address.<br />
Multicasting is useful because it conserves bandwidth by replicating packets as<br />
needed within the network, thereby not transmitting unnecessary packets.<br />
Multicasting is the most economical technique for sending a packet stream (which<br />
could be audio, video, or data) from one location to many other locations on the<br />
Internet simultaneously.<br />
Of course, multicasting has to be a connectionless process. The server simply sends<br />
out its multicast UDP packets, with no idea who will be receiving them, and<br />
whether they get received. It would be quite impossible for the server to have to<br />
wait for ACKs from all the recipients, and remember to retransmit to those<br />
recipients from whom it does not receive ACKs. Apart from anything else the server<br />
does not know who the recipients are, or how many there are.<br />
Multicasting principles<br />
Group addresses<br />
A multicast stream is a stream of data whose destination address is a multicast<br />
address – ie an IP address with the first byte having a value of 224 to 240. The<br />
destination address used by a stream is referred to as its Group address. These<br />
Group Addresses, like all IP addresses, are a limited resource, and there are all sorts<br />
of rules about who may use addresses from which address ranges.
204 Chapter 10 – IGMP snooping and IGMP proxy<br />
Anyway, a server sends out its stream to a group multicast address but the way it is<br />
routed to the hosts that actually want to receive it is a very different process to<br />
routing unicast packets. With unicast packets, the destination address of the packet<br />
uniquely identifies the host who should receive the packet and all the routers along<br />
the path just need to look in their routing tables to work out which is the correct<br />
route to send the packet down.<br />
However, in the case of multicast, the stream is simply being sent out, with no<br />
particular knowledge of who wants to receive it, and where the recipients are. One<br />
approach would be for every router that receives a multicast stream on one interface<br />
to just retransmit that stream out ALL its other interfaces. In that way it would be<br />
guaranteed to eventually reach every host that might be interesting in receiving it.<br />
However, that would be an inefficient use of bandwidth, as a lot of the time the<br />
routers would sending the streams out along paths that do not contain any hosts<br />
that want to receive them. Given that the main reason for having multicasting is to<br />
make efficient use of bandwidth, this would not be a good approach.<br />
So, a more efficient approach is needed. This is where IGMP comes in.<br />
IGMP<br />
IGMP (Internet Group Management Protocol) is the protocol whereby hosts indicate<br />
that they are interested in receiving a particular multicast stream. When a host<br />
wants to receive a stream (in multicast jargon, this is called ‘joining a group’) it<br />
sends to its local router an IGMP packet containing the address of the group it<br />
wants to join – this is called an IGMP Membership report (sometimes called a Join<br />
packet).<br />
Now, the local router is generally going to be a long way from the server that is<br />
generating the stream. So, having received the IGMP join packet, the router then<br />
knows that it has to forward the multicast stream onto its LAN (if it is not doing so<br />
already). However, if the router is not already receiving the multicast stream from<br />
the server (probably many hops away) what does the router do next in order to<br />
ensure that the multicast stream gets to it? This is achieved by elaborate process<br />
involving multicast routing protocols like PIM, DVMRP, MOSPF<br />
The IGMP packet exchange proceeds as follows:<br />
At a certain period (default is 125 seconds), the router sends an IGMP query<br />
message onto the local LAN. The destination address of the query message is a<br />
special “all multicast groups” address. The purpose of this query is to ask “are there<br />
any hosts on the LAN that wish to remain members of Multicast Groups?”<br />
Hosts on the LAN receive the query, if any given host wishes to remain in a<br />
Multicast group, it sends a new IGMP Membership report (Join message) for that<br />
group (of course some hosts may be members of more than one group – so they will<br />
send join messages for all the groups that they are members of).<br />
The router looks at the responses it receives to its query, and compares these to the<br />
list of Multicast streams that it has currently registered to receive. If there are any<br />
items in that list for which it has not received query responses, it will send a<br />
message upstream, asking to no longer receive that stream – ie to be ‘pruned’ from<br />
the tree through which that stream is flowing.<br />
In IGMP version 2, the IGMP leave message was added. So, a host can now<br />
explicitly inform its router that it wants to leave a particular multicast group. So, the
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 205<br />
router keeps a table of how many hosts have joined particular groups, and removes<br />
hosts from the table when it receives leave messages, then it can know straight away<br />
when there are no hosts on its LAN that are still members of a given group. So, it<br />
can ask to be pruned from that tree straight away, rather than having to wait until<br />
the next query interval.<br />
Multicast MAC addresses<br />
Multicast IP addresses are Class D IP addresses. So, all IP addresses from 224.0.0.0<br />
to 239.255.255.255 are multicast IP addresses. They are also referred to as Group<br />
Destination Addresses (GDA).<br />
For each GDA there is an associated MAC address. This MAC address is formed by<br />
01-00-5e, followed by the last 23 bits of the GDA translated in hex. Therefore:<br />
230.20.20.20 corresponds to MAC 01-00-5e-14-14-14<br />
224.10.10.10 corresponds to MAC 01-00-5e-0a-0a-0a<br />
Consequently, this is not a one-to-one mapping, but a one-to-many mapping:<br />
224.10.10.10 corresponds to MAC 01-00-5e-0a-0a-0a<br />
226.10.10.10 corresponds to MAC 01-00-5e-0a-0a-0a, as well.<br />
It is required that when an IP multicast packet is sent onto an Ethernet, the<br />
destination MAC address of the packet must be the MAC address that corresponds<br />
to the packet’s GDA. So, it is possible, from the destination MAC address of a<br />
multicast packet, to know the set of values that its GDA must fall within.<br />
IGMP snooping<br />
IGMP snooping is a filtering process that AT-RG613, AT-RG623 and AT-RG656<br />
residential gateways perform at layer 2 to reduce the amount of multicast traffic on<br />
a LAN.<br />
It is designed to solve the problem when a multicast traffic is received from a layer 2<br />
switch due to join requests performed by hosts connected to some of the switch<br />
ports.<br />
If individual hosts on the LAN (ie hosts connected to ports on the switches) wish to<br />
receive multicast streams, then they will send out IGMP joins, which will get up to<br />
the multicast router; and the router will join into the appropriate multicast trees;<br />
and the multicast flows will then reach the router, and it will forward them into the<br />
LAN.<br />
By default, when a switch receives a multicast packet, it must forward it out all its<br />
ports (except the port upon which it was received). So, considering the example<br />
where only host number 1 actually requests to join a particular multicast group,<br />
what will happen is that all the hosts on the LAN will start receiving the multicast<br />
packets, as all the switches will forward the multicast packets to all their ports.<br />
This is rather a waste of bandwidth, and the purpose of multicasting is to make<br />
efficient use of bandwidth.<br />
The solution to this problem is to make the layer-2 switch aware of the IGMP<br />
packets that are being passed around. That is, although the IGMP packets are<br />
destined for the router, the layer-2 switch needs to ‘snoop’ them as they go past.
206 Chapter 10 – IGMP snooping and IGMP proxy<br />
Then the layer-2 switch can be aware which hosts have asked to join which<br />
multicast groups, and so will only forward the multicast data to the places where it<br />
really needs to go.<br />
IGMP snooping on AT-VP6x3 product family<br />
IGMP snooping is activated using the IGMP SNOOPING ENABLE command.<br />
When IGMP snooping is enabled, it works separately for each VLAN. All multicast<br />
traffic as well as multicast signaling generated within a VLAN is kept within VLAN<br />
boundaries.<br />
IGMP snooping on Residential Gateway is designed in order to allow AT-RG613,<br />
AT-RG623 and AT-RG656 models to work in a network environment where both<br />
multicast router(s) and multicast host(s) are present.<br />
Basically the Residential Gateway tries to construct an internal view of the multicast<br />
network based on the IGMP messages received both from multicast router(s) and<br />
multicast host(s).<br />
The following is a description of the IGMP snooping behavior that the Residential<br />
Gateway implements at layer 2.<br />
Multicast Router Port Discovery<br />
The system listens for IGMP Membership General Query packets sent to the<br />
address 01-00-5e-00-00-01 and records the port(s) where any such message has been<br />
received.<br />
In this way the Residential Gateway knows where multicast routers are located in<br />
order to forward report and leave messages only to the correct port(s).<br />
<br />
Note that multiple VLANs can be present in the system and therefore more than<br />
one multicast router can be present. The command IGMP SNOOPING SHOW<br />
reports the multicast router IP address discovered for each VLAN and the<br />
physical port where it has been detected.<br />
Multicast Hosts Port Discovery<br />
The system listens for unsolicited IGMP Report messages that hosts send to join a<br />
multicast group and records the port where each message has been received. The<br />
action that the RG6x3 performs after having received an IGMP report depends on<br />
the circumstances in which the packet is received. To understand this, let us<br />
consider two possible scenarios:<br />
• First Scenario: Host A is the first host in its Ethernet segment to join a group.<br />
Host A sends an unsolicited IGMP Membership report.<br />
The Residential Gateway intercepts the IGMP membership report sent Host A<br />
and creates a multicast entry for the group that host A was requesting and links<br />
this entry to the port on which it has received the report.<br />
It also resets a local Timeout timer to the Timeout Interval value (default 270secs).<br />
This timer is used to refresh the local multicast membership table periodically<br />
(see later in the description).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 207<br />
The Residential Gateway forwards the IGMP report on to the multicast router<br />
detected on the VLAN where host is attached. In this way the router will also<br />
receive the IGMP report and will update its multicast routing table accordingly.<br />
Immediately multicast traffic for the requested group address is forwarded only<br />
to the port where the report from Host A has been received.<br />
• Second Scenario: another host, host B, on the same Ethernet segment as host A,<br />
sends an IGMP report to join the same multicast group as host A.<br />
Host B sends an unsolicited IGMP Membership report.<br />
The Residential Gateway intercepts the IGMP membership report sent by Host B.<br />
As a multicast entry for this group already exists, the Residential Gateway simply<br />
adds the port to the already existing entry for that multicast group and resets the<br />
Timeout timer to the Timeout Interval.<br />
The command IGMP SNOOPING SHOW will report only the last host joined the<br />
group and the new value of the Timeout timer.<br />
If another host joins another multicast group or the same multicast group, the same<br />
procedures described in the first and second scenarios are performed, respectively.<br />
A new Group entry will be added whenever a new group has been joined.<br />
<br />
Note: In order to maintain group membership, the multicast router sends IGMP<br />
queries periodically. This query is intercepted by the Residential Gateway and<br />
forwarded to all ports on the switch. All hosts that are members of the group<br />
will answer that query. The IGMP protocol was designed in such a way that<br />
only one member of any group on any VLAN would have to respond to any<br />
given query. But, because the Residential Gateway intercepts the reports, the<br />
hosts do not see each other’s reports, and thus, all hosts send a report (instead of<br />
one per group). The Residential Gateway then forwards on to the router only<br />
one report per group from among all received responses.<br />
Leaving a Group<br />
When a host wants to leave group it sends an IGMP Leave message specific for the<br />
group it wants to leave.<br />
The Residential Gateway captures the IGMP Leave message and immediately sends<br />
an IGMP Group Specific Query on the port where it received the Leave message.<br />
The Leave Time value is used in the query message to request a fast response from<br />
other hosts which may be present on the same Ethernet segment.<br />
If no answer is received to the Query, and if no other ports have hosts joined to the<br />
same multicast group, then the leave messages is forwarded to the multicast router.<br />
In this way the multicast traffic the router is asked to stop sending any multicast<br />
data for that particular group.<br />
If other ports have hosts joined to the same multicast group, the IGMP Group<br />
Specific Query is also sent to all those ports.
208 Chapter 10 – IGMP snooping and IGMP proxy<br />
Only if no answers are received on all the ports within the Leave Time period, the<br />
leave message is forwarded to the multicast router.<br />
To change the Leave Time value, use the IGMP SNOOPING SET LEAVETIME<br />
command.<br />
<br />
Note: If the Leave Time period is set to 0 secs (see IGMP SNOOPING SET<br />
LEAVETIME command) and only one port has hosts joined the multicast group,<br />
the Residential Gateway immediately forwards the leave message to the<br />
multicast router and removes the multicast membership record without sending<br />
any IGMP Specific Query message.<br />
If more than one port has hosts joined the multicast group and Leave Time<br />
period is set to 0 secs the Residential Gateway removes the port from the<br />
multicast membership record without sending any IGMP Specific Query<br />
message and without forwarding the leave message to the multicast router.<br />
Timeout interval expiring<br />
When the Timeout Interval expires, the Residential Gateway sends an IGMP Specific<br />
Group Query to discover if there is any host on the port that is member of a<br />
particular multicast group.<br />
If no answer is received, the Residential Gateway sends a leave message specific for<br />
the multicast group to the multicast router.<br />
IGMP proxy<br />
Independently of IGMP snooping, the AT-RG613, AT-RG623 and AT-RG656<br />
residential gateways also support IGMP proxy.<br />
IGMP proxy is a layer-3 feature that allows multicast traffic to be routed between<br />
multiple IP interfaces.<br />
As noted in the previous section, by default, multicast traffic is limited to the VLAN<br />
where it is received. If a host joins a multicast group but multicast traffic is received<br />
on another VLAN to which the host is not connected, the multicast traffic will never<br />
reach the host.<br />
IGMP proxy overrides this limitation, with the only constraint that multicast traffic<br />
must be received only on one IP interface called the upstream interface.<br />
In this case, when a host joins a multicast group, the IP interface attached to the<br />
transport (VLAN) where the host is located, becomes a downstream interface. It will<br />
receive all the multicast traffic related to the group that the host has joined.<br />
To define the upstream IP interface use the IGMP PROXY SET<br />
UPSTREAMINTERFACE command.<br />
To show the multicast groups currently registeredwith the IGMP proxy on the<br />
Residential Gateway use the IGMP PROXY SHOW STATUS command.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 209<br />
IGMP Snooping Command <strong>Reference</strong><br />
This section describes the commands available on AT-RG613, AT-RG623 and AT-<br />
RG656 Residential Gateway to enable, configure and manage the IGMP snooping<br />
feature.<br />
IGMP snooping CLI commands<br />
The table below lists the igmp snooping commands provided by the CLI:<br />
Command<br />
IGMP SNOOPING DISABLE<br />
IGMP SNOOPING ENABLE<br />
IGMP SNOOPING SET LEAVETIME<br />
IGMP SNOOPING SET QUERYINTERVAL<br />
IGMP SNOOPING SET TIMEOUT<br />
IGMP SNOOPING SHOW<br />
IGMP SNOOPING DISABLE<br />
Syntax IGMP SNOOPING DISABLE<br />
Description This command disables the layer- 2 IGMP snooping feature previously enabled<br />
with the IGMP SNOOPING ENABLE command.<br />
Example --> igmp snooping disable<br />
See also IGMP SNOOPING ENABLE<br />
IGMP SNOOPING ENABLE<br />
Syntax IGMP SNOOPING ENABLE<br />
Description This command enables the layer-2 IGMP snooping feature.<br />
Default timeout values are used:<br />
leavetime<br />
queryinterval<br />
timeout<br />
10secs<br />
125secs<br />
270secs<br />
Example --> igmp snooping enable.<br />
See also IGMP SNOOPING DISABLE<br />
IGMP SNOOPING SET
210 Chapter 10 – IGMP snooping and IGMP proxy<br />
IGMP SNOOPING SET LEAVETIME<br />
Syntax IGMP SNOOPING SET LEAVETIME <br />
Description This command sets the duration of the Leave Period timer for the IGMP snooping<br />
process. The timer controls the maximum allowed time before hosts must send a<br />
response to Query message issued by the Residential Gateway.<br />
When IGMP snooping is enabled, by default this value is set to 10 secs.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
leavetime<br />
The leavetime value expressed in seconds.<br />
Valid values are from 0 to 65535.<br />
10<br />
Example --> igmp snooping set leavetime 50<br />
See also IGMP SNOOPING ENABLE<br />
IGMP SNOOPING SET QUERYINTERVAL<br />
Syntax IGMP SNOOPING SET QUERYINTERVAL <br />
Description This command sets the time interval, in seconds, at which IGMP Host Membership<br />
Queries are sent. When IGMP snooping is enabled, by default this value is set to 125<br />
secs.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
queryinterval<br />
The Query Interval value expressed in<br />
seconds.<br />
Valid values are from 1 to 65535.<br />
125<br />
Example --> igmp snooping set queryinterval 110<br />
See also IGMP SNOOPING ENABLE<br />
IGMP SNOOPING SET TIMEOUT<br />
Syntax IGMP SNOOPING SET TIMEOUT <br />
Description This command sets the longest interval, in seconds, for which a group will remain
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 211<br />
in the local multicast group database without the Residential Gateway receiving a<br />
Host Membership Report for this multicast group.<br />
When IGMP snooping is enabled, by default this value is set to 270 secs.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
timeout<br />
The timeout interval value expressed in<br />
seconds.<br />
Valid values are from 1 to 65535.<br />
270<br />
Example --> igmp snooping set timeout 125<br />
See also IGMP SNOOPING ENABLE<br />
IGMP SNOOPING SHOW<br />
Syntax IGMP SNOOPING SHOW<br />
Description This command show IGMP snooping status.<br />
The following information are reported:<br />
Query Interval<br />
Interval at which Host Membership Queries are<br />
sent.<br />
Timeout Interval<br />
Interface Name<br />
Multicast Router<br />
Group List<br />
Group<br />
Interval after which entries will be removed<br />
from the group database.<br />
VLAN reference.<br />
Recognized Multicast route.<br />
Membership list for this VLAN.<br />
The group multicast address. “Multicast Filter”<br />
highlights members useful to stop<br />
Port<br />
Last Adv<br />
Refresh time<br />
Port where the member is attached.<br />
The last host to advertise the membership<br />
report or query.<br />
The time interval (in seconds) until the<br />
membership group will be deleted.<br />
See also IGMP SNOOPING ENABLE
212 Chapter 10 – IGMP snooping and IGMP proxy<br />
IGMP Proxy Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the IGMP proxy<br />
feature.<br />
IGMP proxy CLI commands<br />
The table below lists the IGMP PROXY commands provided by the CLI:<br />
Command<br />
IGMP PROXY SET<br />
IGMP PROXY SHOW<br />
IGMP PROXY SET UPSTREAMINTERFACE<br />
Syntax IGMP PROXY SET UPSTREAMINTERFACE { | NONE}<br />
Description This command enables the residential gatewayʹs IGMP Proxy, and sets one of the<br />
existing IP interfaces as the upstream interface; all other interfaces are designated<br />
downstream interfaces. The upstream interface implements the Host portion of the<br />
IGMP protocol, and the downstream interfaces implement the Router portion of the<br />
IGMP protocol. The IGMP Proxy may be disabled by setting upstream interface to<br />
none.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ip_interface<br />
The name of an existing interface that you<br />
want to set as the upstreaminterface.<br />
N/A<br />
NONE Disables IGMP proxy N/A<br />
Example --> igmp proxy set upstreaminterface ip0<br />
See also IGMP PROXY SHOW STATUS<br />
IGMP PROXY SHOW UPSTREAMINTERFACE<br />
Syntax IGMP PROXY SHOW UPSTREAMINTERFACE<br />
Description This command displays the status of the upstream interface. If an upstream<br />
interface has been set using the IGMP PROXY SET UPSTREAMINTERFACE<br />
command, this command displays the current setting.<br />
Example --> igmp proxy show upstreaminterface<br />
IGMP Proxy configuration
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 213<br />
Upstream If : ip0<br />
See also IGMP PROXY SET UPSTREAMINTERFACE<br />
IGMP PROXY SHOW STATUS<br />
Syntax IGMP PROXY SHOW STATUS<br />
Description This command displays the following information about the status of IGMP proxy:<br />
• IGMP Proxy group membership per interface details<br />
• Interface name and querier status<br />
• Group address<br />
Example --> igmp proxy show status<br />
Multicast group membership:<br />
Interface (querier) | Group address<br />
---------------------|-----------------<br />
eth0 (yes) | 239.255.255.250<br />
---------------------------------------<br />
See also IGMP PROXY SHOW UPSTREAMINTERFACE
214 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
Chapter 11<br />
Dynamic Host Configuration Protocol - DHCP<br />
Introduction<br />
The Dynamic Host Configuration Protocol (DHCP) is defined in RFC 1541 and<br />
provides a mechanism for passing configuration information to hosts on a TCP/IP<br />
network.<br />
DHCP is based on the Bootstrap Protocol (BOOTP) defined in RFC 1542, but adds<br />
automatic allocation of reusable network addresses and additional configuration<br />
options.<br />
DHCP is based on a client–server model, where the server is the host that allocates<br />
network addresses and initialization parameters, and the client is the host that<br />
requests these parameters from the server.<br />
There are a number of parameters that a DHCP server can supply to clients in<br />
addition to assigning IP addresses. They can supply addresses of DNS server, WINS<br />
Server, Cookie server etc… Also, they can supply the gateway address for the LAN.<br />
DHCP supports three mechanisms for IP address allocation<br />
• In the automatic allocation mechanism, DHCP assigns a permanent IP address to a<br />
host.<br />
• In the dynamic allocation mechanism, DHCP assigns an IP address to a host for a<br />
limited period of time, or until the host explicitly relinquishes the address.<br />
• In the manual allocation mechanism, the network administrator assigns a host’s IP<br />
address, and DHCP is used simply to convey the assigned address to the host. A<br />
particular network will use one or more of these mechanisms, depending on the<br />
policies of the network administrator.<br />
Dynamic allocation is the only one of the three mechanisms that allows automatic<br />
reuse of an address that is no longer needed by the host to which it was assigned.<br />
Dynamic allocation is particularly useful for assigning an address to a host that will<br />
be connected to the network only temporarily, or for sharing a limited pool of IP<br />
addresses among a group of hosts that do not need permanent IP addresses.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 215<br />
Dynamic allocation may also be a good choice for assigning an IP address to a new<br />
host being permanently connected to a network where IP addresses are sufficiently<br />
scarce that it is important to reclaim them when old hosts are retired.<br />
DHCP support on AT-RG6xx Residential Gateway<br />
series<br />
The AT-RG613, AT-RG623 and AT-RG656 are able to act both as DHCP server and<br />
as DHCP client.<br />
Typically, DHCP server features are activated on the internal network to assign IP<br />
address to hosts connected to the internal interfaces. The DHCP client function,<br />
instead, is used on the external interface to get IP addresses from the ISP.<br />
The AT-RG613, AT-RG623 and AT-RG656 also support DHCP relay functionality. In<br />
this case the Residential Gateway picks up DHCP requests sent by hosts connected<br />
to the internal interfaces, and forwards their requests to an external DHCP server<br />
and then routes back to the hosts the replies that are received from the server.<br />
DHCP server<br />
The DHCP protocol allows a host which is unknown to the network administrator<br />
to be automatically assigned a new IP address out of a pool of IP addresses for its<br />
network. In order for this to work, the network administrator allocates address<br />
pools for each available subnet and enters them into the dhcpd.conf file.<br />
On startup, the DHCP server software reads the dhcpd.conf file and stores a list of<br />
available addresses on each subnet. When a client requests an address using the<br />
DHCP protocol, the server allocates an address for it.<br />
Each client is assigned a lease, which expires after an amount of time chosen by the<br />
administrator (by default, 12 hours). Some time before the leases expire, the clients<br />
to which leases are assigned are expected to renew them in order to continue to use<br />
the addresses. Once a lease has expired, the client to which that lease was assigned<br />
is no longer permitted to use the leased IP address and must resort back to the<br />
DHCPDISCOVER mechanism ( see RFC 2131) to request a new lease.<br />
In order to keep track of leases across system reboots and server restarts, the server<br />
keeps a list of leases it has assigned in the dhcpd.leases file (stored in ISFS)<br />
Before a lease is granted to a host, it records the lease in this file. Upon startup, after<br />
reading the dhcpd.conf file, the DHCP server reads the dhcpd.leases file to gain<br />
information about which leases had been assigned before reboot.<br />
New leases are appended to the end of the lease file.<br />
In order to prevent the file from becoming arbitrarily large, the server periodically<br />
creates a new dhcp.leases file from its lease database in memory.<br />
If the system crashes in the middle of this process, only the lease file present in flash<br />
memory can be restored. This gives a window of vulnerability whereby leases may<br />
be lost.<br />
BOOTP support is also provided by this server. Unlike DHCP, the BOOTP protocol<br />
does not provide a protocol for recovering dynamically-assigned addresses once
216 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
they are no longer needed. It is still possible to dynamically assign addresses to<br />
BOOTP clients, but some administrative process for reclaiming addresses is<br />
required. By default, leases are granted to BOOTP clients in perpetuity, although the<br />
network administrator may set an earlier cut-off date or a shorter lease length for<br />
BOOTP leases if that makes sense.<br />
Example:<br />
This paragraph provides a guide to configuring the DHCP server using commands<br />
available on the CLI.<br />
Letʹs assuming that in the system there has been defined an internal interface (where<br />
the DHCP Server module will run) with the following IP address and netmask:<br />
192.168.219.1 255.255.255.<br />
The following DHCP server configuration will create a range of 10 available IP<br />
addresses in the 192.168.219.0 subnet:<br />
dhcpserver add subnet mysubnet 192.168.219.0 255.255.255.0 192.168.219.10<br />
192.168.219.20<br />
dhcpserver set subnet mysubnet defaultleasetime 1800<br />
dhcpserver set subnet mysubnet maxleasetime 86000<br />
dhcpserver subnet mysubnet add option domain-name-servers 192.168.220.30<br />
dhcpserver subnet mysubnet add option routers 192.168.221.40<br />
dhcpserver subnet mysubnet add option irc-server 10.5.7.20<br />
dhcpserver subnet mysubnet add option auto-configure 1<br />
• Default lease time and maximum lease time are set to 1800 seconds and 86000<br />
seconds, respectively.<br />
• Four DHCP options are configured, in addition to the usual IP address and<br />
subnet mask:<br />
• DNS server address of 192.168.220.30;<br />
• default gateway address of 192.168.221.40;<br />
• IRC server address of 10.5.7.20;<br />
• and the “auto-configure” option, which will allow use of address autoconfiguration<br />
by clients on the network.<br />
Instead of specifying the ʺdomain-name-serversʺ and ʺroutersʺ options manually,<br />
the following commands could have been used which provide automatic values for<br />
these options:<br />
dhcpserver set subnet mysubnet hostisdnsserver enabled<br />
dhcpserver set subnet mysubnet hostisdefaultgateway enabled<br />
This will result in the DHCP server taking the IP address of the IP interface it is<br />
running on, and supplying that address to DHCP clients as the DNS server and<br />
default gateway, respectively. This is especially useful in a deployment that utilizes<br />
the DNS relay on the residential gateway.<br />
<br />
Note that for DHCP clients using DHCPINFORM, the above declarations mean<br />
that the server would supply the given configuration options to any client that<br />
is on the 192.168.219.x subnet. This even includes clients that are not included in<br />
the available address ranges – this is sensible, since ideally the DHCP server
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 217<br />
should not have addresses available to give out that may already belong to<br />
hosts on the same subnet.<br />
The CLI can also be used to define fixed host/IP address mappings. For example, the<br />
command:<br />
dhcpserver add fixedhost myhost 192.168.219.5 00:20:2b:01:02:03<br />
Will add a fixed mapping of the IP address 192.168.219.5 to a host whose ethernet<br />
MAC address is 00:20:2b:01:02:03.<br />
<br />
<br />
Note that fixed IP mappings cannot overlap with dynamic IP ranges on a<br />
subnet, and vice-versa (you will receive an error message if you try to do this).<br />
Note that you will still need to have a suitable subnet declaration – for example,<br />
a subnet 192.169.219.0 with netmask 255.255.255.0, as shown earlier. Any<br />
configuration options you define in this subnet will also be offered to every<br />
fixed host you have added which is also on the given subnet.<br />
It is also possible to assign a maximum lease duration to fixed DHCP clients as<br />
follows:<br />
dhcpserver set fixedhost myhost maxleasetime 7200<br />
In this context, a fixed lease duration would normally be used to allow DHCP<br />
clients to see changes in offered options quickly. The IP address itself is always<br />
guaranteed to be available for assignment to the specific host (unless there are other<br />
DHCP servers on the same network that are deliberately configured to conflict).<br />
You might see the following message if you have ever turned off the DHCP server:<br />
<br />
Note the DHCP server is not currently enabled.<br />
dhcpserver enable<br />
dhcpserver update<br />
If you see this, issue the following command:<br />
The final step is to tell the system to update the DHCP server software with the new<br />
IP interface and configuration that has been defined. To do this, issue the following<br />
command:<br />
<br />
NOTE: NO configuration changes that you have made on the DHCP server will<br />
take effect until you enter the DHCPSERVER UPDATE command.
218 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
DHCP client<br />
A DHCP client uses the facilities of the IP stack to transmit and receive DHCP<br />
packets. This information is processed by the client and passed back to the IP stack<br />
to complete interface configuration for the lease duration.<br />
A DHCP client is created on a given interface by using the IP SET INTERFACE<br />
command with the parameter dhcp enabled. After this, the IP settings are discovered<br />
for the interface (Itʹs possible define one or more interfaceconfig rules to customize<br />
the option that must be requested).<br />
This section describes how these settings are discovered.<br />
Firstly, the interface is disabled for all non-DHCP traffic. This will reset the IP<br />
address and subnet mask of each nominated interface to 0.0.0.0.<br />
The DHCP client learns its required configuration details via a DHCPDISCOVER<br />
request.<br />
If configuration details are not successfully obtained using DHCP, the DHCP client<br />
will retry indefinitely in order to learn them, as described in RFC2131 (unless the<br />
interface is disabled). Retry characteristics can be defined using DHCPCLIENT SET<br />
RETRY command.<br />
Once the DHCP client has accepted a suitable configuration for the interface, it has<br />
to configure the IP stack appropriately. This involves allocating the new IP address<br />
to the interface and configuring the subnet for the interface.<br />
Addresses allocated by DHCP expire after the specified lease time runs out. If this<br />
happens, the DHCP client must relearn its configuration by repeating the process<br />
described above. The client will attempt to initiate renewal of a held lease well<br />
before it is due to expire (approximately half way through the total duration of the<br />
lease). This avoids the problem of an active interface being unexpectedly disabled<br />
and dropping normal IP traffic.<br />
The DHCP client on the AT-RG613, AT-RG623 and AT-RG656 DHCP conforms to<br />
most of the specification given in RFC2131. A subset of the DHCP options described<br />
in RFC2132 is supported.<br />
The residential Gateway DHCP client accepts and makes use of the following<br />
information:<br />
• IP address<br />
• Subnet mask<br />
• Default route (one only)<br />
• Domain name servers (up to two can be usefully supported by DNS relay)<br />
• Host name or dhcp-client-identifier. This option can be used to specify a client<br />
identifier in a host declaration, so that a DHCP server can find the host record by<br />
matching against the client identifier. This option can be useful when attempting<br />
to operate the DHCP client with a Microsoft DHCP server.<br />
<br />
Note: When attempting to use a DHCP client with a Microsoft DHCP server,<br />
then “send dhcpclient-identifier” is mandatory, and must be specifically set to
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 219<br />
the MAC address of the device upon which the client is running; otherwise<br />
DHCP will not work at all.<br />
Lease requirements and requests<br />
The DHCP protocol allows the client to request that the server send it specific<br />
information, and not send it other information that it is not prepared to accept. The<br />
protocol also allows the client to reject offers from servers if they do not contain<br />
information the client needs, or if the information provided is not satisfactory.<br />
Using the DHCPCLIENT INTERFACE CONFIG ADD REQUESTED OPTION<br />
command causes the client to request that any server responding to the client send<br />
the client its values for the specified options. Only the option names should be<br />
specified in the request statement - not option parameters.<br />
Using the DHCPCLIENT INTERFACE CONFIG ADD REQUIRED OPTION<br />
command configures a lists of options that must be sent in order for an offer to be<br />
accepted. Offers that do not contain all the listed options will be ignored.<br />
Using the DHCPCLIENT INTERFACE CONFIG ADD SENT OPTION command<br />
causes the client to send the specified options to the server with the specified values.<br />
Options that are always sent in the DHCP protocol should not be specified here,<br />
except that the client can specify a requested-lease-time option other than the default<br />
requested lease time, which is two hours. The other obvious use for this statement is<br />
to send information to the server that will allow it to differentiate between this client<br />
and other clients or kinds of clients.<br />
Support for AutoIP<br />
The DHCP client supports also IP address auto-configuration, to b e referred to as<br />
“AutoIP” in this manual . This includes support for RFC2563, which allows network<br />
administrators to configure DHCP servers to deny this auto-configuration capability<br />
to clients.<br />
In summary, AutoIP will be engaged after a DHCP client fails to contact a DHCP<br />
server and cannot obtain a lease. A pseudo-random algorithm invents an IP address<br />
on the 169.254 subnet. Collisions are avoided by issuing ARP requests for the<br />
suggested IP address, abandoning the address if it is already active on the network.<br />
Additionally, the suggested address will be abandoned if any other host on the<br />
network issues an ARP probe (i.e. the host issuing the ARP has source address<br />
0.0.0.0) for that IP address.<br />
Having auto-configured an IP address, the DHCP client will periodically check that<br />
it still cannot contact a DHCP server. If the client finds it can now obtain a legitimate<br />
lease from a DHCP server, this lease will supercede any auto-configured IP address.<br />
To turn on the AutoIP feature use DHCPCLIENT SET INTERFACECONFIG<br />
AUTOIP ENABLED command<br />
To prevent the DHCP client from using AutoIP, USE DHCPCLIENT SET<br />
INTERFACECONFIG AUTOIP DISABLED command.
220 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
Additional DHCP client modes<br />
There are two additional DHCP client modes for more fine control of how<br />
configuration parameters are accepted and propagated. The first mode allows you<br />
to choose how DNS servers are to be used; the second mode allows you to use<br />
parameters received on a DHCP client interface to automatically set up a DHCP<br />
server on another interface in the system.<br />
Propagating DNS server information<br />
You can tell the DHCP client what to do with received DNS server addresses. The<br />
pertinent attributes are giveDnsToRelay and giveDnsToClient. As is evident from the<br />
parameter names, the effect of these settings is to cause the DHCP process to pass to<br />
the DNS relay and client processes the DNS server address(es) it has learnt, which<br />
they are then able to use for DNS queries.<br />
By default, DNS server addresses are only given to the DNS relay, if present.<br />
For example, to set this up via the CLI, the following command sequence can be<br />
used:<br />
dhcpclient add interfaceconfig client1 eth0<br />
dhcpclient interfaceconfig 1 add requested option domain-name-servers<br />
dhcpclient set interfaceconfig client1 givednstorelay enabled<br />
dhcpclient set interfaceconfig client1 givednstoclient enabled<br />
Automatically setting up a DHCP server<br />
It is possible to tell the DHCP client to use parameters it has obtained to<br />
automatically set up a DHCP server.<br />
If you choose this mode, you must tell DHCP client how large an IP address lease<br />
pool you would like the new server to have, and which IP interface you want the<br />
new DHCP server to bind to.<br />
If you do not supply any interface information, the DHCP client will try to place the<br />
DHCP server on the first LAN interface it finds (the DHCP client will regard an IP<br />
interface as being a LAN interface)<br />
The new DHCP server’s address pool will start one IP address after the IP address<br />
of the interface upon which the DHCP server has been set up. That is, if the DHCP<br />
client is configured to set up the DHCP server on an IP interface named ʺuplinkʺ,<br />
with address 192.168.219.2, the address range will commence from address<br />
192.168.219.3.<br />
At present, the new DHCP server will give out any DNS server addresses received<br />
by the DHCP client. It will then advertise its own host IP address as being the<br />
default gateway.<br />
To set this up via the CLI, the following command sequence can be used:<br />
dhcpclient add interfaceconfig client1 eth0<br />
dhcpclient interfaceconfig 1 add requested option domain-name-servers<br />
dhcpclient set interfaceconfig client dhcpserverpoolsize 30<br />
dhcpclient set interfaceconfig client1 dhcpserverinterface uplink
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 221<br />
Example<br />
This paragraph provides a guide to setting up a DHCP client using commands<br />
available in the CLI.<br />
Letʹs assume that the system has been configured wirh an interface named eth0. The<br />
first step is to enable the dhcp flag on this interface:<br />
ip set interface eth0 dhcp enabled<br />
DHCP client configuration is optional. You do not need to perform these steps<br />
unless you have special requirements, such as specifying whether the use of AutoIP<br />
is allowed, specific requirements for which options are to be negotiated from a<br />
DHCP server, or specific requirements about what to do with option values when<br />
they are received.<br />
dhcpclient add interfaceconfig mycfg eth0<br />
dhcpclient set interfaceconfig mycfg requestedleasetime 3600<br />
dhcpclient set interfaceconfig mycfg clientid 00:20:2b:01:02:03<br />
dhcpclient set interfaceconfig mycfg autoip enabled<br />
dhcpclient set interfaceconfig mycfg givednstorelay enabled<br />
dhcpclient interfaceconfig mycfg add requested option domain-name-servers<br />
dhcpclient interfaceconfig mycfg add required option routers<br />
dhcpclient interfaceconfig mycfg add sent option host-name ’"galapagos"’<br />
<br />
Note: For options with string-type values associated with them, the option<br />
value must be in double-quotes (ʺ). Also, the entire string including the double<br />
quotes must be inside single quotes (ʹ) to ensure that the CLI treats the double<br />
quotes literally.<br />
These commands create a new DHCP client interface configuration related to the IP<br />
interface you defined earlier. Let us consider, line by line, what the above<br />
configuration does:<br />
• A lease time of one hour is requested.<br />
• A client identifier of 00:20:2b:01:02:03 is specified.<br />
• In the event of a DHCP server being unavailable, the DHCP client will<br />
automatically assign an address using AutoIP.<br />
• Any DNS server addresses received from a server will be passed to the DNS<br />
relay. (There is also an analogous option to pass the addresses to the DNS client).<br />
• For this to occur, the DHCP client must request DNS server addresses from a<br />
server (maps onto the ʺrequestʺ directive).<br />
• The DHCP client will insist that a default gateway parameter is present in any<br />
lease offer (maps onto the ʺrequireʺ directive).<br />
• Finally, the DHCP client will send out ʺgalapagosʺ as the value of the host name<br />
option – this can be used by some ISPs as part of a simple authentication process<br />
(maps onto the ʺsendʺ directive).<br />
The final step is to tell the Residential Gateway to update the DHCP client software<br />
with the new IP interface and configuration that has been defined. To do this, issue<br />
the following command:
222 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
dhcpclient update<br />
<br />
NOTE: NO configuration changes that you have made on the DHCP client will<br />
take effect until you enter the DHCPCLIENT UPDATE command.<br />
DHCP Relay<br />
A DHCP relay uses the facilities of the IP stack to transmit and receive DHCP<br />
packets.<br />
From a DHCP client’s point of view, the relay acts as a de-facto DHCP server, and<br />
this operation is transparent. This is useful where a network administrator only<br />
wishes to have one DHCP server across several physical and logical sub-networks.<br />
The relay works by forwarding all broadcasted client requests to one or more<br />
known DHCP servers.<br />
Server replies are then either broadcast or unicast back to the client via the DHCP<br />
relay.<br />
<br />
Note DHCP Server and DHCP relay cannot coexist simultaneously
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 223<br />
DHCP Server Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage DHCP Server<br />
module.<br />
DHCP server CLI commands<br />
The table below lists the DHCP server commands provided by the CLI:<br />
Command<br />
DHCPSERVER ADD FIXEDHOST<br />
DHCPSERVER ADD SUBNET<br />
DHCPSERVER CLEAR FIXEDHOST<br />
DHCPSERVER CLEAR SUBNETS<br />
DHCPSERVER DELETE FIXEDHOST<br />
DHCPSERVER DELETE SUBNET<br />
DHCPSERVER ENABLE|DISABLE<br />
DHCPSERVER LIST FIXEDHOST<br />
DHCPSERVER LIST OPTIONS<br />
DHCPSERVER LIST SUBNETS<br />
DHCPSERVER SET ALLOWUNKNOWNCLIENTS<br />
DHCPSERVER SET BOOTP<br />
DHCPSERVER SET DEFAULTLEASETIME<br />
DHCPSERVER SET FIXEDHOST IPADDRESS<br />
DHCPSERVER SET FIXEDHOST MACADDRESS<br />
DHCPSERVER SET FIXEDHOST MAXLEASETIME<br />
DHCPSERVER SET MAXLEASETIME<br />
DHCPSERVER SET SUBNET DEFAULTLEASETIME<br />
DHCPSERVER SET SUBNET HOSTISDEFAULTGATEWAY<br />
DHCPSERVER SET SUBNET HOSTISDNSSERVER<br />
DHCPSERVER SET SUBNET MAXLEASETIME<br />
DHCPSERVER SET SUBNET SUBNET<br />
DHCPSERVER SHOW<br />
DHCPSERVER SHOW SUBNET<br />
DHCPSERVER SUBNET ADD IPRANGE<br />
DHCPSERVER SUBNET ADD OPTION<br />
DHCPSERVER SUBNET CLEAR IPRANGES
224 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
DHCPSERVER SUBNET CLEAR OPTIONS<br />
DHCPSERVER SUBNET DELETE IPRANGE<br />
DHCPSERVER SUBNET DELETE OPTION<br />
DHCPSERVER SUBNET LIST IPRANGES<br />
DHCPSERVER SUBNET LIST OPTIONS<br />
DHCPSERVER UPDATE<br />
DHCPSERVER ADD FIXEDHOST<br />
Syntax DHCPSERVER ADD FIXEDHOST <br />
Description This command creates a new fixed host mapping in the DHCP server.<br />
The commands informs the DHCP server to assign a specific IP address to a specific<br />
DHCP client based on the client’s MAC address.<br />
If a DHCPDISCOVER or DHCPREQUEST is received from the DHCP client with<br />
that MAC address, it will have the specified fixed IP address assigned to it.<br />
Itʹs necessary to also create a suitable DHCP subnet definition in order for fixed host<br />
mapping to work.<br />
<br />
Note: Itʹs not possible to create a fixed host mapping with an IP address that is<br />
already present inside a configured, dynamic IP range on a subnet. The reverse<br />
is also forbidden; itʹs not possible add addresses into a dynamic IP range that<br />
are already configured as fixed host addresses.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
ipaddress<br />
macaddress<br />
An arbitrary name that identifies the fixed host<br />
mapping. It can be made up of one or more<br />
letters or a combination of letters and digits, but<br />
it cannot start with a digit.<br />
The IP address that is assigned to a DHCP client<br />
based on the client’s MAC address, displayed in<br />
the IPv4 format (e.g. 192.168.102.3)<br />
A MAC address displayed in the following<br />
format:<br />
##:##:##:##:##:##<br />
N/A<br />
N/A<br />
N/A<br />
Example The example below creates a fixed host mapping:<br />
--> dhcpserver add fixedhost myhost 192.168.219.1 00:20:2b:01:02:03
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 225<br />
The example below creates a suitable subnet for the above fixed host mapping. Note<br />
that the IP address used above is within the subnet, but is not within the range of IP<br />
addresses that constitute the server’s dynamic pool (192.168.219.10 – 192.168.219.20):<br />
--> dhcpserver add subnet mysubnet 192.168.219.0 255.255.255.0<br />
192.168.219.10 192.168.219.20<br />
See also DHCPSERVER DELETE FIXEDHOST<br />
DHCPSERVER LIST FIXEDHOST<br />
DHCPSERVER ADD SUBNET<br />
Syntax DHCPSERVER ADD SUBNET [ ]<br />
Description This command defines a subnet that requests will be received from, and a pool of<br />
addresses within that subnet. The DHCP server can allocate IP addresses from this<br />
pool to clients on request.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
ipaddress<br />
netmask<br />
startaddr<br />
endaddr<br />
An arbitrary name that identifies subnet. It<br />
can be made up of one or more letters or a<br />
combination of letters and digits, but it<br />
cannot start with a digit.<br />
The base IP address of the subnet, displayed<br />
in the IPv4 format (e.g. 192.168.102.0)<br />
The netmask of the subnet, for example:<br />
255.255.255.0<br />
The first IP address in the pool of addresses.<br />
The IP address is displayed in the IPv4<br />
format (e.g. 192.168.102.3)<br />
The last IP address in the pool of addresses.<br />
The IP address is displayed the IPv4 format<br />
(e.g. 192.168.102.3)<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example<br />
-->dhcpserver add subnet sub1 239.252.197.0 255.255.255.0 239.252.197.10<br />
239.252.197.107<br />
See also DHCPSERVER LIST SUBNETS<br />
DHCPSERVER CLEAR FIXEDHOST<br />
Syntax DHCPSERVER CLEAR FIXEDHOSTS<br />
Description This command deletes all DHCPserver fixedhosts that were created using the
226 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
DHCPSERVER ADD FIXEDHOST commands.<br />
Example --> dhcpserver clear fixedhosts<br />
See also DHCPSERVER DELETE FIXEDHOST<br />
DHCPSERVER ADD FIXEDHOST<br />
DHCPSERVER CLEAR SUBNETS<br />
Syntax DHCPSERVER CLEAR SUBNETS<br />
Description This command deletes all DHCP server subnets that were created using the<br />
DHCPSERVER ADD SUBNET commands.<br />
Example --> dhcpserver clear subnets<br />
See also DHCPSERVER DELETE SUBNET<br />
DHCPSERVER DELETE FIXEDHOST<br />
Syntax DHCPSERVER DELETE FIXEDHOST <br />
Description This command deletes a single fixed host mapping in the DHCP server that was<br />
created using the DHCPSERVER ADD FIXEDHOST command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing fixed host. To<br />
display fixed host names, use the<br />
DHCPSERVER LIST FIXEDHOSTS<br />
command.<br />
N/A<br />
Example --> dhcpserver delete fixedhost myhost<br />
See also DHCPSERVER ADD FIXEDHOST<br />
DHCPSERVER LIST FIXEDHOST<br />
DHCPSERVER CLEAR FIXEDHOST<br />
DHCPSERVER DELETE SUBNET<br />
Syntax DHCPSERVER DELETE SUBNET {|}<br />
Description This command deletes a single DHCP server subnet. The pool of IP addresses in the<br />
subnet are also deleted.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 227<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
N/A<br />
N/A<br />
Example --> dhcpserver delete subnet sub1<br />
See also DHCPSERVER CLEAR SUBNETS<br />
DHCPSERVER ENABLE|DISABLE<br />
Syntax DHCPSERVER {enable|disable}<br />
Description This command enables/disables the DHCP server.<br />
<br />
Note: DHCP server must be enabled in order to carry out any DHCP server<br />
configuration.<br />
DHCP server and DHCP relay cannot be enabled at the same time.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
Enables configuration of the DHCP server<br />
Disables configuration of the DHCP server.<br />
enable<br />
Example --> dhcpserver enable<br />
See also DHCPRELAY ENABLE|DISABLE<br />
DHCPSERVER LIST FIXEDHOST<br />
Syntax DHCPSERVER LIST FIXEDHOST<br />
Description This command lists the following information about existing DHCP fixed host<br />
mappings:<br />
• fixed host ID number<br />
• fixed host name<br />
• IP address<br />
• MAC address
228 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
• Max lease time<br />
Example<br />
--> dhcpserver list fixedhosts<br />
DHCP server fixed host mappings:<br />
ID | Name | IP address | MAC address | Max Lease Time<br />
-----|---------|-----------------|--------------------|---------------<br />
1 | myhost | 192.168.219.0 | 00:20:2b:01:02:03 | 86400<br />
----------------------------------------------------------------------<br />
See also DHCPSERVER ADD FIXEDHOST<br />
DHCPSERVER SET FIXEDHOST IPADDRESS<br />
DHCP SET FIXEDHOST MACADDRESS<br />
DHCPSERVER FIXEDHOST MAXLEASETIME<br />
DHCPSERVER LIST OPTIONS<br />
Syntax DHCPSERVER LIST OPTIONS<br />
Description This command lists the option data types available for DHCP server.<br />
These options are detailed in RFC2132.<br />
Itʹs possible to configure the DHCP server to use any of the options listed.<br />
Example --> dhcpserver list options<br />
subnet-mask<br />
routers<br />
ien116-name-servers<br />
log-servers<br />
lpr-servers<br />
resource-location-servers<br />
boot-size<br />
domain-name<br />
root-path<br />
ip-forwarding<br />
policy-filter<br />
default-ip-ttl<br />
path-mtu-plateau-table<br />
all-subnets-local<br />
perform-mask-discovery<br />
router-discovery<br />
static-routes<br />
arp-cache-timeout<br />
default-tcp-ttl<br />
tcp-keepalive-garbage<br />
nis-servers<br />
vendor-encapsulated-options<br />
netbios-dd-server<br />
netbios-scope<br />
x-display-manager<br />
dhcp-lease-time<br />
dhcp-message-type<br />
dhcp-parameter-request-list<br />
dhcp-max-message-size<br />
dhcp-rebinding-time<br />
time-offset<br />
time-servers<br />
domain-name-servers<br />
cookie-servers<br />
impress-servers<br />
host-name<br />
merit-dump<br />
swap-server<br />
extensions-path<br />
non-local-source-routing<br />
max-dgram-reassembly<br />
path-mtu-aging-timeout<br />
interface-mtu<br />
broadcast-address<br />
mask-supplier<br />
router-solicitation-address<br />
trailer-encapsulation<br />
ieee802-3-encapsulation<br />
tcp-keepalive-interval<br />
nis-domain<br />
ntp-servers<br />
netbios-name-servers<br />
netbios-node-type<br />
font-servers<br />
dhcp-requested-address<br />
dhcp-option-overload<br />
dhcp-server-identifier<br />
dhcp-message<br />
dhcp-renewal-time<br />
dhcp-class-identifier
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 229<br />
dhcp-client-identifier<br />
option-63<br />
nisplus-servers<br />
bootfile-name<br />
smtp-server<br />
nntp-server<br />
finger-server<br />
streettalk-server<br />
user-class<br />
option-79<br />
option-81<br />
option-83<br />
nds-servers<br />
nds-context<br />
option-89<br />
...(more options down to)<br />
option-115<br />
auto-configure<br />
option-117<br />
...(more options down to)<br />
option-254<br />
option-end<br />
option-62<br />
nisplus-domain<br />
tftp-server-name<br />
mobile-ip-home-agent<br />
pop-server<br />
www-server<br />
irc-server<br />
streettalk-directory<br />
-assistance-server<br />
option-78<br />
option-80<br />
option-82<br />
option-84<br />
nds-tree-name<br />
option-88<br />
See also DHCPSERVER SUBNET ADD OPTION<br />
For information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt<br />
DHCPSERVER LIST SUBNETS<br />
Syntax DHCPSERVER LIST SUBNETS<br />
Description This command lists the following information about existing DHCP server subnets:<br />
• subnet number<br />
• subnet name<br />
• subnet IP address<br />
• subnet netmask<br />
• default lease time (in seconds)<br />
• maximum lease time (in seconds)<br />
• whether the host is a DNS server (true or false)<br />
Example<br />
--> dhcpserver list subnets<br />
DHCP Server subnets:<br />
Default Max Host is<br />
ID | IP Address | Netmask | Lease time | Lease time | DNS svr<br />
---|----------------|---------------|------------|------------|--------<br />
1 | 192.168.102.0 | 255.255.255.0 | 43200 | 86400 | false<br />
-----------------------------------------------------------------------<br />
See also DHCPSERVER SHOW SUBNET
230 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
DHCPSERVER SET ALLOWUNKNOWNCLIENTS<br />
Syntax DHCPSERVER SET ALLOWUNKOWNCLIENTS {ENABLE|DISABLE}<br />
Description This command enables/disables the dynamic assignment of addresses to unknown<br />
clients.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
Allows IP addresses to be dynamically<br />
assigned to unknown clients.<br />
Does not allow IP addresses to be<br />
dynamically assigned to unknown clients.<br />
enable<br />
Example --> dhcpserver set allowunknownclients disable<br />
See also DHCPCLIENT SET INTERFACECONFIG CLIENTID<br />
DHCPSERVER SET BOOTP<br />
Syntax DHCPSERVER SET BOOTP {ENABLE|DISABLE}<br />
Description This command determines whether or not DHCP server can respond to BOOTP<br />
requests.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
DHCP server responds to BOOTP queries.<br />
DHCP server does not respond to BOOTP<br />
queries.<br />
enable<br />
Example --> dhcpserver set bootp disable<br />
DHCPSERVER SET DEFAULTLEASETIME<br />
Syntax DHCPSERVER SET DEFAULTLEASETIME <br />
Description This command sets the global default lease time for DHCP server. To retrieve the<br />
current DEFAULTLEASETIME value, use the DHCPSERVER SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 231<br />
Option Description Default Value<br />
defaultleasetime<br />
The default time (in seconds) that is<br />
assigned to a lease if the client requesting<br />
the lease does not ask for a specific expiry<br />
time.<br />
43200<br />
Example --> dhcpserver set defaultleasetime 50000<br />
See also DHCPSERVER SET SUBNET MAXLEASETIME<br />
DHCPSERVER SET FIXEDHOST IPADDRESS<br />
Syntax DHCPSERVER SET FIXEDHOST IPADDRESS <br />
Description This command sets the IP address that will be allocated to a DHCP client by the<br />
fixed host mapping. To retrieve the current FIXEDHOST IPADDRESS values, use<br />
the DHCPSERVER LIST FIXEDHOST command.<br />
<br />
Note: Itʹs not valid to create a fixed host mapping with an IP address that is<br />
already within a configured, dynamic IP range on a subnet. The reverse is also<br />
forbidden; itʹs not possible to add addresses into a dynamic IP range that are<br />
already configured as fixed host addresses.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
hostname<br />
ipaddress<br />
A name that identifies an existing fixedhost. To<br />
display fixedhost names, use the<br />
DHCPSERVER LIST FIXEDHOSTS<br />
command.<br />
The IP address that is assigned to a DHCP client<br />
based on the client’s MAC address, displayed in<br />
the IPv4 format (e.g. 192.168.102.3)<br />
N/A<br />
N/A<br />
Example --> dhcpserver set fixedhost myhost ipaddress 192.168.219.2<br />
See also DHCPSERVER LIST FIXEDHOST<br />
DHCPSERVER SET FIXEDHOST MACADDRESS<br />
DHCPSERVER SET FIXEDHOST MACADDRESS<br />
Syntax DHCPSERVER SET FIXEDHOST MACADDRESS <br />
Description This command sets the MAC address for an existing fixed host mapping. To<br />
retrieve the current FIXEDHOST MACADDRESS values, use the DHCPSERVER
232 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
LIST FIXEDHOST command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
hostname<br />
mac address<br />
A name that identifies an existing fixedhost. To<br />
display fixedhost names, use the<br />
DHCPSERVER LIST FIXEDHOSTS<br />
command.<br />
A MAC address displayed in the following<br />
format:<br />
##:##:##:##:##:##<br />
N/A<br />
N/A<br />
Example --> dhcpserver set fixedhost myhost macaddress<br />
00:20:2b:01:02:03<br />
See also DHCPSERVER LIST FIXEDHOST<br />
DHCPSERVER SET FIXEDHOST IPADDRESS<br />
DHCPSERVER SET FIXEDHOST MAXLEASETIME<br />
Syntax DHCPSERVER SET FIXEDHOST MAXLEASETIME <br />
Description This command sets the maximum lease time for an existing fixed host mapping.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
maxleasetime<br />
The maximum time (in seconds) that is<br />
assigned to a lease if the client requesting<br />
the lease does not ask for a specific expiry<br />
time.<br />
86400<br />
Example --> dhcpserver set fixedhost myhost maxleasetime 90000<br />
See also DHCPSERVER LIST FIXEDHOST<br />
DHCPSERVER SET MAXLEASETIME<br />
Syntax DHCPSERVER SET MAXLEASETIME <br />
Description This command sets the global maximum lease time for DHCP server. To retrieve the<br />
current MAXLEASETIME value, use the DHCPSERVER SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 233<br />
Option Description Default Value<br />
maxleasetime<br />
The maximum time (in seconds) that is<br />
assigned to a lease if the client requesting<br />
the lease does not ask for a specific expiry<br />
time.<br />
86400<br />
Example --> dhcpserver set maxleasetime 90000<br />
See also DHCPSERVER SET DEFAULTLEASETIME<br />
DHCPSERVER SET SUBNET DEFAULTLEASETIME<br />
Syntax DHCPSERVER SET SUBNET {|} DEFAULTLEASETIME<br />
<br />
Description This command sets the default lease time for an existing subnet. This command<br />
setting overrides the global default lease time setting for this particular subnet. To<br />
retrieve the current SUBNET DEFAULTLEASETIME value, use the DHCPSERVER<br />
SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
defaultleasetime<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
The default time (in seconds) that a subnet<br />
assigns to a lease if the client requesting the<br />
lease does not ask for a specific expiry time.<br />
N/A<br />
N/A<br />
43200<br />
Example --> dhcpserver set subnet sub1 defaultleasetime 30000<br />
See also DHCPSERVER SHOW SUBNET<br />
DHCPSERVER SET SUBNET<br />
HOSTISDEFAULTGATEWAY<br />
Syntax DHCPSERVER SET SUBNET {|} HOSTISDEFAULTGATEWAY<br />
{ENABLED | DISABLED}<br />
Description This command tells the DHCP server to give out its own interface IP address (ie the<br />
IP address on the interface via which the DHCP lease is allocated to the client) as<br />
the default gateway address. To retrieve the current settings, use the DHCPSERVER
234 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ENABLED<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
Allows DHCP server to give out its own<br />
interface IP address as the default gateway<br />
address.<br />
N/A<br />
N/A<br />
disabled<br />
DHCPSERVER SET SUBNET HOSTISDNSSERVER<br />
Syntax DHCPSERVER SET SUBNET {|} HOSTISDNSSERVER {ENABLED |<br />
DISABLED}<br />
Description This command tells the DHCP server to give out its own interface IP address (ie the<br />
IP address on the interface via which the DHCP lease is allocated to the client) as<br />
the DNS server address. This is useful when combined with DNS Relay. To retrieve<br />
the current settings, use the DHCPSERVER SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
Name<br />
Number<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
dhcpserver list subnets command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
dhcpserver list subnets command.<br />
Allows DHCP server to give out its own<br />
interface IP address as the DNS server<br />
address.<br />
Disallows DHCP server from giving out its<br />
own interface IP address as the DNS server<br />
address.<br />
N/A<br />
N/A<br />
disabled<br />
Example - -> dhcpserver set subnet sub1 hostisdnsserver enabled
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 235<br />
See also DHCPSERVER LIST SUBNETS<br />
DHCPSERVER SET SUBNET MAXLEASETIME<br />
Syntax DHCPSERVER SET SUBNET {|} MAXLEASETIME <br />
Description This command sets the maximum lease time for an existing subnet. This command<br />
setting overrides the global maximum lease time setting for this particular subnet.<br />
To retrieve the current settings, use the DHCPSERVER SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
Name<br />
Number<br />
maxleasetime<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
The maximum time (in seconds) that a<br />
subnet assigns to a lease if the client<br />
requesting the lease does not ask for a<br />
specific expiry time.<br />
N/A<br />
N/A<br />
86400<br />
Example --> dhcpserver set subnet sub1 maxleasetime 70000<br />
See also DHCPSERVER SHOW SUBNET<br />
DHCPSERVER SET SUBNET SUBNET<br />
Syntax DHCPSERVER SET SUBNET {|} SUBNET <br />
Description This command allows you to change the IP address and netmask that define the IP<br />
subnet used by an existing DHCP server subnet.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
N/A<br />
N/A
236 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
ip address<br />
netmask<br />
The new IP address for the subnet,<br />
displayed in the IPv4 format (e.g.<br />
192.168.102.3)<br />
The new netmask for the subnet, for<br />
example:<br />
255.255.255.0<br />
N/A<br />
N/A<br />
Example<br />
--> dhcpserver set subnet sub1 subnet 239.252.197.0 255.255.255.0<br />
See also DHCPSERVER SUBNET ADD IPRANGES<br />
DHCPSERVER SUBNETS CLEAR IPRANGES<br />
DHCPSERVER SHOW<br />
Syntax DHCPSERVER SHOW<br />
Description This command displays the following global configuration information about the<br />
DHCP server:<br />
• status of the server (enabled/disabled)<br />
• global default lease time<br />
• global maximum lease time<br />
• allow bootp requests setting (enable/disable)<br />
• allow unknown clients setting (enable/disable)<br />
Example --> dhcpserver show<br />
Global DHCP Server Configuration:<br />
Status: ENABLED<br />
Default lease time: 43200 seconds<br />
Max. lease time: 86400 seconds<br />
Allow BOOTP requests: true<br />
Allow unknown clients: true<br />
See also DHCPSERVER SHOW SUBNET<br />
DHCPSERVER SHOW SUBNET<br />
Syntax DHCPSERVER SHOW SUBNET {|}<br />
Description This command displays the following information about an existing subnet:<br />
• subnet name<br />
• subnet IP address<br />
• subnet netmask<br />
• subnet maximum lease time
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 237<br />
• subnet default lease time<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
N/A<br />
N/A<br />
Example --> dhcpserver show subnet sub1<br />
DHCP Server Subnet: sub1<br />
Subnet: 192.168.103.0<br />
Netmask: 255.255.255.0<br />
Max. lease time: 70000 seconds<br />
Default lease time: 30000 seconds<br />
See also DHCPSERVER SHOW<br />
DHCPSERVER SUBNET ADD IPRANGE<br />
Syntax DHCPSERVER SUBNET {|} ADD IPRANGE <br />
Description This command adds a pool of IP addresses to an existing subnet. The DHCP server<br />
can allocate IP addresses from this pool to clients on request.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
startaddr<br />
endaddr<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
The first IP address in the pool of addresses.<br />
The IP address is displayed in the IPv4<br />
format (e.g. 192.168.102.3)<br />
The last IP address in the pool of addresses.<br />
The IP address is displayed in the IPv4<br />
format (e.g. 192.168.102.3)<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example
238 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
--> dhcpserver subnet sub1 add iprange 239.252.197.0 239.252.197.107<br />
See also DHCPSERVER ADD SUBNET<br />
DHCPSERVER LIST SUBNETS<br />
DHCPSERVER SUBNET LIST IPRANGES<br />
DHCPSERVER SUBNET ADD OPTION<br />
Syntax DHCPSERVER SUBNET {|} ADD OPTION <br />
Description This command allows you to configure the DHCP server to send options detailed in<br />
RFC2132. To display a list of available options, use the command DHCPSERVER<br />
LIST OPTIONS.<br />
The heading of each option in the list contains the option identifier and the required<br />
value (in italics) for that specific option. The following is an extract from the option<br />
list, given as an example of the nature of the options:<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
identifier<br />
value<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A text string that identifies a DHCP server<br />
configuration option.<br />
The value associated with the option<br />
identifier.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> dhcpserver subnet sub1 add option auto-configure 1<br />
See also DHCPCLIENT SET INTERFACECONFIG AUTOIP ENABLED|DISABLED<br />
For information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt<br />
DHCPSERVER SUBNET CLEAR IPRANGES<br />
Syntax DHCPSERVER SUBNET {|} CLEAR IPRANGES<br />
Description This command deletes all of the IP ranges set for an existing subnet.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 239<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
N/A<br />
N/A<br />
Example --> dhcpserver subnet sub1 clear ipranges<br />
See also DHCPSERVER SUBNET LIST IPRANGES<br />
DHCPSERVER SUBNET DELETE IPRANGE<br />
DHCPSERVER SUBNET CLEAR OPTIONS<br />
Syntax DHCPSERVER SUBNET {|} CLEAR OPTIONS<br />
Description This command deletes the options set for an existing subnet.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
N/A<br />
N/A<br />
Example --> dhcpserver subnet sub1 clear options<br />
See also DHCPSERVER LIST SUBNETS<br />
DHCPSERVER SUBNET DELETE OPTION<br />
DHCPSERVER SUBNET DELETE IPRANGE<br />
Syntax DHCPSERVER SUBNET {|} DELETE IPRANGE <br />
Description This command deletes a single IP range from an existing subnet.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value
240 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
name<br />
number<br />
range-id<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an IP range. To list<br />
the existing range-ids for a subnet, use the<br />
DHCPSERVER SUBNET LIST IPRANGES<br />
command.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> dhcpserver subnet sub1 delete iprange 1<br />
See also DHCPSERVER LIST SUBNETS<br />
DHCPSERVER SUBNET LIST IPRANGES<br />
DHCPSERVER SUBNET DELETE OPTION<br />
Syntax DHCPSERVER SUBNET {|} DELETE OPTION <br />
Description This command deletes a single option that was added using the DHCPSERVER<br />
SUBNET ADD OPTION command. Once deleted, the option will no longer be given<br />
out by the DHCP server.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
option number<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing option.<br />
To list all existing options, use the<br />
DHCPSERVER SUBNET LIST OPTIONS<br />
command.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> dhcpserver subnet sub1 delete option 2<br />
See also DHCPSERVER CLEAR SUBNETS<br />
DHCPSERVER LIST SUBNETS<br />
DHCPSERVER SUBNET LIST OPTIONS
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 241<br />
DHCPSERVER SUBNET LIST IPRANGES<br />
Syntax DHCPSERVER SUBNET {|} LIST IPRANGES<br />
Description This command lists the IP range(s) for an existing subnet that have been added<br />
using the DHCPSERVER ADD SUBNET command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
N/A<br />
N/A<br />
Example --> dhcpserver subnet sub1 list ipranges<br />
IP Ranges for subnet: sub1<br />
ID | Start Address | End Address<br />
-----|------------------|------------------<br />
1 | 192.168.102.0 | 192.168.102.100<br />
2 | 192.168.102.200 | 192.168.102.300<br />
-------------------------------------------<br />
See also DHCPSERVER LIST SUBNETS<br />
DHCPSERVER SUBNET LIST OPTIONS<br />
Syntax DHCPSERVER SUBNET {|} LIST OPTIONS<br />
Description This command lists the options for an existing subnet that has been added using the<br />
DHCPSERVER ADD SUBNET command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing subnet.<br />
To display subnet names, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
N/A
242 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
number<br />
A number that identifies an existing subnet.<br />
To display subnet numbers, use the<br />
DHCPSERVER LIST SUBNETS command.<br />
N/A<br />
Example --> dhcpserver subnet sub1 list options<br />
Options for subnet: sub1<br />
ID | Identifier | Value<br />
-----|------------------|------------------<br />
1 | ip-forwarding | false<br />
2 | subnet-mask | 255.255.255.0<br />
-------------------------------------------<br />
See also DHCPSERVER LIST SUBNETS<br />
DHCPSERVER UPDATE<br />
Syntax DHCPSERVER UPDATE<br />
Description This command updates the DHCP server configuration. Changes made to the server<br />
configuration will not take effect until this command has been entered.<br />
Example --> dhcpserver update<br />
dhcpserver: Reset request acknowledged. Reset imminent.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 243<br />
DHCP Client Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the DHCP Client<br />
module.<br />
DHCP client CLI commands<br />
The table below lists the dhcpclient commands provided by the CLI:<br />
Command<br />
DHCPCLIENT ADD INTERFACECONFIG<br />
DHCPCLIENT CLEAR INTERFACECONFIGS<br />
DHCPCLIENT DELETE INTERFACECONFIG<br />
DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION<br />
DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION<br />
DHCPCLIENT INTERFACECONFIG ADD SENT OPTION<br />
DHCPCLIENT INTERFACECONFIG CLEAR REQUESTED OPTIONS<br />
DHCPCLIENT INTERFACECONFIG CLEAR SENT OPTIONS<br />
DHCPCLIENT INTERFACECONFIG DELETE REQUESTED OPTIONS<br />
DHCPCLIENT INTERFACECONFIG DELETE SENT OPTIONS<br />
DHCPCLIENT INTERFACECONFIG LIST REQUESTED OPTIONS<br />
DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS<br />
DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT SET BACKOFF<br />
DHCPCLIENT SET INTERFACECONFIG AUTOIP<br />
DHCPCLIENT SET INTERFACECONFIG CLIENTID<br />
DHCPCLIENT SET INTERFACECONFIG DEFAULTROUTE<br />
DHCPCLIENT SET INTERFACECONFIG DHCPINFORM<br />
DHCPCLIENT SET INTERFACECONFIG DHCPSERVERPOOLSIZE<br />
DHCPCLIENT SET INTERFACECONFIG DHCPSERVERINTERFACE<br />
DHCPCLIENT SET INTERFACECONFIG GIVEDNSTOCLIENT<br />
DHCPCLIENT SET INTERFACECONFIG GIVEDNSTORELAY<br />
DHCPCLIENT SET INTERFACECONFIG INTERFACE<br />
DHCPCLIENT SET INTERFACECONFIG NOCLIENTID<br />
DHCPCLIENT SET INTERFACECONFIG REQUESTEDLEASETIME<br />
DHCPCLIENT SET INTERFACECONFIG SERVER<br />
DHCPCLIENT SET REBOOT
244 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
DHCPCLIENT SET RETRY<br />
DHCPCLIENT SHOW<br />
DHCPCLIENT UPDATE<br />
DHCPCLIENT ADD INTERFACECONFIG<br />
Syntax DHCPCLIENT ADD INTERFACECONFIG <br />
Description This command configures DHCP client parameters for negotiation over an existing<br />
IP interface. This command can only be applied to IP interfaces have DHCP enabled<br />
(see IP SET INTERFACE DHCP command).<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
ipinterface<br />
An arbitrary name that identifies the name<br />
via which the DHCP config on the<br />
corresponding IP interface will be<br />
identified. It can be made up of one or more<br />
letters or a combination of letters and digits,<br />
but it cannot start with a digit.<br />
An IP address or a name that identifies an<br />
existing IP interface. The interface must<br />
have DHCP enabled. To display interface<br />
names, use the IP LIST INTERFACES<br />
command.<br />
N/A<br />
N/A<br />
Example --> dhcpclient add interfaceconfig config1 ip1<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
IP LIST INTERFACES<br />
IP SET INTERFACE DHCP<br />
DHCPCLIENT CLEAR INTERFACECONFIGS<br />
Syntax DHCPCLIENT CLEAR INTERFACECONFIGS<br />
Description This command deletes all existing DHCP client interface configurations.<br />
Example --> dhcpclient clear interfaceconfigs<br />
See also DHCPCLIENT LIST INTERFACECONFIGS
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 245<br />
DHCPCLIENT DELETE INTERFACECONFIG<br />
Syntax DHCPCLIENT DELETE INTERFACECONFIG {|}<br />
Description This command deletes a single DHCP client interface configuration.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A<br />
N/A<br />
Example --> dhcpclient delete interfaceconfig config1<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT INTERFACECONFIG ADD REQUESTED<br />
OPTION<br />
Syntax DHCPCLIENT INTERFACECONFIG {|} ADD REQUESTED OPTION<br />
<br />
Description This command tells the DHCP client on a specific interface to request a specified<br />
option from a DHCP server. The requested option is not compulsory - if the option<br />
is not included in a lease offered by DHCP server, the DHCP client will still accept<br />
the offer.<br />
Options are detailed in RFC 2132.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A
246 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
number<br />
option<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A text string that identifies a DHCP server<br />
configuration option.<br />
N/A<br />
N/A<br />
Example<br />
--> dhcpclient interfaceconfig client1 add requested option irc-server<br />
See also DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION<br />
For information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt<br />
DHCPCLIENT INTERFACECONFIG ADD REQUIRED<br />
OPTION<br />
Syntax DHCPCLIENT INTERFACECONFIG {|} ADD REQUIRED OPTION<br />
<br />
Description This command tells the DHCP client on a particular interface that it requires a<br />
specified option from DHCP server. The required option is compulsory - if the<br />
option is not included in a lease offered by DHCP server, the DHCP client will<br />
ignore the offer.<br />
Options are detailed in RFC 2132.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
option<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A text string that identifies a DHCP server<br />
configuration option.<br />
N/A<br />
N/A<br />
N/A<br />
Example<br />
--> dhcpclient interfaceconfig client1 add required option domain-name<br />
See also DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTIONS<br />
DHCPCLIENT INTERFACECONFIG LIST REQUESTED OPTIONS<br />
For information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 247<br />
DHCPCLIENT INTERFACECONFIG ADD SENT<br />
OPTION<br />
Syntax DHCPCLIENT INTERFACECONFIG {|} ADD SENT OPTION<br />
<br />
Description This command tells the DHCP client on a particular interface to send a value for the<br />
given DHCP configuration option to a DHCP server. The DHCP server’s response<br />
depends on the type of option being sent out<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
option<br />
A name that identifies an existing DHCP client<br />
interface. To display client interface names, use<br />
the DHCPCLIENT LIST<br />
INTERFACECONFIGS command<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A text string that identifies a DHCP server<br />
configuration option.<br />
N/A<br />
N/A<br />
N/A<br />
value The value associated with the option identifier. N/A<br />
Example To tell the DHCP client to send the DHCP host-name option to the DHCP server<br />
with the value “vancouver” use the following command:<br />
--> dhcpclient interfaceconfig client1 add sent option host-name '"vancouver"'<br />
<br />
Note: For options with string-type values associated with them, the option<br />
value must be in double-quotes (ʺ). Also, the entire string including the double<br />
quotes must be inside single quotes (ʹ) to ensure that the CLI treats the double<br />
quotes literally.<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS<br />
for information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt<br />
DHCPCLIENT INTERFACECONFIG CLEAR<br />
REQUESTED OPTIONS<br />
Syntax DHCPCLIENT INTERFACECONFIG {|}CLEAR REQUESTED
248 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
OPTIONS<br />
Description This command deletes all options that were previously added to an interfaceconfig<br />
using the DHCPCLIENT INTERFACECONFIG ADD REQUESTED/REQUIRED<br />
OPTION commands<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A<br />
N/A<br />
Example --> dhcpclient interfaceconfig client1 clear requested options<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION<br />
DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION<br />
DHCPCLIENT INTERFACECONFIG DELETE REQUESTED OPTION<br />
DHCPCLIENT INTERFACECONFIG DELETE REQUIRED OPTION<br />
DHCPCLIENT INTERFACECONFIG CLEAR SENT<br />
OPTIONS<br />
Syntax DHCPCLIENT INTERFACECONFIG {|}CLEAR SENT OPTIONS<br />
Description This command deletes all options that were previously added to an interfaceconfig<br />
using the DHCPCLIENT INTERFACECONFIG ADD SENT OPTION commands<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 249<br />
number<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A<br />
Example --> dhcpclient interfaceconfig client1 clear sent options<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS<br />
DHCPCLIENT INTERFACECONFIG ADD SENT OPTIONS<br />
DHCPCLIENT INTERFACECONFIG DELETE SENT OPTIONS<br />
DHCPCLIENT INTERFACECONFIG DELETE<br />
REQUESTED OPTION<br />
Syntax DHCPCLIENT INTERFACECONFIG {|}DELETE REQUESTED<br />
OPTION <br />
Description This command deletes a single option that was previously added to an<br />
interfaceconfig using the DHCPCLIENT INTERFACECONFIG ADD OPTION<br />
REQUESTED/REQUIRED commands.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
option number<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an option that is<br />
requested/required from the DHCP server<br />
by the DHCP client. To display option<br />
numbers, use the DHCPCLIENT<br />
INTERFACECONFIG LIST OPTIONS<br />
command.<br />
N/A<br />
N/A<br />
N/A<br />
Example<br />
--> dhcpclient interfaceconfig client1 delete requested option 1<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION<br />
DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION
250 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
DHCPCLIENT INTERFACECONFIG DELETE SENT<br />
OPTION<br />
Syntax DHCPCLIENT INTERFACECONFIG {|}DELETE SENT OPTION<br />
<br />
Description This command deletes a single option that was previously added to an<br />
interfaceconfig using the DHCPCLIENT INTERFACECONFIG ADD SENT<br />
OPTION command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
option number<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an option that is<br />
requested/required from the DHCP server<br />
by the DHCP client. To display option<br />
numbers, use the DHCPCLIENT<br />
INTERFACECONFIG LIST SENT OPTIONS<br />
command.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> dhcpclient interfaceconfig client1 delete sent option 1<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS<br />
DHCPCLIENT INTERFACECONFIG ADD SENT OPTIONS<br />
DHCPCLIENT INTERFACECONFIG LIST REQUESTED<br />
OPTIONS<br />
Syntax DHCPCLIENT INTERFACECONFIG {|} LIST REQUESTED<br />
OPTIONS<br />
Description This command lists the options that the DHCP client requests and/or requires from<br />
the DHCP server. These options were set using the DHCPCLIENT<br />
INTERFACECONFIG ADD REQUESTED/REQUIRED OPTION commands.<br />
The following information are displayed:<br />
• Option identification number
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 251<br />
• Option identifier (name)<br />
• Requirement status - true for options that were added using the DHCPCLIENT<br />
INTERFACECONFIG ADD REQUIRED OPTION command, false for options<br />
added using the DHCPCLIENT INTERFACECONFIG ADD REQUESTED<br />
OPTION command.<br />
Options and their values are detailed in RFC2132.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A<br />
N/A<br />
Example<br />
--> dhcpclient interfaceconfig client1 list requested options<br />
DHCP client requested options: client1<br />
ID | Identifier | Is option required?<br />
-----|--------------------|---------------------<br />
1 | host-name | false<br />
2 | domain-name | true<br />
------------------------------------------------<br />
See also DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION<br />
DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION<br />
DHCPSERVER SUBNET ADD OPTION<br />
DHCPCLIENT INTERFACECONFIG LIST SENT<br />
OPTIONS<br />
Syntax DHCPCLIENT INTERFACECONFIG {|} LIST SENT OPTIONS<br />
Description This command displays a list of the options that the DHCP client sends to the<br />
DHCP server. These options were set using the DHCPCLIENT<br />
INTERFACECONFIG ADD SENT OPTION command.<br />
The following information are displayed:<br />
• Option identification number
252 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
• Option identifier (name)<br />
• Suggested value<br />
Options and their values are detailed in RFC2132.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A<br />
N/A<br />
Example<br />
--> dhcpclient interfaceconfig client1 list sent options<br />
DHCP client requested options: client1<br />
ID | Identifier | Suggested value<br />
-----|--------------------|---------------------<br />
1 | host-name | vancouver<br />
2 | domain-name | alliedtelesyn<br />
------------------------------------------------<br />
See also DHCPCLIENT INTERFACECONFIG ADD SENT OPTIONS<br />
DHCPCLIENT INTERFACECONFIG CLEAR SENT OPTIONS<br />
DHCPSERVER SUBNET ADD OPTION<br />
DHCPCLIENT LIST INTERFACECONFIGS<br />
Syntax DHCPCLIENT LIST INTERFACECONFIGS<br />
Description This command lists the following information about existing DHCP client<br />
interfaces:<br />
• interface identification number<br />
• interface name<br />
• IP interface configured by the client interface<br />
• requested lease time (in seconds)<br />
• client identifier (if set)<br />
• Status of IP address auto-configuration (true or false)<br />
Example<br />
--> dhcpclient list interfaceconfigs<br />
DHCP Client Declarations:
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 253<br />
Requested<br />
ID | Name | Interface | Lease Time | Client ID | AutoIP<br />
-----|------------|------------|------------|-------------------|--------<br />
1 | client1 | ip1 | 9000 | 00:11:22:33:44:5a | true<br />
See also DHCPCLIENT SHOW<br />
DHCPCLIENT SET INTERFACECONFIG REQUESTEDLEASETIME<br />
DHCPCLIENT SET INTERFACECONFIG CLIENTID<br />
DHCPCLIENT SET INTERFACECONFIG AUTOIP<br />
DHCPCLIENT SET BACKOFF<br />
Syntax DHCPCLIENT SET BACKOFF <br />
Description This command sets the global maximum time (in seconds) that a DHCP client<br />
interface will `back offʹ between issuing individual DHCP requests. This prevents<br />
many clients trying to configure themselves at the same time, and sending too many<br />
requests at once.<br />
To retrieve the current settings, use the DHCPCLIENT SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
backofftime<br />
The maximum number of seconds that the<br />
DHCP client can pause for between<br />
unsuccessful DHCP negotiations.<br />
120<br />
Example --> dhcpclient set backoff 200<br />
See also DHCPCLIENT SHOW<br />
DHCPCLIENT SET INTERFACECONFIG AUTOIP<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|} AUTOIP {ENABLED |<br />
DISABLED}<br />
Description This command enables/disables IP address auto-configuration (Auto-IP).<br />
Auto-IP automatically configures an IP address when a DHCP client fails to contact<br />
a DHCP server and cannot obtain a lease. An IP address in the 169.254.0.0 subnet is<br />
automatically created, and ARP requests are issued for the suggested IP address.<br />
The address is abandoned if it already exists on the network or if any other host on<br />
the network issues an ARP probe for that IP address.<br />
Once an IP address has been automatically configured, the DHCP client continues to<br />
check whether or not it can contact a DHCP server. If the client can contact a DHCP<br />
server and obtain a legitimate lease, the legitimate lease will supersede the autoconfigured<br />
IP address.
254 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
To retrieve the current settings, use the DHCPCLIENT SHOW command.<br />
<br />
Note: Even if Auto-IP has been enabled using this command, IP address autoconfiguration<br />
will not be carried out if a DHCP server on the same network<br />
does not allow it. See the DHCPSERVER SUBNET ADD OPTION command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
Enables Auto-IP on a specified dhcp client.<br />
Disables Auto-IP on a specified dhcp client.<br />
N/A<br />
N/A<br />
enabled<br />
Example --> dhcpclient set interfaceconfig mycfg autoip enabled<br />
See also DHCPSERVER SUBNET ADD OPTION (see the specific example given for this<br />
command)<br />
For further information on the RFC standard for DHCP IP address autoconfiguration,<br />
see http://www.ietf.org/rfc/rfc2563.txt.<br />
DHCPCLIENT SET INTERFACECONFIG CLIENTID<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|} CLIENTID <br />
Description This command sets a unique client identifier that the DHCP server uses to identify<br />
the client.<br />
To retrieve the current settings, use the DHCPCLIENT SHOW<br />
INTERFACECONFIG command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
Name<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 255<br />
number<br />
Client id<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A unique identifier that DHCP server can<br />
use to identify the client. For Microsoft<br />
DHCP servers, the client ID should be the<br />
MAC address of the system that DHCP is<br />
running on. For other DHCP servers, the<br />
client ID can be a MAC address or a text<br />
string such as the hostname.<br />
N/A<br />
N/A<br />
Example<br />
--> dhcpclient set interfaceconfig client1 clientid 00:11.22.33.44.5a<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT SET INTERFACECONFIG<br />
DEFAULTROUTE<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|} DEFAULTROUTE<br />
{ENABLED|DISABLED}<br />
Description This command enables/disables whether the DHCP client makes use of default<br />
gateway information received from a DHCP server. If no DHCP interfaceconfigs<br />
have been added to the system, by default the DHCP client will use default gateway<br />
information received from a DHCP server.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
DHCP client uses default gateway<br />
information it receives from DHCP server.<br />
DHCP client does not use default gateway<br />
information it receives from DHCP server.<br />
N/A<br />
N/A<br />
enabled<br />
Example<br />
--> dhcpclient set interfaceconfig client1 defaultroute disabled
256 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT SET INTERFACECONFIG<br />
DHCPINFORM<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|} DHCPINFORM<br />
{ENABLED|DISABLED}<br />
Description This command enables/disables whether a DHCP client uses the dhcpinform message<br />
type. This DHCP message type is used whenever a client has obtained an IP address<br />
or subnet mask (for example, the address has been manually configured or obtained<br />
through PPP/IPCP), but wishes to obtain extra configuration parameters (such as<br />
NS servers or default gateway) from a DHCP server.<br />
To retrieve the current settings, use the DHCPCLIENT SHOW<br />
INTERFACECONFIG command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command<br />
Enables the dhcpinform message type. IP<br />
address and subnet mask will not be<br />
negotiated if this mode is selected.<br />
Disables the dhcpinform message type<br />
N/A<br />
N/A<br />
disabled<br />
Example<br />
--> dhcpclient set interfaceconfig client1 dhcpinform disabled<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT SET INTERFACECONFIG SERVER<br />
DHCPCLIENT SET INTERFACECONFIG<br />
DHCPSERVERPOOLSIZE<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|}<br />
DHCPSERVERPOOLSIZE <br />
Description This command tells a DHCP client to configure a DHCP server on the LAN if the
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 257<br />
given address pool size is set to a number greater than 0. The LAN DHCP server is<br />
configured using parameters received by a DHCP client interface on the WAN.<br />
Information such as DNS server addresses can then be distributed to LAN clients.<br />
The new DHCP server uses its lan IP address as the address to give out as the<br />
default gateway address.<br />
To retrieve the current settings, use the DHCPCLIENT SHOW<br />
INTERFACECONFIG command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
pool size<br />
A name that identifies an existing DHCP client<br />
interface. To display client interface names, use<br />
the DHCPCLIENT LIST<br />
INTERFACECONFIGS command<br />
A number that identifies an existing DHCP client<br />
interface. To display client interface numbers,<br />
use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command<br />
The number of DHCP client addresses in a pool.<br />
The first address in the pool is the address<br />
immediately after the LAN DHCP address. For<br />
example, if the LAN DHCP address is<br />
192.168.102.3, the first address in the pool will be<br />
192.168.102.4.<br />
NA<br />
NA<br />
NA<br />
Example<br />
--> dhcpclient set interfaceconfig client1 dhcpserverpoolsize 20<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT SET INTERFACECONFIG<br />
DHCPSERVERINTERFACE<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|}<br />
DHCPSERVERINTERFACE <br />
Description This command allows the user to specify an existing IP interface on which the<br />
automatically configured DHCP server can be created. If the interface name does<br />
not correspond with an existing IP interface, the DHCP server will be placed on the<br />
first LAN interface that it finds.<br />
<br />
Note: When the DHCP server is automatically configured, the<br />
DHCPSERVERPOOLSIZE is set to 20 hosts.
258 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
To retrieve the current settings, use the DHCPCLIENT SHOW<br />
INTERFACECONFIG command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
interface name<br />
A name that identifies an existing DHCP client<br />
interface. To display client interface names, use<br />
the DHCPCLIENT LIST<br />
INTERFACECONFIGS command<br />
A number that identifies an existing DHCP client<br />
interface. To display client interface numbers,<br />
use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command<br />
The name that identifies an existing IP interface.<br />
To display IP interface names, use the IP LIST<br />
INTERFACES command<br />
NA<br />
NA<br />
NA<br />
Example<br />
--> dhcpclient set interfaceconfig client1 dhcpserverinterface ip2<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT SET INTERFACECONFIG DHCPSERVERPOOLSIZE<br />
DHCPCLIENT SET INTERFACECONFIG<br />
GIVEDNSTOCLIENT<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|} GIVEDNSTOCLIENT<br />
{ENABLED|DISABLED}<br />
Description This command enables/disables whether a DHCP client passes received DNS server<br />
addresses to the DNS client. If no DHCP interfaceconfigs have been added to the<br />
system, by default the DHCP client will not pass DNS server addresses to the DNS<br />
client.<br />
To retrieve the current settings, use the DHCPCLIENT SHOW<br />
INTERFACECONFIG command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 259<br />
number<br />
ENABLED<br />
DISABLED<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
DHCP client passes learnt DNS server<br />
addresses to the DNS client.<br />
DHCP client does not pass learnt DNS<br />
server addresses to the DNS client.<br />
N/A<br />
disabled<br />
Example<br />
--> dhcpclient set interfaceconfig client1 givednstoclient disabled<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT SET INTERFACECONFIG<br />
GIVEDNSTORELAY<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|} GIVEDNSTORELAY<br />
{ENABLED|DISABLED}<br />
Description This command enables/disables whether a DHCP client passes received DNS server<br />
addresses to the DNS relay. If no DHCP interfaceconfigs have been added to the<br />
system, by default the DHCP client will pass DNS server addresses to the DNS<br />
relay.<br />
To retrieve the current settings, use the DHCPCLIENT SHOW<br />
INTERFACECONFIG command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
DHCP client passes learnt DNS server<br />
addresses to the DNS relay.<br />
DHCP client does not pass learnt DNS<br />
server addresses to the DNS relay.<br />
N/A<br />
N/A<br />
enabled<br />
Example<br />
--> dhcpclient set interfaceconfig client1 givednstorelay disabled
260 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPCLIENT SET INTERFACECONFIG INTERFACE<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|} INTERFACE<br />
<br />
Description This command sets the IP interface that will have its configuration set by the DHCP<br />
client interface. The client interface can only set the IP configuration if the IP<br />
interface has DHCP enabled, using the IP SET INTERFACE DHCP command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ipinterface<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A name that identifies an existing IP<br />
interface. The interface must have DHCP<br />
enabled. To display interface names, use the<br />
IP LIST INTERFACES command.<br />
N/A<br />
N/A<br />
N/A<br />
Example<br />
--> dhcpclient set interfaceconfig client1 interface ip2<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
IP LIST INTERFACES<br />
IP SET INTERFACE DHCP<br />
DHCPCLIENT SET INTERFACECONFIG NOCLIENTID<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|} NOCLIENTID<br />
Description This command deletes a client identifier from a DHCP client.<br />
The DHCP server must have ʹallowunknownclientsʹ enabled in order to work with<br />
DHCP clients that are not specifically named in DHCP server configuration or its<br />
lease database.<br />
Options The following table gives the range of values for each option which can be specifie<br />
d with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 261<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
N/A<br />
N/A<br />
Example<br />
--> dhcpclient set interfaceconfig client1 noclientid<br />
See also DHCPCLIENT SET INTERFACECONFIG CLIENTID<br />
DHCPSERVER SET ALLOWUNKNOWNCLIENTS<br />
DHCPCLIENT SET INTERFACECONFIG<br />
REQUESTEDLEASETIME<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|}<br />
REQUESTEDLEASETIME <br />
Description The DHCP client requests a specific lease time from the DHCP server for the<br />
allocated IP addresses. This command determines the length of lease time<br />
requested. The DHCP server will `capʹ a requested lease time if it is too large.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
requested lease<br />
time<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the DHCPCLIENT LIST<br />
INTERFACECONFIGS command.<br />
The lease time (in seconds) that a DHCP<br />
client requests from the DHCP server.<br />
N/A<br />
N/A<br />
86400<br />
Example<br />
--> dhcpclient set interfaceconfig client1 requestedleasetime 70000<br />
See also DHCPCLIENT LIST INTERFACECONFIGS<br />
DHCPSERVER SET MAXLEASETIME<br />
DHCPSERVER SET DEFAULTLEASETIME
262 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
DHCPCLIENT SET INTERFACECONFIG SERVER<br />
Syntax DHCPCLIENT SET INTERFACECONFIG {|} SERVER <br />
Description If DHCPCLIENT SET DHCPINFORM has been set to enabled, this command will<br />
unicast the first DHCPINFORM message to the specific DHCP server at the<br />
specified IP address. If the first unicast fails, the DHCPINFORM will default to<br />
broadcasting its messages.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ipaddress<br />
A name that identifies an existing DHCP<br />
client interface. To display client interface<br />
names, use the dhcpclient list<br />
interfaceconfigs command..<br />
A number that identifies an existing DHCP<br />
client interface. To display client interface<br />
numbers, use the dhcpclient list<br />
interfaceconfigs command<br />
The IP address of a DHCP server that<br />
DHCP client can use to obtain configuration<br />
parameters. The IP address is displayed in<br />
the following format:<br />
192.168.102.3<br />
NA<br />
NA<br />
NA<br />
Example<br />
--> dhcpclient set interfaceconfig client1 server 192.168.101.2<br />
See also DHCPSERVER SET INTERFACECONFIG DHCPINFORM<br />
DHCPCLIENT SET REBOOT<br />
Syntax DHCPCLIENT SET REBOOT <br />
Description When the DHCP client is restarted, it tries to reacquire the last address that it had.<br />
This command sets the time for which the client tries to reacquire its last address. At<br />
the expiry of this time, it gives up and tries to discover a new address.<br />
To retrieve the current settings, use the DHCPCLIENT SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 263<br />
reboottime<br />
The time (in seconds) for which a client tries<br />
to reacquire the last IP address it had. After<br />
this time the client gives up and tries to<br />
discover a new address.<br />
10<br />
Example --> dhcpclient set reboot 5<br />
DHCPCLIENT SET RETRY<br />
Syntax DHCPCLIENT SET RETRY <br />
Description This command sets the time that must pass after the client has determined that no<br />
DHCP server is present before it tries again to contact a DHCP server.<br />
To retrieve the current settings, use the DHCPCLIENT SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
retrytime<br />
The time (in seconds) that must pass after<br />
the client has determined that no DHCP<br />
server is present before it tries again to<br />
contact a DHCP server.<br />
300<br />
Example --> dhcpclient set retry 150<br />
DHCPCLIENT SHOW<br />
Syntax DHCPCLIENT SHOW<br />
Description This command displays the following global configuration information about<br />
DHCP client:<br />
• reboot time<br />
• retry time<br />
• maximum backoff time<br />
Example --> dhcpclient show<br />
Global DHCP Client Configuration:<br />
Reboot time: 10<br />
Retry time: 300<br />
Max. backoff time: 120<br />
See also DHCPCLIENT SET REBOOT<br />
DHCPCLIENT SET RETRY<br />
DHCPCLIENT SET BACKOFF
264 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
DHCPCLIENT UPDATE<br />
Syntax DHCPCLIENT UPDATE<br />
Description This command updates the DHCP client configuration. Changes made to the client<br />
configuration are not actually applied until this command has been entered.<br />
Example --> dhcpclient update<br />
dhcpclient: Reset request acknowledged. Reset imminent.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 265<br />
DHCP Relay Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage DHCP Relay<br />
module.<br />
DHCP relay CLI commands<br />
The table below lists the DHCP relay commands provided by the CLI:<br />
Command<br />
DHCPRELAY ADD SERVER<br />
DHCPRELAY CLEAR SERVERS<br />
DHCPRELAY DELETE SERVER<br />
DHCPRELAY ENABLE|DISABLE<br />
DHCPRELAY LIST SERVERS<br />
DHCPRELAY SHOW<br />
DHCPRELAY UPDATE<br />
DHCPRELAY ADD SERVER<br />
Syntax DHCPRELAY ADD SERVER <br />
Description This command adds the IP address of a DHCP server to the DHCP relayʹs list of<br />
server IP addresses. The relay can store a maximum of 10 DHCP server addresses.<br />
Any new server IP addresses added are not actually used until the DHCPRELAY<br />
UPDATE command has been entered.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ipaddress<br />
The IP address of a DHCP server that<br />
DHCP relay can use. The IP address is<br />
displayed in the IPv4 format (e.g<br />
192.168.102.3)<br />
N/A<br />
Example --> dhcprelay add server 239.252.197.0<br />
See also DHCPSERVER LIST SUBNETS<br />
DHCPRELAY UPDATE<br />
DHCPRELAY CLEAR SERVERS<br />
Syntax DHCPRELAY CLEAR SERVERS
266 Chapter 11 – Dynamic Host Configuration Protocol - DHCP<br />
Description This command deletes all DHCP server IP addresses stored in DHCP relayʹs list of<br />
server IP addresses.<br />
Example --> dhcprelay clear servers<br />
See also DHCPRELAY DELETE SERVER<br />
DHCPRELAY DELETE SERVER<br />
Syntax dhcprelay delete server <br />
Description This command deletes a single DHCP server address stored in the DHCP relayʹs list<br />
of server IP addresses.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
number<br />
A number that identifies the DHCP server<br />
in the DHCP relay’s list of servers. To<br />
display server numbers, use the<br />
DHCPRELAY LIST SERVERS command.<br />
N/A<br />
Example --> dhcprelay delete server 3<br />
See also DHCPRELAY LIST SERVERS<br />
DHCPRELAY CLEAR SERVERS<br />
DHCPRELAY ENABLE|DISABLE<br />
Syntax DHCPRELAY {ENABLE|DISABLE}<br />
Description This command enables/disables DHCP relay.<br />
DHCP relay must be enabled in order to carry out any DHCP relay configuration.<br />
<br />
Note: DHCP relay and DHCP server cannot be enabled at the same time. Trying<br />
to configure DHCP relay when DHCP server is enabled results in CLI warning<br />
message.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ENABLE<br />
DISABLE<br />
Enables configuration of DHCP relay.<br />
Disables configuration of DHCP relay.<br />
enable<br />
Example --> dhcprelay enable
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 267<br />
See also DHCPSERVER ENABLE|DISABLE<br />
DHCPRELAY LIST SERVERS<br />
Syntax DHCPRELAY LIST SERVERS<br />
Description This command displays the DHCP relayʹs list of DHCP server IP addresses with<br />
their identification numbers.<br />
Example --> dhcprelay list servers<br />
DHCP Servers:<br />
ID | IP Address<br />
-----|------------------<br />
1 | 192.168.102.3<br />
2 | 239.252.197.0<br />
------------------------<br />
See also DHCPSERVER LIST SUBNETS<br />
DHCPRELAY SHOW<br />
Syntax DHCPRELAY SHOW<br />
Description This command tells you whether DHCP relay is enabled or disabled.<br />
Example --> dhcprelay show server<br />
Global DHCP Relay Configuration:<br />
Status: ENABLED<br />
See also DHCPRELAY ENABLE|DISABLE<br />
DHCPRELAY UPDATE<br />
Syntax DHCPRELAY UPDATE<br />
Description This command updates the DHCP relay configuration. Changes made to the relay<br />
configuration will not take effect until this command has been entered.<br />
Example --> dhcprelay update<br />
dhcprelay: Reset request acknowledged. Reset imminent.
268 Chapter 12 – Domain Name System - DNS<br />
Chapter 12<br />
Domain Name System - DNS<br />
Introduction<br />
DNS is an abbreviation for Domain Name System, a system for naming computers<br />
and network services that is organized into a hierarchy of domains. DNS naming is<br />
used in TCP/IP networks, such as the Internet, to locate computers and services<br />
through user-friendly names. When a user enters a DNS name in an application,<br />
DNS services can resolve the name to other information associated with the name,<br />
such as an IP address.<br />
For example, most users prefer a friendly name such as “alliedtelesyn.com” to locate<br />
a computer such as a mail or web server on a network. A friendly name can be<br />
easier to learn and remember. However, computers communicate over a network by<br />
using numeric addresses. To make use of network resources easier, name services<br />
such as DNS provide a way to map the user-friendly name for a computer or service<br />
to its numeric address. If you have ever used a Web browser, you have used DNS.<br />
The following graphic shows a basic use of DNS, which is finding the IP address of<br />
a computer based on its name.<br />
Figure 12.<br />
Domain Name System
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 269<br />
In this example, a client computer queries a server, asking for the IP address of a<br />
computer configured to use host.alliedtelesyn.com as its DNS domain name.<br />
Because the server is able to answer the query based on its local database, it replies<br />
with an answer containing the requested information, which is a host (A) resource<br />
record that contains the IP address information for host.alliedtelesyn.com. The<br />
example shows a simple DNS query between a single client and server. In practice,<br />
DNS queries can be more involved than this and include additional steps not shown<br />
here.<br />
DNS Relay<br />
The AT-RG613, AT-RG623 and AT-RG656 can act as a DNS relay. So, DNS packets<br />
which arrive at the Residential Gateway, addressed to the Residential Gateway, will<br />
be relayed on to a known DNS Server.<br />
In this way, devices on the LAN can treat the Residential Gateway as though it were<br />
the DNS Server. Only the Residential Gateway needs to know the address of the real<br />
DNS Server looking into itʹs internal DNS Relay servers list.<br />
Itʹs possible configure the DHCP server running on the internal Residential<br />
Gatewayʹs IP interface in order to offer the IP address of itʹs internal IP interface as<br />
DNS serverʹs IP address for the internal hosts DNS requests.<br />
Itʹs also possible write a file named ʺdnsrelaylandbʺ with information about host<br />
attributes and a domain name and IP address mask. When DNS relay will receive a<br />
DNS request it will check if the answer to this request is in this file and in this case it<br />
will answer to the question; if it hasn’t enough information it will forward the<br />
request to a DNS server.<br />
It is possible to nominate both a primary and a secondary DNS server to contact.<br />
DNS responses received from the server are then forwarded back to the original<br />
host making the DHCP request.<br />
Both UDP and TCP DNS requests are supported.<br />
The DNS relay does not bind itself to any one specific interface or interface type, but<br />
rather will listen for traffic on all available IP interfaces. It relies on the well-known<br />
UDP and TCP port number for a DNS server (port number 53) for receiving DNS<br />
traffic.<br />
DNS Client<br />
AT-RG613, AT-RG623 and AT-RG656 are provided with an internal DNS client, to<br />
use this function you must add DNS server addresses that will be used by the<br />
Residential Gateway ONLY for its own lookups.
270 Chapter 12 – Domain Name System - DNS<br />
DNS Relay Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the DNS<br />
Relay module.<br />
DNS Relay CLI commands<br />
The table below lists the dnsrelay commands provided by the CLI:<br />
Command<br />
dnsrelay add server<br />
dnsrelay clear cache<br />
dnsrelay clear landatabase<br />
dnsrelay clear servers<br />
dnsrelay delete server<br />
dnsrelay list servers<br />
dnsrelay set landatabasefile<br />
dnsrelay show lanaddress<br />
dnsrelay show landomainnam<br />
dnsrelay show landatabasefilename<br />
DNSRELAY ADD SERVER<br />
Syntax DNSRELAY ADD SERVER <br />
Description This command adds the IP address of a DNS server to DNS relayʹs list of server IP<br />
addresses. The relay can store a maximum of 10 DNS server addresses.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option<br />
ip-address<br />
Description<br />
The IP address of a DNS server that DNS<br />
relay can use. The IP address is displayed in<br />
the IPv4 format (e.g. 192.168.102.3)<br />
Default Value<br />
0.0.0.0<br />
Example --> dnsrelay add server 10.17.90.100<br />
See also DNSRELAY LIST SERVERS<br />
DNSRELAY CLEAR CACHE<br />
Syntax DNSRELAY CLEAR CACHE
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 271<br />
Description This command clears the DNS relay cache in the current session. DNS relay has a<br />
small local cache of DNS entries to increase performance for lookups of frequently<br />
used destinations.<br />
Example --> dnsrelay clear cache<br />
DNSRELAY CLEAR LANDATABASE<br />
Syntax DNSRELAY CLEAR LANDATABASE<br />
Description This command clears the DNS relay LAN database that was set using the<br />
DNSRELAY SET LANDATABASEFILE command.<br />
Example --> dnsrelay clear landatabase<br />
See also DNSRELAY SET LANDATABASEFILE<br />
DNSRELAY SHOW LANDATABASEFILENAME<br />
DNSRELAY CLEAR SERVERS<br />
Syntax DNSRELAY CLEAR SERVERS<br />
Description This command deletes all DNS server IP addresses stored in DNS relayʹs list of<br />
server IP addresses.<br />
Example --> dnsrelay clear servers<br />
See also DNSRELAY DELETE SERVER<br />
DNSRELAY DELETE SERVER<br />
Syntax DNSRELAY DELETE SERVER <br />
Description This command deletes a single DNS server address stored in DNS relayʹs list of<br />
server IP addresses.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
id- number<br />
A number that identifies the DNS server in<br />
the DNS relay list. To display server<br />
numbers, use the DNSRELAY LIST<br />
SERVERS command<br />
N/A
272 Chapter 12 – Domain Name System - DNS<br />
Example --> dnsrelay delete server 3<br />
See also DNSRELAY LIST SERVERS<br />
DNSRELAY LIST SERVERS<br />
Syntax DNSRELAY LIST SERVERS<br />
Description This command displays the DNS relayʹs list of DNS server IP addresses with their<br />
identification numbers.<br />
Example --> dnsrelay list servers<br />
DNS Relay Servers:<br />
ID | IP Address<br />
-----|------------------<br />
1 | 239.252.197.0<br />
------------------------<br />
DNSRELAY SET LANDATABASEFILE<br />
Syntax DNSRELAY SET LANDATABASEFILE <br />
Description This command tells DNS relay which filename it should load its local database<br />
from. The file is an ASCII file that you have created and stored in the ISFS<br />
configuration file.<br />
The landatabase file contains the following:<br />
• information about local host names and IP addresses<br />
• the domain name that the relay should use<br />
• the IP address and netmask that the relay should use<br />
Once the filename is set, DNS relay will load this database and use it to answer<br />
requests for local host names and/or IP addresses. Your LAN then has its own small<br />
DNS relay local database.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
filename<br />
The name of an existing file that contains a<br />
database of LAN host names and IP<br />
addresses.<br />
N/A<br />
Example --> dnsrelay set landatabasefile dnsrelaylandb<br />
See also DNSRELAY SHOW LANDATABASEFILENAME
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 273<br />
DNSRELAY SHOW LANADDRESS<br />
Syntax DNSRELAY SHOW LANADDRESS<br />
Description This command displays the IP address and subnet mask that the DNS relay uses to<br />
determine if a query is for an element of the local database. These information are in<br />
collected in the LANDATABASEFILENAME file.<br />
Example --> dnsrelay show lanaddress<br />
LAN IP Address: 172.16.200.0<br />
LAN IP Mask: 255.255.255.0<br />
See also DNSRELAY SHOW LANDOMAINNAME<br />
DNSRELAY SHOW LANDOMAINNAME<br />
Syntax DNSRELAY SHOW LANDOMAINNAME<br />
Description This command displays the domain name used by the DNS relay to determine if a<br />
host name request is for the local database. These information are in collected in the<br />
LANDATABASEFILENAME file.<br />
Example --> dnsrelay show landomainname<br />
LAN Domain Name: atkk.com<br />
See also DNSRELAY SHOW LANADDRESS<br />
DNSRELAY SHOW LANDATABASEFILENAME<br />
Syntax DNSRELAY SHOW LANDATABASEFILENAME<br />
Description This command displays the name of the file that was set using the DNSRELAY SET<br />
LANDATABASEFILENAME command. The second example shows the<br />
LANDATABASEFILENAME content.<br />
Example --> dnsrelay show landatabasefilename<br />
LAN Database File Name: //isfs/dnsrelaylandb<br />
Example --> domain_name yourdomain.com.<br />
lan_address 172.39.10.0<br />
lan_mask 255.255.255.0<br />
host_name host1.yourdomain.com.<br />
address 172.39.10.10<br />
host_name host1.yourdomain.com.<br />
address 172.39.10.15<br />
See also DNSRELAY SET LANDATABASEFILE
274 Chapter 12 – Domain Name System - DNS<br />
DNS Client Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the DNS Client<br />
module.<br />
DNS Client CLI commands<br />
The table below lists the DNSCLIENT commands provided by the CLI:<br />
Command<br />
dnsclient add searchdomain<br />
dnsclient add server<br />
dnsclient clear searchdomains<br />
dnsclient clear servers<br />
dnsclient delete searchdomain<br />
dnsclient delete server<br />
dnsclient list searchdomains<br />
dnsclient list servers<br />
DNSCLIENT ADD SEARCHDOMAIN<br />
Syntax DNSCLIENT ADD SEARCHDOMAIN <br />
Description This command creates a domain search list. The DNS client uses this list when a<br />
user asks for the IP address of a host, but specifies an incomplete domain name for<br />
the host. The search string specified replaces any previous search strings added<br />
previously using this command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
searchstring<br />
A search string used to find the IP address<br />
for an incomplete domain name. You can<br />
have a maximum of 6 incomplete domain<br />
names in the search string.<br />
N/A<br />
Example --> dnsclient add searchdomain alliedtelesyn.com<br />
DNSCLIENT ADD SERVER<br />
Syntax DNSCLIENT ADD SERVER <br />
Description This command adds a server IP address to the server list. This enables you to<br />
retrieve a domain name for a given IP address.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 275<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ipaddress<br />
The IP address of the server that has an<br />
unknown domain name. You can add a<br />
maximum of 3 addresses to the server list.<br />
The IP address is displayed in the following<br />
format:<br />
192.168.102.3<br />
N/A<br />
Example --> dnsclient add server 192.168.219.196<br />
DNSCLIENT CLEAR SEARCHDOMAINS<br />
Syntax DNSCLIENT CLEAR SEARCHDOMAINS<br />
Description This command deletes all domain names from the domain search list.<br />
Example --> dnsclient clear searchdomains<br />
See also DNSCLIENT ADD SEARCHDOMAIN<br />
DNSCLIENT DELETE SEARCHDOMAIN<br />
DNSCLIENT CLEAR SERVERS<br />
Syntax DNSCLIENT CLEAR SERVERS<br />
Description This command deletes all the server IP addresses to the server list.<br />
Example --> dnsclient clear servers<br />
See also DNSCLIENT ADD SEARCHDOMAIN<br />
DNSCLIENT DELETE SERVER<br />
DNSCLIENT DELETE SEARCHDOMAIN<br />
Syntax DNSCLIENT DELETE SEARCHDOMAIN <br />
Description This command deletes a single domain name from the domain search list.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
searchstring<br />
A number that identifies a search string<br />
used to find the IP address for an<br />
N/A
276 Chapter 12 – Domain Name System - DNS<br />
incomplete domain name. To list domain<br />
search strings, use the DNSCLIENT LIST<br />
SEARCHDOMAINS command.<br />
Example --> dnsclient delete searchdomain 1<br />
DNSCLIENT DELETE SERVER<br />
Syntax DNSCLIENT DELETE SERVER <br />
Description This command deletes a single server IP addresses from the server list.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
number<br />
The server number that identifies an IP<br />
address of the server that has an unknown<br />
domain name. To display server numbers,<br />
use the DNSCLIENT LIST SERVERS<br />
command.<br />
N/A<br />
Example --> dnsclient delete server 1<br />
DNSCLIENT LIST SEARCHDOMAINS<br />
Syntax DNSCLIENT LIST SEARCHDOMAINS<br />
Description This command lists the domain search strings that you have added to the DNS<br />
client using the DNSCLIENT ADD SEARCHDOMAIN command. The DNS client<br />
uses this list when a user asks for the IP address of a host, but specifies an<br />
incomplete domain name for the host.<br />
Example --> dnsclient list searchdomains<br />
ID | Domain<br />
-----|---------------------<br />
1 | alliedtelesyn.com<br />
---------------------------<br />
DNSCLIENT LIST SERVERS<br />
Syntax DNSCLIENT LIST SERVERS<br />
Description This command lists the server IP addresses that you have added to the DNS client<br />
using the DNSCLIENT ADD SERVER command. The DNS client uses this list to<br />
retrieve a domain name for a given IP address.<br />
Example --> dnsclient list servers<br />
DNS Client Servers:
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 277<br />
ID | IP Address<br />
----|------------------<br />
1 | 192.168.100.7<br />
2 | 192.168.100.1<br />
------------------------
278 Chapter 13 – SNTP<br />
Chapter 13<br />
SNTP<br />
The SNTP Version 4 client is an OSI Layer 7 application that allows the<br />
synchronization of the AT-RG613, AT-RG623 and AT-RG656 system clock to global<br />
sources of time-based information using UDP.<br />
Its detailed implementation, which is described in RFC 2030, provides a complete<br />
and simplified method to access international timeservers to receive, organize and<br />
adjust the time-synchronization of the local system.<br />
The SNTP client described herein is a scaled down version of the Network Time<br />
Protocol (NTP) which is specified in RFC 1305. The main difference between an<br />
SNTP and an NTP client is the fact that most SNTP clients will interact with, at<br />
most, a single (S)NTP server. Also, SNTP Version 4 clients include an “anycast”<br />
mode in addition to unicast and broadcast access modes not available in past<br />
versions of NTP/SNTP clients<br />
SNTP Features<br />
The following feature are available on then AT-RG613, AT-RG623 and AT-RG656<br />
Residential Gateway:<br />
• Boot time and runtime synchronization of the system clock can both be<br />
configured.<br />
• SNTP in the AT-RG613, AT-RG623 and AT-RG656 system can function in one of<br />
three transfer modes:<br />
o Unicast Mode - The SNTP client sends to a server, located at a<br />
specific previously configured address, a request for time<br />
synchronization and expects a reply only from that particular<br />
server.<br />
o Broadcast /Multicast Mode - A multicast NTP server periodically<br />
transmits a message to the local subnet broadcast address. The<br />
client is configured to listen, and receives the synchronized timebased<br />
information. The client then configures itself based on this<br />
information, but sends no reply
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 279<br />
o Anycast Mode – When the client is configured in anycast mode, it<br />
sends out a sync request to a local subnet broadcast address. One<br />
or several anycast SNTP servers can respond with an individual<br />
timestamp and a unicast address. The client subsequently binds<br />
to the first response it receives and continues its operations in a<br />
unicast mode with that particular server. Any other server<br />
responses that are received by the client afterwards are ignored.<br />
• 64 local time zones (which include summertime /daylight savings time)<br />
configurations are supported (see [10]).<br />
• Automatic periodic timeserver polling is configurable.<br />
• Configuration of packet timeouts and retry transmissions is supported.<br />
• Getting NTP Time Server IP Addresses via DNS lookup can be used.<br />
The SNTP client mode session uses the standard remote UDP port 123 for all data<br />
transfers. Port 123 will be used in both the Source Port and Destination Port fields of<br />
the UDP header.<br />
Time Zones and Daylight Savings (Summer Time)<br />
Conversion<br />
Although Daylight Savings (a.k.a. Summer Time) time zones are configurable using<br />
the SNTP client; there is no mechanism for the automatic change to/from a standard<br />
time/daylight savings time.<br />
Therefore, the user must manually configure the local time zone when the change in<br />
standard time occurs.<br />
For example, if the client configures the system time for EDT (US Eastern Daylight<br />
Time) which is –4h UTC, and a time change date arrives, the client will not<br />
automatically adjust the time or time zone to US Eastern Standard Time (-5h UTC)<br />
on any new time synchronization.<br />
A manual time zone configuration change from the user is needed to handle this<br />
transition.
280 Chapter 13 – SNTP<br />
SNTP Command <strong>Reference</strong><br />
This section describes the commands available on AT-RG613, AT-RG623 and AT-<br />
RG656 residential Gateway to enable, configure and manage SNTP module.<br />
SNTP CLI commands<br />
The table below lists the SNTPCLIENT commands provided by the CLI:<br />
Command<br />
SNTPCLIENT SET CLOCK<br />
SNTPCLIENT SET MODE<br />
SNTPCLIENT SET POLL-INTERVAL<br />
SNTPCLIENT SET RETRIES<br />
SNTPCLIENT SET SERVER<br />
SNTPCLIENT SET TIMEOUT<br />
SNTPCLIENT SET TIMEZONE<br />
SNTPCLIENT SHOW ASSOCIATION<br />
SNTPCLIENT SET CLOCK<br />
Syntax SNTPCLIENT SET CLOCK <br />
Description This command sets the system clock to a specific time and date. This command can<br />
be used as an alternative to synchronizing the local system clock via internal or<br />
external timeservers.<br />
Example The following command sets the system clock to 11:10:13pm, 2nd November 2001:<br />
--> sntpclient set clock 2001:11:02:23:10:13<br />
SNTPCLIENT SET MODE<br />
Syntax SNTPCLIENT SET MODE {UNICAST|BROADCAST|ANYCAST} {ENABLE|DISABLE}<br />
Description This command enables/disables a particular access mode for the STNP client. There<br />
are three modes to choose from, and each mode can be separately enabled or<br />
disabled:<br />
• Unicast mode<br />
• Enable - the mode sends unicast messages to the IP address or hostname in<br />
the SNTP server association list. The SNTP client attempts to contact the<br />
specific server in the association in order to receive a timestamp when the<br />
sntpclient sync command is issued.<br />
• Disable - the unicast server is removed from the association list.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 281<br />
• Broadcast mode<br />
• Enable - allows the SNTP client to accept time synchronization broadcast<br />
packets from an SNTP server located on the network, and updates the local<br />
system time accordingly.<br />
• Disable - stops synchronization via broadcast mode.<br />
• Anycast mode<br />
• Enable - the SNTP client sends time synchronized broadcast packets to the<br />
network and subsequently expects a reply from a valid timeserver. The<br />
client then uses the first reply it receives to establish a link for future sync<br />
operations in unicast mode. This server will then be added to the server<br />
association list. The client ignores any later replies from other servers after<br />
the first one is received. The server learnt by the anycast process takes<br />
precedence over any entries currently in the associations list when the<br />
sntpclient sync command is issued.<br />
• Disable - stops synchronization via anycast mode.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
UNICAST<br />
BROADCAST<br />
ANYCAST<br />
ENABLE<br />
DISABLE<br />
Sets the time synchronous access mode to<br />
use the unicast server.<br />
Sets the time synchronous access mode to<br />
use the broadcast server.<br />
Sets the time synchronous access mode to<br />
use the anycast server.<br />
Enables the selected time synchronous<br />
access mode.<br />
Enables the selected time synchronous<br />
access mode.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> sntpclient set mode anycast enable<br />
See also SNTPCLIENT SET SERVER<br />
SNTPCLIENT SET POLL-INTERVAL<br />
Syntax SNTPCLIENT SET POLL-INTERVAL <br />
Description This command sets the SNTP client to automatically send a time synchronization<br />
request (specific to the mode) to the network at a specific interval. If the pollinterval<br />
is set to 0, the polling mechanism will be disabled.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
282 Chapter 13 – SNTP<br />
Option Description Default Value<br />
0-30<br />
Sets the polling interval (in minutes) that<br />
SNTP client will send a time sync request.<br />
This can be any value between 0 and 30.<br />
0 (disabled)<br />
Example --> sntpclient set poll-interval 10<br />
SNTPCLIENT SET RETRIES<br />
Syntax SNTPCLIENT SET RETRIES <br />
Description This command sets the number of retry attempts that will be made when no<br />
response is received from a timeserver. If the client receives no reply to its sync<br />
requests, it willcontinue sending request packets at a fixed interval (set by the<br />
SNTPCLIENT SET TIMEOUT command), up to the number of retries specified in<br />
this command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
0-10<br />
Sets the number of packet retry attempts<br />
made when no response is received from a<br />
timeserver.<br />
2<br />
Example --> sntpclient set retries 4<br />
See also SNTPCLIENT SET TIMEOUT<br />
SNTPCLIENT SET SERVER<br />
Syntax SNTPCLIENT SET SERVER {IPADDRESS | HOSTNAME }<br />
Description This command sets the dedicated unicast server with which the SNTP client can<br />
synchronize its time. You can set the server by specifying either the IP address or<br />
the hostname.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ipaddress<br />
hostname<br />
The IP address of the dedicated unicast<br />
server that SNTP can use to synchronize its<br />
time.<br />
The hostname of the dedicated unicast<br />
server that SNTP can use to synchronize its<br />
time.<br />
N/A<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 283<br />
Examples IP address<br />
--> sntpclient set server ipaddress 129.6.15.28<br />
hostname<br />
--> sntpclient set server hostname time-a.nist.gov<br />
SNTPCLIENT SET TIMEOUT<br />
Syntax SNTPCLIENT SET TIMEOUT <br />
Description This command sets the received packet response timeout value (in seconds) upon<br />
sync request initiation. If a response is not received within the time specified by this<br />
command, the client will resend the request. This cycle will continue until either a<br />
reply is received, or the cycle has been repeated for the number of times specified in<br />
the SNTPCLIENT SET RETRIES command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
0-30<br />
Sets the received packet response timeout<br />
value (in seconds). This can be any value<br />
between 0 and 30.<br />
5 seconds<br />
Example --> sntpclient set timeout 10<br />
See also SNTPCLIENT SET RETRIES<br />
SNTPCLIENT SET TIMEZONE<br />
Syntax SNTPCLIENT SET TIMEZONE <br />
Description This command sets the local time zone. The timezone is represented by one of the<br />
abbreviations given in a table below. Setting the timeszonecan configure the local<br />
system to be up to + 13 hours different from Universal Time Coordinate (UTC).<br />
64 of the worlds most prominent time zones are represented (including both<br />
standard times and summer/daylight saving times).<br />
Options The following table gives the 64 time zone abbreviations that you can use in this<br />
command.<br />
The table also contains the difference in time (in hours and minutes) from the UTC,<br />
and a description of the area of the world (from west to east) where the time<br />
difference is calculated from:<br />
Abbreviation + UTC World Area of Time Zone<br />
IDLW -1200 International Date Line West<br />
NT -1100 Nome
284 Chapter 13 – SNTP<br />
HST -1000 Hawaii Standard<br />
AKST -0900 Alaska Standard<br />
YST -0900 Yukon Standard<br />
YDT -0800 Yukon Daylight<br />
PST -0800 US Pacific Standard<br />
PDT -0700 US Pacific Daylight<br />
MST -0700 US Mountain Standard<br />
MDT -0600 US Mountain Daylight<br />
CST -0600 US Central Standard<br />
CDT -0500 US Central Daylight<br />
EST -0500 US Eastern Standard<br />
EDT -0400 US Eastern Daylight<br />
AST -0400 Atlantic Standard<br />
NFST -0330 Newfoundland Standard<br />
NFT -0330 Newfoundland<br />
BRA -0300 Brazil Standard<br />
ADT -0300 Atlantic Daylight<br />
NDT -0230 Newfoundland Daylight<br />
AT -0200 Azores<br />
WAT -0100 West Africa<br />
GMT +0000 Greenwich Mean<br />
UTC +0000 Universal (Coordinated)<br />
WET +0000 Western European<br />
CET +0100 Central European<br />
FWT +0100 French Winter<br />
MET +0100 Middle European<br />
MEWT +0100 Middle European Winter<br />
SWT +0100 Swedish Winter<br />
BST +0100 British Summer<br />
EET +0200 Eastern Europe<br />
FST +0200 French Summer<br />
MEST +0200 Middle European Summer<br />
SST +0200 Swedish Summer<br />
IST +0200 Israeli Standard
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 285<br />
IDT +0300 Israeli Daylight<br />
BT +0300 Baghdad<br />
IT +0330 Iran<br />
USZ3 +0400 Russian Volga<br />
USZ4 +0500 Russian Ural<br />
INST +0530 Indian Standard<br />
USZ5 +0600 Russian West-Siberian<br />
NST +0630 North Sumatra<br />
WAST +0700 West Australian Standard<br />
USZ6 +0700 Russian Yenisei<br />
JT +0730 Java<br />
CCT +0800 China Coast<br />
WADT +0800 West Australian Daylight<br />
ROK +0900 Korean Standard<br />
KST +0900 Korean Standard<br />
JST +0900 Japan Standard<br />
CAST +0930 Central Australian Standard<br />
KDT +1000 Korean Daylight<br />
EAST +1000 Eastern Australian Standard<br />
GST +1000 Guam Standard<br />
CADT +1030 Central Australian Daylight<br />
EADT +1100 Eastern Australian Daylight<br />
IDLE +1200 International Date Line East<br />
NZST +1200 New Zealand Standard<br />
NZT +1200 New Zealand<br />
NZDT +1300 New Zealand Daylight<br />
Example In the example below, the time zone is set to Unites States Eastern Standard Time,<br />
which is five hours earlier than UTC (-0500):<br />
--> sntpclient set timezone EST<br />
SNTPCLIENT SHOW ASSOCIATION<br />
Syntax SNTPCLIENT SHOW ASSOCIATION<br />
Description This command lists the server being used by the SNTP client and displays whether<br />
or not the client is currently synchronized with this server.
286 Chapter 13 – SNTP<br />
Examples IP address<br />
--> sntpclient show association<br />
Time <strong>Reference</strong> Server IP address: 129.6.15.28<br />
** Local clock synchronized with this server.<br />
hostname<br />
--> sntpclient show association<br />
Time <strong>Reference</strong> Server Hostname: time-a.nist.gov<br />
** Local clock synchronized with this server.<br />
See also SNTPCLIENT SET SERVER<br />
SNTP SHOW STATUS<br />
Syntax SNTPCLIENT SHOW STATUS<br />
Description This command displays the SNTP client status information.<br />
Example --> sntpclient show status<br />
Clock Synchronized TRUE<br />
SNTP Standard Version Number: 4<br />
SNTP Mode(s) Configured: Unicast Broadcast<br />
Local Time: Tuesday, 28 Aug, 2001 - 14:39:25<br />
Local Timezone: EDT, Eastern Daylight Time<br />
Time Difference +-VTC: -4:00<br />
Precision: 1/16384 of a second<br />
Root Dispersion: +0.2342 second(s)<br />
Server <strong>Reference</strong> ID: GPS.<br />
Round Trip Delay: 2 second(s)<br />
Local Clock Offset: -1 second(s)<br />
Resync Poll Interval 15 minute(s)<br />
Packet Retry Timeout: 5 seconds<br />
Packet Retry Attempts: 3<br />
See also SNTPCLIENT SHOW ASSOCIATION<br />
SNTPCLIENT SYNC<br />
Syntax SNTPCLIENT SYNC<br />
Description This command forces the SNTP client to immediately synchronize the local time<br />
with the server located in the association list (if unicast) or, if anycast is enabled,<br />
initiate an anycast sequence.<br />
Example --> sntpclient sync<br />
See also SNTPCLIENT SET SERVER
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 287<br />
Chapter 14<br />
PPPoE<br />
Telecommunications companies offer serial communications links around the globe<br />
right now and have done so for many years. To make TCP/IP work over these serial<br />
links, it was necessary to create a protocol that could transmit TCP/IP packets over<br />
serial lines. The two protocols that do this are:<br />
• SLIP (Serial Line Internet Protocol)<br />
• PPP<br />
PPP is more feature rich and has largely supplanted SLIP.<br />
When serial links that are part of the public telephone system are used, care must be<br />
taken to ensure the authenticity of all communications. To this end PPP incorporates<br />
user name and password security. Thus, a router or server receiving a request via<br />
PPP where the origin of the request is not secure, would require authentication. This<br />
authentication is part of PPP. Because of its ability to route TCP/IP packets over<br />
serial links and its authentication capabilities, PPP is generally used by Internet<br />
Service Providers (ISPs) to allow dial-up users to connect to the Internet.<br />
Figure 13. PPP is used by Internet Service Providers (ISPs) to allow dial-up users<br />
to connect to the Internet.<br />
PPP has now been adapted to Ethernet, and is appropriately called PPP over<br />
Ethernet (PPPoE). Since PPP was designed to do things that were either impossible<br />
or unnecessary with Ethernet, users are often confused as to why one would want to<br />
use PPP over Ethernet at all.
288 Chapter 14 – PPPoE<br />
If we were to compare TCP/IP traffic to vehicle traffic, the basic TCP/IP protocol<br />
would be comparable to a network of city streets. Streets can serve many access<br />
points. It is easy to get on to and off the street.<br />
Additional access points can be added with little disruption. It is hard to tell how<br />
many cars are actually using each street. PPP, on the other hand, would be<br />
comparable to a railway. Travel is generally between two well-defined points. You<br />
canʹt get on and off anywhere. It is relatively easy to count and monitor passengers.<br />
You need a ticket to board.<br />
If this is true, then is not PPPoE like running railway tracks down Main Street? In<br />
fact, yes, it is. That is what tramways do. Without disturbing main street traffic, they<br />
bring the advantages of railways. They offer speedy access between two welldefined<br />
points and allow you to count passengers. And you need a ticket to board.<br />
PPPoE allows ISPs to monitor the volume of traffic that their users generate.<br />
PPP over Ethernet brings this sort of functionality to ISPs that do not use serial links<br />
to connect their users. Serial ISPs already use PPP over modem communications.<br />
DSL providers, on the other hand, use Ethernet, not serial communications. Because<br />
of this, many require the added functionality of PPP over Ethernet, which allows<br />
them to secure communications through the use of user logins and have the ability<br />
to measure the volume of traffic each user generates.<br />
Example of PPPoE connection.<br />
PPPoE support on the AT-RG6xx Residential<br />
Gateway series<br />
In order to use the PPP stack, one IP interface must be added to the PPP stack and<br />
attached to a PPPoE transport.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 289<br />
Typically PPPoE is the “way” to connect the internal device with the external<br />
world. Each PPPoE instance must have a unique subnet and belong to a unique<br />
VLAN.<br />
Adding and attaching PPPoE connections<br />
PPPoE connections are added and attached using the commands provided in the IP<br />
and PPPoE modules respectively.<br />
IP interfaces use typically the services provided by pppoe transports. PPPoE transport<br />
is an abstraction layer used to classify the format of the PPPoE packets that will be<br />
transferred through the network. The other type of transport explained above in<br />
chapter 5 is ethernet. Packets transmitted through a pppoe connection or Ethernet<br />
connection will have different frame formats even though they convey the same<br />
type of information to the IP layer.<br />
Because the system supports VLANs, the same ethernet port can be shared between<br />
different VLANs. Therefore itʹs not possible map a pppoe transport directly to a<br />
physical ethernet port.<br />
Instead pppoe transports are mapped to VLANs that from a logical point of view act<br />
as an ethernet port would do in a simple system without VLANs<br />
To attach a pppoe transport to the Residential Gateway the following steps must be<br />
performed:<br />
• Create a VLAN on the wan port using, for example, the command<br />
vlan add v2 vid 2<br />
vlan add v2 port wan frame untagged<br />
• Define the vlan as PPPoE transport using the command:<br />
pppoe add transport v2 4<br />
• Create an IP interface and attach the IP interface to the PPPoE using the following<br />
command:<br />
ip add interface ip2<br />
ip attach ip2 v2<br />
Negotiation of PPPoE connections<br />
A PPPoE connection is a point-to-point connection; the “speakers” are the PPPoE<br />
Client on the RG6xx and the PPPoE Server of the Access Concentrator on the other<br />
end of the connection. The most relevant feature of PPP connections is the Security<br />
provided by the PAP (Password Authentication Protocol) and CHAP (Challenge<br />
Handshake Authentication Protocol) protocols. In fact among the negotiation<br />
parameters there are “User Name” and “Password”, which are unique identifiers<br />
the particular PPPoE Client.<br />
To establish the PPP connection, itʹs necessary firstly negotiate which authentication<br />
protocol (PAP or CHAP) to be use, and then send the authentication parameters<br />
(User Name and Password) requested by the access service.
290 Chapter 14 – PPPoE<br />
To configure the authentication related parameters on a PPPoE instance the<br />
following steps must be performed:<br />
pppoe set transport v2 welogin ( none/auto/chap/pap)<br />
pppoe set transport v2 username abcdef…..<br />
pppoe set transport v2 password abcdef…<br />
After the completion of the authentication phase of the PPP negotiation, the PPPoE<br />
client negotiates with the Server the IP parameters for the connection:<br />
• IP address for client and server ends of the link<br />
• Primary DNS Server IP address<br />
• Secondary DNS Server IP address
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 291<br />
PPPoE Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the PPPoE<br />
module.<br />
PPPoE CLI commands<br />
The table below lists the PPPoE commands provided by the CLI:<br />
Command<br />
PPPOE ADD TRANSPORT<br />
PPPOE CLEAR TRANSPORTS<br />
PPPOE DELETE TRANSPORT<br />
PPPOE LIST TRANSPORTS<br />
PPPOE SET TRANSPORT ACCESSCONCENTRATOR<br />
PPPOE SET TRANSPORT AUTOCONNECT<br />
PPPOE SET TRANSPORT AUTOCONNECT FILTER ADD<br />
PPPOE SET TRANSPORT AUTOCONNECT FILTER DELETE<br />
PPPOE SET TRANSPORT ENABLED/DISABLED<br />
PPPOE SET TRANSPORT GIVEDNS CLIENT<br />
PPPOE SET TRANSPORT GIVEDNS RELAY<br />
PPPOE SET TRANSPORT LCPECHOEVERY<br />
PPPOE SET TRANSPORT LCPMAXCONF<br />
PPPOE SET TRANSPORT LCPMAXFAIL<br />
PPPOE SET TRANSPORT LCPMAXTERM<br />
PPPOE SET TRANSPORT STATIC_IP/DYNAMIC_IP<br />
PPPOE SET TRANSPORT PASSWORD<br />
PPPOE SET TRANSPORT SERVICENAME<br />
PPPOE SET TRANSPORT USERNAME<br />
PPPOE SET TRANSPORT WELOGIN<br />
PPPOE SHOW TRANSPORT<br />
PPPOE ADD TRANSPORT<br />
Syntax PPPOE ADD TRANSPORT [ACCESSCONCENTRATOR<br />
] [SERVICENAME ]
292 Chapter 14 – PPPoE<br />
Description This command creates a PPPoE transport that performs dialout over Ethernet. It<br />
allows you to specify the following parameters for the PPPoE client:<br />
• the vlan used to receive and send packets belonging to the PPP interface<br />
• the internal port that will transport data<br />
• access concentrator (optional<br />
• service name (optional)<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value for each option (if applicable).<br />
Option Description Default Value<br />
name<br />
vlanname<br />
port<br />
concentrator<br />
service name<br />
An arbitrary name that identifies the<br />
transport. It can be made up of one or more<br />
letters or a combination of letters and digits,<br />
but it cannot start with a digit.<br />
The vlan name used to carry PPPoE packets<br />
of the current PPP interface.<br />
The internal system port that used to<br />
distinguish PPPoE packets. Available<br />
values are from 1 to 8..<br />
A PPPoE tag that identifies a remote access<br />
concentrator (or PPPoE server). PPPoE will<br />
only connect to the named access<br />
concentrator. If no concentrator tag is set,<br />
PPPoE connects to the first access<br />
concentrator that responds. The tag<br />
name/number is determined by your ISP.<br />
A PPPoE tag that identifies a specific service<br />
that is acceptable to the PPPoE client. If set,<br />
the PPPoE transport will connect to the first<br />
access concentrator it finds that uses this<br />
service. If an access concentrator is also set,<br />
the PPPoE transport will connect to the<br />
specified service on the named<br />
concentrator.<br />
The service name is determined by your<br />
ISP.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example<br />
--> pppoe add transport pppoe1 default 1<br />
See also PPPOE LIST TRANSPORTS<br />
ETHERNET LIST PORTS<br />
For more information on host unique tags, see http://www.ietf.org/rfc/rfc2516.txt
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 293<br />
PPPOE CLEAR TRANSPORTS<br />
Syntax PPPOE CLEAR TRANSPORTS<br />
Description This command deletes all PPPoE transports that were created using the PPPoE<br />
ADD TRANSPORT command.<br />
Example --> pppoe clear transports<br />
See also PPPOE DELETE TRANSPORT<br />
PPPOE DELETE TRANSPORT<br />
Syntax PPPOE DELETE TRANSPORT {|}<br />
Description This command deletes a single PPPoE transport.<br />
<br />
If an IP interface is attached to the pppoe transport, itʹs necessary detach the IP<br />
interface using the IP DETACH command before removing the pppoe transport.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value for each option (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
N/A<br />
N/A<br />
Example --> pppoe delete transport pppoe1<br />
See also PPPOE LIST TRANSPORTS<br />
PPPOE LIST TRANSPORTS<br />
Syntax PPPOE LIST TRANSPORTS<br />
Description This command lists PPPoE transports that have been created using the PPPOE ADD<br />
TRANSPORT command. It displays the following information about the transports:<br />
• transport identification number<br />
• transport name
294 Chapter 14 – PPPoE<br />
Example --> pppoe list transports<br />
PPPOE transports:<br />
ID | Name | Port<br />
-----|------------|-----------<br />
1 | default | ethernet2<br />
2 | vlan21 | ethernet2<br />
------------------------------<br />
See also PPPOE SHOW TRANSPORT<br />
PPPOE SET TRANSPORT ACCESSCONCENTRATOR<br />
Syntax PPPOE SET TRANSPORT {|} ACCESSCONCENTRATOR<br />
<br />
Description This command specifies the access concentrator that you want PPPoE to connect to.<br />
<br />
If an access concentrator has been defined, to remove it, itʹs necessary remove<br />
the pppoe transport where the access concentrator refers.<br />
You can also specify a service name using the SET TRANSPORT SERVICENAME<br />
command so that PPPoE will only accept a specific service via a specific access<br />
concentrator.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
concentrator<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
A PPPoE tag that identifies a remote access<br />
concentrator (or PPPoE server). PPPoE will<br />
only connect to the named access<br />
concentrator. If no concentrator tag is set,<br />
PPPoE connects to the first access<br />
concentrator that responds. The tag<br />
name/number is determined by your ISP.<br />
N/A<br />
N/A<br />
Empty string<br />
Example --> pppoe set transport pppoe1 accessconcentrator server5<br />
See also PPPOE LIST TRANSPORTS
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 295<br />
PPPOE SET TRANSPORT SERVICENAME<br />
PPPOE SHOW TRANSPORT<br />
For more information on PPPoE and access concentrators, see RFC2516;<br />
http://www.ietf.org/rfc/rfc2516.txt.<br />
PPPOE SET TRANSPORT AUTOCONNECT<br />
Syntax PPPOE SET TRANSPORT {|} AUTOCONNECT<br />
{ENABLED|DISABLED }<br />
Description This command enables/disables the PPPoE autoconnect function.<br />
If enabled, PPPoE automatically opens the link to the access concentrator whenever<br />
the link is down and a user needs to send TCP/IP packets to a public address.<br />
<br />
Itʹs possible specify one or more filters to block the autoconnect function when a<br />
UDP or TCP connection is requested to a particular port. See PPPOE SET<br />
TRANSPORT AUTOCONNECT ADD FILTER command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
Enables PPPoE autoconnect.<br />
Disables PPPoE autoconnect.<br />
N/A<br />
N/A<br />
disable<br />
Example --> pppoe set transport pppoe1 autoconnect enable<br />
See also PPPOE SET TRANSPORT AUTOCONNECT FILTER<br />
PPPOE SET TRANSPORT AUTOCONNECT FILTER<br />
ADD<br />
Syntax PPPOE SET TRANSPORT {|} AUTOCONNECT FILTER ADD<br />
{TCPPORT |UDPPORT }<br />
Description This command disables the PPPoE autoconnect function when a TCP/UDP session<br />
is requested for a specific address port.
296 Chapter 14 – PPPoE<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
tcpport<br />
udpport<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
The destination port related to the TCP<br />
section that must be blocked.<br />
The destination port related to the UDP<br />
section that must be blocked.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example --> pppoe set transport pppoe1 autoconnect filter add tcpport<br />
23<br />
See also PPPOE SET TRANSPORT AUTOCONNECT<br />
PPPOE SET TRANSPORT AUTOCONNECT FILTER<br />
DELETE<br />
Syntax PPPOE SET TRANSPORT {|} AUTOCONNECT FILTER<br />
DELETE {TCPPORT |UDPPORT }<br />
Description This command removes a PPPoE filter previously added with the command PPPOE<br />
SET TRANSPORT AUTOCONNECT FILTER ADD.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
tcpport<br />
udpport<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
The destination port related to the TCP<br />
section that must be blocked.<br />
The destination port related to the UDP<br />
section that must be blocked.<br />
N/A<br />
N/A<br />
N/A<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 297<br />
Example --> pppoe set transport pppoe1 autoconnect filter delete<br />
tcpport 23<br />
See also PPPOE SET TRANSPORT AUTOCONNECT<br />
PPPOE SET TRANSPORT ENABLED/DISABLED<br />
Syntax PPPOE SET TRANSPORT {|} {ENABLED|DISABLED}<br />
Description This command explicitly enables/disables a PPPoE transport. Attaching a transport<br />
to an interface implicitly enables it, but for cases where no attach is performed (for<br />
example, multiple channels on an interface, a PPP session that is not attached but<br />
needed for testing purposes) the transport must be enabled explicitly.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value for each option (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
Enables a PPPoE transport.<br />
Disables a PPPoE transport.<br />
N/A<br />
N/A<br />
disable<br />
Example --> pppoe set transport pppoe1 enabled<br />
See also PPPOE LIST TRANSPORTS<br />
PPPOE SET TRANSPORT GIVEDNS CLIENT<br />
Syntax PPPOE SET TRANSPORT {|} GIVEDNS CLIENT {ENABLED |<br />
DISABLED}<br />
Description This command controls whether the PPP Internet Protocol Control Protocol (IPCP)<br />
can request a DNS server IP address for a remote PPP peer. Once IPCP has<br />
discovered the DNS server IP address, it gives the address to the local DNS client so<br />
that it can be used for DNS lookups initiated from the Residential Gateway itself.<br />
You must have the DNS client process included in your image build in order to use<br />
this feature.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
298 Chapter 14 – PPPoE<br />
Option Description Default Value<br />
name<br />
number<br />
ENABLED<br />
DISABLED<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
IPCP can request a DNS server IP address<br />
and then give the address to DNS client.<br />
A DNS server IP address learnt by IPCP<br />
will not be passed to the DNS client.<br />
N/A<br />
N/A<br />
enabled<br />
Example --> pppoe set transport pppoe1 givedns client enabled<br />
See also PPPOE SET TRANSPORT GIVEDNS RELAY ENABLED|DISABLED<br />
PPPOE SET TRANSPORT REMOTEDNS<br />
PPPOE SET TRANSPORT DISCOVERDNS PRIMARY<br />
PPPOE SET TRANSPORT DISCOVERDNS SECONDARY<br />
For more information on DNS client, see ATMOS DNS Client Functional<br />
Specification: DO-008322-PS.<br />
For information on DNS implementation and specification, see<br />
http://www.ietf.org/rfc/rfc1035.txt.<br />
PPPOE SET TRANSPORT GIVEDNS RELAY<br />
Syntax PPPOE SET TRANSPORT {|} GIVEDNS RELAY {ENABLED |<br />
DISABLED}<br />
Description This command controls whether the PPP Internet Protocol Control Protocol (IPCP)<br />
can request the DNS server IP address for a remote PPP peer. Once IPCP has<br />
discovered the DNS server IP address, it gives the address to the local DNS relay so<br />
it can be used for relayed DNS lookups.<br />
You must have the DNS relay process included in your image build in order to use<br />
this feature.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
N/A<br />
number A number that identifies an existing PPPoE N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 299<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
ENABLED<br />
DISABLED<br />
IPCP can request a DNS server IP address<br />
and then give the address to DNS relay.<br />
A DNS server IP address learnt by IPCP<br />
will not be passed to the DNS relay.<br />
enabled<br />
Example --> PPPOE SET TRANSPORT PPPOE1 GIVEDNS RELAY ENABLED<br />
See also PPPOE SET TRANSPORT GIVEDNS CLIENT ENABLED|DISABLED<br />
PPPOE SET TRANSPORT REMOTEDNS<br />
PPPOE SET TRANSPORT DISCOVERDNS PRIMARY<br />
PPPOE SET TRANSPORT DISCOVERDNS SECONDARY<br />
DNS RELAY CLI COMMANDS<br />
For information on DNS implementation and specification, see<br />
http://www.ietf.org/rfc/rfc1035.txt.<br />
PPPOE SET TRANSPORT LCPECHOEVERY<br />
Syntax PPPOE SET TRANSPORT {|} LCPECHOEVERY <br />
Description This command tells a specified PPP transport to send an LCP (Link Control<br />
Protocol) echo request frame at specified intervals (in seconds). If no reply is<br />
received, the PPP connection is turned down. This functionality is also known as<br />
`keep-aliveʹ.<br />
If you do not want to send LCP echo frames, specify zero (0) in the <br />
attribute.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
interval<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
The length of time (in seconds) between<br />
LCP echo request frames being sent. If you<br />
do not want echo request frames to be sent,<br />
specify `0ʹ as the interval.<br />
N/A<br />
N/A<br />
10 seconds<br />
Example --> pppoe set transport pppoe2 lcpechoevery 0
300 Chapter 14 – PPPoE<br />
See also PPPOE SHOW TRANSPORT<br />
PPPOE LIST TRANSPORTS<br />
PPPOE SET TRANSPORT LCPMAXCONF<br />
Syntax PPPOE SET TRANSPORT {|} LCPMAXCONF <br />
Description This command sets the maximum number of Link Control Protocol (LCP)<br />
configure requests that will be sent by an existing PPPoE transport before it decides<br />
that the PPP peer is not responding. Upon having decided that the peer is not<br />
responding, the transport changes from the REQ SENT state back to the STARTING<br />
state; ie it stops trying to negotiate the link.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
lcp max<br />
configure<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
Link Control Protocol; the maximum<br />
number of configures that can be<br />
transmitted without reply before assuming<br />
that the PPP peer is unable to respond. The<br />
LCPmaxconf can be any positive value.<br />
N/A<br />
N/A<br />
10<br />
Example --> pppoe set transport pppoe1 lcpmaxconf 20<br />
See also PPPOE SHOW TRANSPORT<br />
PPPOE LIST TRANSPORTS<br />
PPPOE SET TRANSPORT LCPMAXFAIL<br />
Syntax PPPOE SET TRANSPORT {|} LCPMAXFAIL <br />
Description This command sets the Link Control Protocol (LCP) maximum fail number.This is<br />
the number of configure-nak packets sent without receiving a valid configure ack<br />
before assuming the configuration is not converging.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 301<br />
Option Description Default Value<br />
name<br />
number<br />
lcp max fail<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
The maximum number of consecutive LCP<br />
negative acknowledgements (indicating<br />
that the information received contains<br />
errors) that can be transmitted before<br />
assuming that parameter negotiation is not<br />
converging. The LCPmaxfail can be any<br />
positive value.<br />
N/A<br />
N/A<br />
5<br />
Example --> pppoe set transport pppoe1 lcpmaxfail 20<br />
See also PPPOE SHOW TRANSPORT<br />
PPPOE LIST TRANSPORTS<br />
PPPOE SET TRANSPORT LCPMAXTERM<br />
Syntax PPOE SET TRANSPORT {|} LCPMAXTERM <br />
Description This command sets the Link Control Protocol (LCP) maximum terminate number<br />
for an existing PPPoE transport. When the transport has sent this number of<br />
consecutive LCP terminate requests without receiving a reply, it will assume that<br />
the PPP peer is unable to reply, and will simply terminate the link.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
lcp max term<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
The maximum number of consecutive LCP<br />
Terminate Requests that will be sent<br />
without reply before assuming that the<br />
destination address is unable to respond.<br />
The LCPfailterm can be any positive value.<br />
N/A<br />
N/A<br />
2
302 Chapter 14 – PPPoE<br />
Example --> pppoe set transport pppoe1 lcpmaxterm 20<br />
See also PPPOE SHOW TRANSPORT<br />
PPPOE LIST TRANSPORTS<br />
PPPOE SET TRANSPORT STATIC_IP/DYNAMIC_IP<br />
Syntax PPPOE SET TRANSPORT {|} {STATIC_IP |<br />
DYNAMIC_IP}<br />
Description This command tells the PPP process the local IP address to be used on this PPP<br />
interface or sets the PPP interface to get the IP address dynamically.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
Name<br />
Number<br />
ip-address<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
The IP address of the local `client-endʹ of<br />
the PPP link, displayed in the IPv4 format:<br />
111.222.254.4<br />
N/A<br />
N/A<br />
0.0.0.0<br />
Example --> pppoe set transport pppoe1 static_ip 192.168.103.2<br />
See also PPPOE SHOW TRANSPORT<br />
PPPOE LIST TRANSPORTS<br />
PPPOE SET TRANSPORT REMOTEIP<br />
PPPOE SET TRANSPORT PASSWORD<br />
Syntax PPPOE SET TRANSPORT {|} PASSWORD <br />
Description This command sets an authentication password on a named transport. The<br />
password is required when PPP negotiation takes place and is supplied to the<br />
remote PPP server for authentication.<br />
<br />
To configure correctly an authenticated pppoe connection itʹs necessary send<br />
also the PPPOE SET TRANSPORT WELOGIN command and set the
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 303<br />
authentication username using the PPPOE SET TRANSPORT USERNAME<br />
command..<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
Name<br />
number<br />
password<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
An arbitrary word that acts as a password<br />
enabling you to be authenticated by the<br />
remote end of the link. The password will<br />
be required by the PPP server and is passed<br />
to the server using either the PAP or CHAP<br />
protocol. It can be made up of one or more<br />
characters and/or digits. To display the<br />
password, use the PPPOE SHOW<br />
TRANSPORT command.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> pppoe set transport pppoe2 password mercury<br />
See also PPPOE LIST TRANSPORTS<br />
PPPOE SHOW TRANSPORT<br />
PPPOE SET TRANSPORT USERNAME<br />
PPPOE SET TRANSPORT SERVICENAME<br />
Syntax<br />
PPPOE SET TRANSPORT {|} SERVICENAME <br />
Description This command specifies the service name that is acceptable to the PPPoE client.<br />
<br />
To remove a previously set servicename, itʹs necessary remove the pppoe<br />
transport where the servicename was added.<br />
You can also set the access concentrator using the SET TRANSPORT<br />
ACCESSCONCENTRATOR command so that PPPoE will only accept a specific<br />
service via a specific access concentrator.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
304 Chapter 14 – PPPoE<br />
Option Description Default Value<br />
name<br />
number<br />
service name<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
A PPPoE tag that identifies a specific service<br />
that is acceptable to the PPPoE client. If set,<br />
the PPPoE transport will connect to the first<br />
access concentrator it finds that uses this<br />
service. If an access concentrator is also set,<br />
the PPPoE transport will connect to the<br />
specified service on the named<br />
concentrator. The service name is<br />
determined by your ISP.<br />
N/A<br />
N/A<br />
Empty string<br />
Example --> pppoe set transport pppoe1 servicename jupiter<br />
See also PPPOE LIST TRANSPORTS<br />
PPPOE SET TRANSPORT ACCESSCONCENTRATOR<br />
PPPOE SHOW TRANSPORT<br />
For more information on PPPoE and service names, see RFC2516;<br />
http://www.ietf.org/rfc/rfc2516.txt.<br />
PPPOE SET TRANSPORT USERNAME<br />
Syntax PPPOE SET TRANSPORT {|} USERNAME <br />
Description This command sets a (dialout) username on a named transport. The username is<br />
required when PPP negotiation takes place and is supplied to the remote PPP server<br />
for authentication. To apply a positive authentication you must use not only this<br />
command but moreover you also must use PPPOE SET TRANSPORT PASSWORD<br />
and PPPOE SET TRANSPORT WELOGIN.<br />
<br />
To configure correctly an authenticated pppoe connection itʹs necessary send<br />
also the PPPOE SET TRANSPORT WELOGIN command and set the<br />
authentication password using the PPPOE SET TRANSPORT PASSWORD<br />
command..<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 305<br />
name<br />
number<br />
username<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
A name that identifies a user. Together<br />
with the password, this enables the PPP<br />
client to be authenticated by the remote<br />
end. The username will be required by the<br />
PPP server and will be passed to the server<br />
using the PAP or CHAP protocol. It can be<br />
made up of one or more characters and/or<br />
digits. To display the username, use the<br />
PPPOE SHOW TRANSPORT command.<br />
N/A<br />
N/A<br />
N/A<br />
Example --> pppoe set transport pppoe2 username jsmith<br />
See also PPPOE SET TRANSPORT PASSWORD<br />
PPPOE SET TRANSPORT WELOGIN<br />
Syntax PPPOE SET TRANSPORT {|} WELOGIN {NONE|AUTO|PAP|CHAP}<br />
Description This command sets the authentication protocol used to connect to external PPP<br />
servers (dialout).<br />
<br />
To configure correctly an authenticated pppoe connection itʹs necessary set also<br />
the login username using the PPPOE SET TRANSPORT USERNAME command<br />
and set the authentication password using the PPPOE SET TRANSPORT<br />
PASSWORD command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
number<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command.<br />
N/A<br />
N/A
306 Chapter 14 – PPPoE<br />
NONE<br />
AUTO<br />
PAP<br />
CHAP<br />
No authentication method is used.<br />
The authentication protocol used by the<br />
remote PPP server is discovered and used.<br />
Password Authentication Protocol; the<br />
server sends an authentication request to<br />
the remote user dialling in. PAP passes the<br />
unencrypted username and password to be<br />
verified by the server.<br />
Challenge Handshake Authentication<br />
Protocol; the server sends an authentication<br />
request to the remote user dialling in.<br />
CHAP passes the encrypted username and<br />
password to be verified by the server.<br />
None<br />
Example --> pppoe set transport pppoe2 welogin pap<br />
See also PPPOE SET TRANSPORT THEYLOGIN<br />
PPPOE SHOW TRANSPORT<br />
PPPOE LIST TRANSPORTS<br />
PPPOE SHOW TRANSPORT<br />
Syntax PPPOE SHOW TRANSPORT {|}<br />
Description This command displays the following information about an existing PPPoE<br />
transport:<br />
• Description<br />
• Interface number<br />
• Server - dialin status<br />
• Headers - the data format that the transport can accept or receive<br />
• SVC status (false)<br />
• Local IP address<br />
• Subnet mask<br />
• Remote IP address<br />
• Remote DNS<br />
• Propagate DNS to client (true or false)<br />
• Propagate DNS to relay (true or false)<br />
• Create route (true or false)<br />
• Specific route (true or false)<br />
• Route netmask
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 307<br />
• Dialout Username<br />
• Dialout Password<br />
• Dialout Authentication method<br />
• Dialin Authentication method<br />
• LCP Max Configure<br />
• LCP Max Failure<br />
• LCP Max Terminate<br />
• LCP Echo Period<br />
• Autoconnect status (true or false)<br />
• User Idle Timeout setting (in minutes)<br />
• Access concentrator<br />
• Service name<br />
• Port name<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
Name<br />
number<br />
A name that identifies an existing PPPoE<br />
transport. To display transport names, use<br />
the PPPOE LIST TRANSPORTS command.<br />
A number that identifies an existing PPPoE<br />
transport. To display transport numbers,<br />
use the PPPOE LIST TRANSPORTS<br />
command<br />
N/A<br />
N/A<br />
Example --> pppoe show transport pppoe2<br />
PPP Transport: pppoe2<br />
Description: pppoe2<br />
Interface ID: 1<br />
Server: false<br />
Headers: learn<br />
SVC: false<br />
Local IP: 0.0.0.0<br />
Subnet mask: 0.0.0.0<br />
Remote IP: 0.0.0.0<br />
Remote DNS: 0.0.0.0<br />
Propogate DNS to client: true To relay: true<br />
Create route: true<br />
Specific route: false<br />
Route netmask: 0.0.0.0
308 Chapter 14 – PPPoE<br />
Dialout username:<br />
Dialout password:<br />
Dialout auth.: none<br />
Dialin auth.: none<br />
LCP Max. Conf.: 10<br />
LCP Max. Failure: 5<br />
LCP Max Terminate: 2<br />
LCP Echo Every: 10<br />
Autoconnect: true<br />
User Idle Timeout: 30<br />
Access Conc.:<br />
Service name: y<br />
See also PPPOE LIST TRANSPORTS
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 309<br />
Chapter 15<br />
VoIP Analogue and Digital access ports<br />
Introduction<br />
This chapter describes the telephony services available on the Residential Gateway<br />
and the support for analog voice ports (FXS) and digital ISDN interfaces (Basic<br />
Rate).<br />
The AT-RG613TX(J) supports two FXS ports to connect up to 2 standard DTMF<br />
analogue telephones. A further PSTN port (AT-RG613TXJ model only) is available<br />
to connect the Residential Gateway to a Central Office or to an analog PBX.<br />
The PSTN port (also named FXO port) allows a VoIP end-point to reach an external<br />
phone connected to the PSTN network. In the opposite direction, the FXO port<br />
allows an incoming PSTN call to reach a VoIP end-point.<br />
The same FXO port acts like lifeline when the unit is powered off (or when no local<br />
user is registered to a SIP server or Gatekeeper), connecting the local phones to the<br />
PSTN operator.<br />
The AT-RG623TX supports two ISDN Basic Rate ports to connect up to 8 ISDN<br />
terminals to the residential gateway. In this case the two ports use the same S/T bus<br />
and ISDN terminals can use one port or the other one independently. Up to 2<br />
simultaneous calls can be made on the S/T bus (the limitation is due to the Basic<br />
Rate service that support only two bearer channels of 64Kbps each).<br />
The access port module controls both analog and digital ports:<br />
• on FXS models it detects hardware events like off-hook and DTMF key press and<br />
controls hardware functions like tone generation and ringing.<br />
• on the ISDN models it implements the ISDN protocol conforming to Euro ISDN<br />
standards (ETSI).<br />
The access port module also performs the voiceband processing required to<br />
interface analog or PCM voice, fax with data networks incorporating packet-based<br />
protocols such as Internet protocol (IP).<br />
This system incorporates a voiceband processor (VoIP DSP) that operates in<br />
conjunction with analog interface circuitry and with the unit main processor (CPU).
310 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
The unit main processor implements packet network protocol stacks and system<br />
control, while the voice-band processor primarily performs mathematically<br />
intensive DSP algorithms.<br />
The following are the features available on the Voice system:<br />
Voice Encoding/Decoding<br />
• G.711 A-/µ-law 64 Kbps PCM Speech CODEC<br />
• G.729A/B CS-ACELP Speech CODEC with VAD<br />
• G.726-16Kbps, G.726-24Kbps, G.726-32Kbps and G.726-40Kbps<br />
• T.38 support for transmission of T.30 fax signals into T.30 Intenet Fax Protocol<br />
(IFP) packets.<br />
Voice Quality Management<br />
• Jitter Buffer Management<br />
• Fixed Gain Control configurable independently on TX and RX transmission<br />
• G.168 Line Echo Cancellation (programmable 8 ms – 32 ms tail length)<br />
• Voice Activity Detection (VAD)<br />
• Comfort Noise Generation (CNG)<br />
Telecom Tones Management<br />
• Tone Generation<br />
• DTMF Detection<br />
Analog Ports<br />
On the AT-RG613TX model two FXS ports are provided.<br />
On the AT-RG613TXJ model two FXS ports are provided plus one FXO port.<br />
Connection from the unit to standard DTMF analogue telephones is made via two<br />
RJ11 8-pin connectors.<br />
The analog front-end circuit is designed to support 5REN (Ring Equivalent<br />
Number) load on each FXS port.<br />
An additional RJ11 connector is available as pass-through PSTN port when the unit<br />
is not powered. In this case an internal relay connects the first FXS port to the PSTN<br />
port, allowing the user to make external calls to a Central Office or to analog PBX.<br />
Analog ports are able to reproduce telecom tones similar to the tones provided from<br />
a regional central office or local exchange, simply by selecting the desired country<br />
via the VOIP EP SET COUNTRY command.<br />
Digital Ports<br />
The AT-RG623TX supports two ISDN Basic Rate (BRI) ports.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 311<br />
A block diagram of a typical Basic Rate Access circuit is shown in Figure 14.<br />
Analogue<br />
Phone/FAX<br />
TA<br />
S/T BUS<br />
NT1<br />
U BUS<br />
ISDN<br />
switch<br />
(LT)<br />
ISDN Switched<br />
Nework<br />
ISDN<br />
switch<br />
(LT)<br />
Digital<br />
Phone/FAX<br />
Digital<br />
Phone/FAX<br />
Figure 14. ISDN Basic Access.<br />
The S/T loop may be shared by a number of TEIs and TAs communicating with a<br />
single Network Termination (NT). The U loop may be several kilometres in length and<br />
runs between the NT and the Line Termination (LT) on the ISDN service providerʹs<br />
premises. The letters S, T and U refer to reference points in the ITU-T<br />
Recommendations defining ISDN.<br />
With respect to a standard ISDN Basic Rate Access, the AT-RG623TX is designed to<br />
operate like an NT (LT-S) termination offering access to a VoIP network instead of<br />
an ISDN network.<br />
The Basic Rate access available on the AT-RG623TX consists of 2 data channels<br />
(called B1 and B2) of 64Kbps each; plus one signaling channel (called the D channel)<br />
of 16Kbps. This allows two simultaneous calls (outgoing or/and incoming) to be in<br />
operation at the same time.<br />
ISDN BRI Physical Layer<br />
Connection from the S/T loop to a TE is made via two RJ45 8-pin connectors. From<br />
the system point of view they are one logical port and access a resource named<br />
isdn0.The four centre pins on the connector are used for the transmit and receive<br />
pairs.<br />
Power may be transferred from the NT to TEs (or vice-versa) over the signal wires<br />
or one of the outer pairs.<br />
The S/T loop portion of the circuit support up to 8 ISDN terminals according to a<br />
point-to-multipoint bus topology over a strictly limited distance and is intended for<br />
operation within the customer premises. The S/T bus can be up to 100 meters long<br />
using 100 ohm UTP cable (only a short passive S bus). In this case there are no<br />
strong constraints between the minimum distance between TEs , but 10 meters<br />
between TEs is the suggested separation.<br />
The S/T bus must be terminated with a 100 ohm resistive load at both ends. One 100<br />
ohm termination is already installed inside the AT-RG623TX unit. The other 100<br />
ohm termination must be installed during network configuration.
312 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
See ETS 300 012-1 Annex A - A.2.1 Point-to-multipoint - A.2.1.1 Short passive bus for<br />
more technical details..<br />
ISDN Layer 2 - LAPD<br />
LAPD is the Link Access Protocol for the ISDN D channel, as defined by ITU-T<br />
Recommendation Q.921.<br />
It is a layer 2, or data link layer, protocol which is used for communication between<br />
ISDN Terminal Equipment and Network Equipment (e.g. the AT-RG623). LAPD is<br />
responsible for providing addressing, flow control, and error detection for higher<br />
layer users of the ISDN D channel. A single D channel is able to support multiple<br />
layer 3 entities. LAPD is not used on the ISDN B channels.<br />
In normal operation the LAPD module will not require any configuring since the<br />
default configuration will allow it to function fully. The default for BRI interfaces is<br />
to operate with automatic TEI (Terminal Endpoint Identifier) assignment.<br />
ISDN Layer 3 - Call Control<br />
ISDN layer 3 is responsible for maintaining and controlling ISDN calls.<br />
The call control module uses ITU-T Recommendation Q.931 to set up and tear down<br />
ISDN calls.<br />
Common<br />
Port creation and configuration (if necessary) are part of the VoIP system<br />
configuration steps required in order to receive or make calls, as illustrated in Figure<br />
15.<br />
Default Configuration<br />
Signalling Protocol<br />
Config. (SIP/H323)<br />
Forwarding Database<br />
Access Port Creation<br />
Users Creation<br />
Access Port Config.<br />
Users Binding<br />
Incoming/<br />
Outgoing Calls<br />
Figure 15. VoIP subsystem configuration - basic steps.<br />
By default, analog or digital access ports are not configured in the system when the<br />
unit starts from a factory default configuration.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 313<br />
If a port is not defined, no users can be added to the port and therefore no incoming<br />
calls can be received and no outgoing calls can be made.<br />
On the AT-RG623, attempting to make an outgoing call through an undefined<br />
digital port will result in a DISCONNECT message from the unit. A busy tone may<br />
be reproduced locally on the ISDN telephone depending on phone model (typically<br />
the busy tone is generated for few seconds and then the user is invited to replace the<br />
handset).<br />
On the AT-RG613, attempting to make a call through an undefined analogue port<br />
will result in absence of any tone provided by the unit.<br />
To create a port, use the command VOIP EP CREATE and to enable a port use the<br />
command VOIP EP ENABLE.<br />
Each access port has a unique identifier used during the VOIP EP CREATE<br />
command. Depending on the model, the following ports and port identifiers can be<br />
used:<br />
Model VoIP port type VoIP port identifier<br />
AT-RG613TX al-fxs-del tel1, tel2<br />
AT-RG613TXJ<br />
al-fxs-del<br />
tel1, tel2<br />
al-fxo-del<br />
tel3<br />
AT-RG623TX dl-bri-lt-s tel<br />
To disable a port use the VOIP EP DISABLE command.<br />
Port configuration<br />
Port configuration is managed through the VOIP EP SET command.<br />
It is used to configure the following subsections:<br />
• Digit Map/Dial Mask<br />
• Voice Coder/Decoder<br />
• Voice Quality Management<br />
• Telecom Tones Management<br />
Digit Map<br />
The Digit Map is a rule used by the access port to understand when dialing is is to<br />
be considered completed and the dialed number is ready to be processed by the call<br />
control layer. It works for outgoing calls (in the direction from user to VoIP<br />
network).<br />
A digit map is defined either by a (case insensitive) ʺstringʺ or by a list of strings.<br />
Each string in the list is an alternative numbering scheme, specified either as a set of<br />
digits or timers, or as an expression over which the port will attempt to find a<br />
shortest possible match. The following constructs can be used in each digit map:<br />
DTMF: A digit from ʹ0ʹ to ʹ9ʹ or one of the symbols ʺAʺ, ʺBʺ, ʺCʺ, ʺDʺ, ʺ#ʺ, or ʺ*ʺ.
314 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
Timer: The symbol ʹTʹ matching the timer expiry. The symbol ʹTʹ at the end of Digit<br />
Map indicates that if user has not dialed a digit for a time longer than the value of<br />
the inter-digit time, the dialed number shall be considered complete. If the symbol T<br />
appearsi in the middle of digit map expression is not considered and skipped<br />
during expression evaluation.<br />
Wildcard:<br />
The symbol ʺxʺ, which matches any digit (ʺ0ʺ to ʺ9ʺ).<br />
Range: One or more DTMF symbols enclosed between square brackets (ʺ[ʺ and ʺ]ʺ).<br />
Subrange: Two digits separated by a hyphen (ʺ-ʺ) which matches any digit<br />
between and including the two. The subrange construct can only be used inside a<br />
range construct, i.e., between ʺ[ʺ and ʺ]ʺ.<br />
Position: A period (ʺ.ʺ), which matches an arbitrary number, including zero,<br />
of occurrences of the preceding construct.<br />
Also, note that the whole Digit Map shall not exceed 128 characters.<br />
Let’s consider an example where the user in an office wants to call a co-worker’s 3-<br />
digit extension. The Digit Map is defined in such a way that after the user has<br />
entered 3 digits, the called number is processed.<br />
The command to set the Digit Map could look as follows:<br />
voip ep analogue set prt0 digitmap xxx<br />
This Digit Map specifies that after the user has entered any three digits, the call is<br />
placed. Itʹs possible to refine this Digit Map by including a range of digits. For<br />
example, if all extensions in the user company begin with 2, 3, or 4, the<br />
corresponding Digit Map command could look as:<br />
voip ep analogue set prt0 digitmap [2-4]xx<br />
If the number dialed begins with anything other than 2, 3, or 4, the call is rejected<br />
and a busy tone is generated. Another way to achieve the same result would be:<br />
voip ep analogue set prt0 digitmap [234]xx<br />
It is possible to combine two or more expressions in the same Digit Map by using<br />
the “|” operator, which is equivalent to OR. The left-most expression has<br />
precedence over the other expressions<br />
Let’s consider the case of a choice: the Digit Map must check if the number is<br />
internal (an extension), or external (a local call). Assuming that dialling “9” makes<br />
an external call, the Digit Map could be defined with the command:<br />
voip ep analogue set prt0 digitmap ([2-4]xx|9[2-9]xxxxxx)<br />
In this case the Digit Map checks if the number begins with 2, 3, or 4 and the<br />
number has 3 digits<br />
If not, it checks if the number begins with 9 and the second digit is any digit<br />
between 2 and 9 and the number has 7 digits<br />
It may sometimes be required that users dial the “#” or “*” to make calls.<br />
This can be easily incorporated in a Digit Map with the command:
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 315<br />
voip ep analogue set prt0 digitmap xxxxxxx#|xxxxxxx*<br />
The “#” or “*” character could indicate users must dial the “#” or “*” character at the<br />
end of their number to indicate it is complete.<br />
When processing the outgoing call the call control layer removes any ʹ#ʹʹ, ʹ*ʹ and ʹTʹ<br />
symbols from the dialed number.<br />
Dial Mask<br />
The Dial Mask specifies the number of digits that must be removed from the dialed<br />
number before checking the dialed number against the Digit Map.<br />
When a user digits the called party number, the number of digits specified by the<br />
dial mask parameter are removed from the selection This feature is available both<br />
on AT-RG613TX and AT-RG623TX models.<br />
On AT-RG613TXJ model, dial mask acts both on fxs ports and on the fxo port.<br />
On the fxo port dial mask works only far calls in the direction PSTN to VoIP thus<br />
only on incoming calls on fxo port.<br />
Voice Coder/Decoder<br />
The Voice system makes use of a specific DSP with an embedded sigma-delta<br />
Coder/Decoder to process voice and data from/to access ports.<br />
Different codec types are available in order to satisfy the requirements of different<br />
environments.<br />
Itʹs possible to specify more than one codec type for each port using the command<br />
VOIP EP SET CODECS.<br />
The codec specified at the leftdmost ens of the codec list has precedence over the<br />
other codecs.<br />
The signaling protocol (SIP or H323) will negotiate the active codec based on the<br />
capabilities supported by the other peer involved in the VoIP connection.<br />
In the case of local calls, codec negotiation is performed locally by the call control<br />
layer.<br />
The following codecs are available on the AT-RG613, AT-RG623 and AT-RG656<br />
units:<br />
• g711a<br />
• g711u<br />
• g729<br />
• g726-16<br />
• g726-24<br />
• g726-32<br />
• g726-40<br />
(G.711 A law)<br />
(G.711 µ law)<br />
(G.729)<br />
(G.726 16kbps)<br />
(G.726 24kbps)<br />
(G.726 32kbps)<br />
(G.726 40kbps)<br />
• T.38
316 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
A brief description of each codec is provided below, with some notes about quality<br />
and performance.<br />
G.711 µ/A-law 64 Kbps PCM Speech codec<br />
The G.711 codec is specified by ITU-T and consists of two similar non-uniform pulse<br />
code modulation (PCM) schemes called µ.law and A-law. A-law is commonly used<br />
in Europe and µ-law is commonly used in North America and Japan.<br />
Α-law and µ-law are waveform codecs, which logarithmically quantise each input<br />
sample. Fine quantisation steps are used for the low level amplitudes, which occur<br />
more frequently in speech signals. Much coarser quantisation steps are used for<br />
large amplitude signals.<br />
The digitised, linear PCM input signals (13 and 14 bits respectively) sampled at an 8<br />
KHz sampling rate are converted into an 8-bit compressed floating-point PCM<br />
representation for a total bit rate equal to 64Kbps<br />
The G.711 codec is very simple, has very low delay, and results in high quality<br />
speech known as ʺtollʺ quality. G.711 requires trivial processor resources but its high<br />
bit rate generally precludes its use in systems where bandwidth or storage space is a<br />
concern.<br />
G.729 A/B CS-ACELP Speech codec<br />
The G.729 codec is specified by ITU-T and consists of a Conjugate Structure<br />
Algebraic CELP (CS-ACELP) analysis-by-synthesis algorithm that results in a<br />
compressed bit rate of 8 kbps.<br />
The algorithmic delay (block processing size) is 10 ms (80 samples), but the G.729<br />
algorithm also incorporates a 5 ms look-ahead resulting in a 15 ms delay for the<br />
encoder. The complexity is high. It results in good speech quality, with a MOS value<br />
of 4.0.<br />
There is a lower complexity version of the original G.729 described in G.729 Annex<br />
A.<br />
G.729 Annex A is interoperable with G.729, however it requires less than half the<br />
processing requirements in terms of MIPS. The speech quality for G.729A is very<br />
close to that of G.729 except it performs slightly worse in environments with<br />
background noise and in the presence of bit errors. The MOS for G.729A is 3.9.<br />
G.729 Annex B describes a voice activity detection/comfort noise generation<br />
algorithm that can be operated in conjunction with either of the speech coders to<br />
further reduce the bit rate during periods of silence.<br />
G.726 ADPCM Speech codec<br />
The G.726 codec is specified by ITU-T and is an adaptative differential pulse code<br />
modulation (ADPCM) speech-coding algorithm capable to operate at 16kbps,<br />
24kbps, 32 kbps and 40kbps.<br />
For 32 kbps operation, each input voice sample is converted into a 4-bit quantized<br />
difference signal resulting in a compression ratio (respect to a reference G711 codec)<br />
of 2:1. For the 24kbps and 40kbps operation the quantized difference signal is 3 bits
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 317<br />
and 5 bits, respectively. At 32kbps ADPCM has a low delay and is considered ʺtollqualityʺ,<br />
i.e. virtually indistinguishable from A-law and u-law for a single encoding.<br />
At lower bit rates, especially below 24kbps, speech quality is dramatically reduced.<br />
T.38 support<br />
AT-RG613, AT-RG623 and AT-RG656 are designed to support the transmission of<br />
T.30 fax signals using T.38 Internet Fax Protocol (IFP) packets.<br />
Even if T.38 is reported under the codec supported list in AT-RG600 family, T.38 is<br />
not properly a codec but is a technical solution to map FAX signals into a dedicated<br />
IP protocol that overrides the limitations (e.g. signal distortion) that are present<br />
when faxes are sent using codec designed for speech applications.<br />
When T.38 support is enabled and a fax must be sent or received, the Residential<br />
Gateway tries firstly to negotiate T.38 support with the called or calling end-point<br />
respectively. If this fails, automatically the Residential Gateway switches to a non<br />
compressed codec like G711u or G711a.<br />
Voice Quality Management<br />
To increase the voice/data quality additional parameters can be set on the voice<br />
system DSP.<br />
The following settings are available on both the AT-RG613, AT-RG623 and AT-<br />
RG656 models. A brief description of each setting is provided below:<br />
Jitter Buffer<br />
Voice-over-packet systems require a “jitter” buffer to compensate for delay variation<br />
due to packet queuing, network congestion, or other network phenomena.<br />
This delay results when a complete voice packet ready for transmission cannot be<br />
immediately transmitted. This may be because packets from other equal priority<br />
voice channels are also ready to be transmitted or because a lower priority data<br />
packet has started transmission and must be allowed to complete.<br />
This delay is dependent on a number of factors including the minimum size data<br />
packet, the number of other voice channels, which could simultaneously produce a<br />
packet, and the willingness to reduce network packet efficiency by transmitting a<br />
partially filled packet.<br />
The jitter buffer is designed to prevent data starvation on the packet-receiving end,<br />
and may dynamically adjust its buffer depth depending on network performance<br />
characteristics.<br />
The voice DSP make use of one shared output buffer in the encode direction. The<br />
system is designed to zeroing the process latency for ports using the same codec<br />
algorithm.<br />
In the case that access ports are not using the same codec, this optimization is less<br />
effective and some channel data could suffer a variable delay (jitter).
318 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
On the decoding path (from VoIP network to access port), voice/data packets are<br />
managed in separate jitter buffers (one for each access port) to compensate<br />
efficiently for jitter injected by the network.<br />
The command VOIP EP SET JITTERDELAY is used to specify the jitter delay. The<br />
delay parameter represents the delay in milliseconds that the jitter buffer waits<br />
before it transmits the data samples that are collected from the VoIP network.<br />
Volume Gain Control<br />
To adjust volume gain appropriate to the operational environment, itʹs possible to<br />
set the gain on the Tx direction (from phone/user to AT-RG600/VoIP network)<br />
separately from that in the Rx direction (from AT-RG600/VoIP network to<br />
phone/user) to values between –48dB and +24dB.<br />
Gain control can be set separately on each access port on AT-RG613TX(J)<br />
modelswhile on AT-RG623 model it acts simultanously on both B1 and B2 channels.<br />
G.168 Line Echo Cancellation (8 ms – 32 ms tail length)<br />
International Telecommunications Union, Telecommunications sector (ITU-T) G.168<br />
specifies the requirements for line echo cancellers.<br />
A line echo canceller is an adaptive FIR filter, which operates upon frames of<br />
digitised data, and is typically used in telephony applications to cancel the electrical<br />
echo caused by 2-to-4 wire conversion hybrids. In this case an impedance mismatch<br />
in this device will almost always result in some “talker echo”, which is a reflection<br />
of the received analog signal back to the far-end talker on the transmission path.<br />
The longer the delay through the system, the less the echo amplitude that can be<br />
tolerated before being annoying to the talker. Thus, since virtually all VoIP systems<br />
add delay to the system, line echo cancellation is almost always required.<br />
Acceptable values for Line Echo Cancellation are 8, 16 and 32 msec.<br />
A value of 0 for Line Echo Cancellation results is turning off the Line Echo<br />
Cancellation feature.<br />
Voice Activity Detection (VAD) / Comfort Noise<br />
Generation (CNG)<br />
Voice activity detection / comfort noise generation (VAD/CNG) are two algorithms<br />
designed to reduce bit rates beyond the nominal values defined by the selected<br />
codec when no speech is present.<br />
Silence detection algorithms simply replace periods when speech is not detected<br />
with silence, allowing the output to mute. This solution has the advantage of greatly<br />
reducing the average bit-rate, but many listeners find it disconcerting when the<br />
background noise is completely muted during periods when they are talking.<br />
Therefore during periods of non-speech, it is generally preferable to produce some<br />
amount of “comfort noise” (CNG) which sounds similar to the speaker’s<br />
background noise.<br />
VAD/CNG features are embedded in codec G.729 algorithms, while they are<br />
separate proprietary algorithms when used in conjunction with the G.711 codec.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 319<br />
Telecom Tones Management<br />
On analog access models (AT-RG213) the called party number is provided to the<br />
unit through DTMF dialed digits.<br />
On digital access models (AT-RG623) the called party number is provided to the<br />
Residential Gateway using EnBlock mode or Multi Frame mode.<br />
Using the EnBlock Mode, the called party number is provided to the Residential<br />
Gateway in the Q.931 SETUP message during the call establishment phase.<br />
Using the Multi Frame Mode, the called party number is provided to the Residential<br />
Gateway both in the Q.931 SETUP message and in one or more INFO messages<br />
during the call establishment phase.<br />
DTMF Relay<br />
DTMF Relay is a protocol dependent solution used to transfer DTMF tones when in<br />
a call a low compressed codec is used. In this case, if tone is managed similarly to<br />
voice, the tone may be distorted during compression and decompression phase and<br />
therefore a specific application must be used to support DTMF transfer.<br />
• DTMF Relay under SIP protocol<br />
To prevent tone distortion, during call establishment, the endpoints negotiate a<br />
specific RTP packet payload (Named Telephone Event) used only to tranfer DTMF<br />
tones as specified in RFC 2833 (section 3).<br />
When the Residential Gateway attempts to establish a call, it adds to the capabilities<br />
list the RTP packet Named Telephone Event only if a compressed codec (g726 or<br />
g729ab) has been configured for the Voice access port involved in the call.<br />
- Then if the call is established using an uncompressed codec (i.e. g711u or<br />
g711a), the Residential Gateway will send DTMF tone in-band (independently<br />
if the called endpint supports or not RTP packet Named Telephone Event) on<br />
the same path used for voice.<br />
- If the call is established using a compressed codec, the Residential Gateway will<br />
send DTMF tones using RTP packet Named Telephone Event only if the called<br />
end-point supports it, otherwise it switches to the same path used for voice<br />
(accepting DTMF distorsion).<br />
When the Residential Gateway is going to accept a call, it adds to the capabilities list<br />
the RTP packet Named Telephone Event only if a compressed codec (g726 or<br />
g729ab) has been configured for the Voice access port involved in the call.<br />
- Then if the call is established using an uncompressed codec (i.e. g711u or<br />
g711a), the Residential Gateway will send DTMF tone in-band (independently<br />
if the caller endpint supports or not RTP packet Named Telephone Event) on<br />
the same path used for voice.<br />
- If the call is established using a compressed codec, the Residential Gateway will<br />
send DTMF tones using RTP packet Named Telephone Event only if the caller<br />
end-point supports it, otherwise it switches to the same path used for voice<br />
(accepting DTMF distorsion).<br />
Inter-digit time / Inter-digit critical time
320 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
The Inter-digit time is the maximum acceptable time between the dialing of one<br />
digit and the next. If a time greater than the inter-digit time elapses after the dialing<br />
of a digit, dialling is considered complete.<br />
The Inter-digit time value is used by the timer ʹTʹ in the digit map expression.<br />
To change the value of the inter-digit time use the VOIP EP SET IDT-PARTIAL<br />
command<br />
The Inter-digit critical time is the maximum acceptable time between the off-hook<br />
event and the dialing of the first digit. If a time greater than this has elapsed since<br />
off-hook and dialing has not yet started, then the connection is closed and a busy<br />
tone is generated.<br />
To change the value of the inter-digit critical time use the VOIP EP SET IDT-<br />
CRITICAL command<br />
Off-hook time / On-hook time<br />
Off-hook time and On-hook time are configuration parameters available only for<br />
analog access ports.<br />
Off-hook time is the minimum time (msec) that the analog line must stay in off-hook<br />
before the system detects the off-hook state.<br />
On-hook time is the minimum time (msec) that the analog line must stay in onhook<br />
before the system detects the on-hook state.<br />
Country-specific Telecom Tones<br />
The AT-RG613, AT-RG623 and AT-RG656 are able to reproduce the same countryspecific<br />
telecom tones used by Central Offices or Foreign Exchanges simply by<br />
selecting the preferred country via the VOIP EP SET COUNTRY command.<br />
Dial Tone, Busy Tone and Ring Back Tone refer to ITU-T E.180 specifications as<br />
reported in the following table:<br />
Country Dial Tone Busy Tone Ring Back Tone<br />
Frequency<br />
(Hz)<br />
Cadence<br />
(msec)<br />
Frequency<br />
(Hz)<br />
Cadence<br />
(msec)<br />
Frequency<br />
(Hz)<br />
Cadence<br />
(msec)<br />
Australia 425x25 Continuous 400 375 - 375 400x17<br />
400 - 200 -<br />
400 - 2000<br />
Austria 450 Continuous 450 300 - 300 450 1000 - 5000<br />
Belgium 425 Continuous 425 500 - 500 425 1000 - 3000<br />
Canada 350+440 Continuous 480+620 500 - 500 440+480 2000 - 4000<br />
China 450 Continuous 450 350 - 350 450 1000 - 4000<br />
France 440 Continuous 440 500 - 500 440 1500 - 3500<br />
Germany 425 Continuous 425 480 - 480 425<br />
250 - 4000 -<br />
1000 - 4000<br />
-<br />
1000 - 4000<br />
Israel 400 Continuous 400 500 - 500 400 1000 - 3000<br />
Italy 425<br />
600 - 1000 -<br />
200 - 200<br />
425 200 - 200 425 1000 - 4000<br />
Japan 400 Continuous 400 500 - 500 400x16 1000 - 2000
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 321<br />
New<br />
400 - 200 -<br />
400 Continuous 400 500 - 500 400 + 450<br />
Zealand<br />
400 - 2000<br />
Norway no tone // 425 1000 - 4000 425 500 - 500<br />
Russia no tone // 425 400 - 400 425 800 - 3200<br />
Singapore 425 Continuous 425 750 - 750 425x24<br />
400 - 200 -<br />
400 - 2000<br />
Spain 425 Continuous 425 200 - 200 425 1500 - 3000<br />
Sweden 425 Continuous 425 250 - 250 425 1000 - 5000<br />
Turkey 450 Continuous 450 500 - 500 450 2000 - 4000<br />
United<br />
400 - 200 -<br />
350+440 Continuous 400 375 - 375 400+450<br />
Kingdom<br />
400 - 2000<br />
United<br />
States<br />
350+440 Continuous 480+620 500 - 500 440+480 2000 - 4000<br />
<br />
Note:Frequency in Hz:<br />
f1xf2 means f1 is modulated by f2<br />
f1+f2 is the juxtaposition of two frequencies f1 and f2 without modulation.<br />
Cadence in seconds: ON - OFF<br />
Telecom Tones Customization<br />
Itʹs possible customize some tones or signal using the VOIP EP SIGNALING<br />
commands.<br />
The user must define a new signaling using the command VOIP EP SIGNALING<br />
CREATE and defining a name, the type, the frequency and the cadence. Afterward,<br />
the defined signaling must be added to the desired analog port using the command<br />
VOIP EP SIGANLING ADD.<br />
Type of the signaling<br />
The customizable signaling type are:<br />
• Busy Tone<br />
• Dial Tone<br />
• Ring Signal (CAI – Call Alerting Signal)<br />
• Ringback tone<br />
Frequency of the signaling<br />
A customized signaling with a type set to ring can be only set with a single<br />
frequency (f1).<br />
A customized signaling with a type set to busy-tone, dial-tone or ringback-tone can<br />
be set using three different way to build the tones:<br />
• Single frequency (f1)<br />
• Two modulated frequency (f1x f2)<br />
• Two juxtapositioned frequency (f1+f2)
322 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
A customized signaling can be set with up to three different tones that will be<br />
executed in sequency. The timing of the sequence depend on the cadence setting.<br />
Cadence of the signaling<br />
The cadence od the signaling can be set specifying some time intervals where the<br />
signale is present or not. Each time interval is prefixed by “+” or “-“ indicating,<br />
respectively, the signal issue or a pause.<br />
Sub-sequences may by provisioned specifying the number of cycles followed by the<br />
cadence inside brackets. The item “continuous” is available for infinite repetition or<br />
time. See the examples in the VOIP EP SIGNALING CREATE commands.<br />
Port enable/disable<br />
Itʹs possible to temporarily disable a port by using the VOIP EP<br />
ANALOGUE/DIGITAL DISABLE command.<br />
Any call originated from, or sent to, a user attached to a disabled access port is<br />
discharged.<br />
On the AT-RG613, no dial tone is provided through a disabled analogue port.<br />
On the AT-RG623, attempting to make an outgoing call through a disabled digital<br />
port will result in a DISCONNECT message from the unit. A busy tone may be<br />
reproduced locally on the ISDN telephone depending on phone model (typically the<br />
busy tone is generated for few seconds and then the user is invited to replace the<br />
handset).<br />
When a port is disabled, each user added to the port starts to un-register from the<br />
Location Server (SIP signaling protocol) or Gatekeeper (H323 signaling protocol).<br />
To change the port status from disabled to enabled, use the VOIP EP<br />
ANALOGUE/DIGITAL ENABLE command.<br />
As soon the port is enabled all the users attached to the port automatically restart<br />
the process of registration with the location server or gatekeeper.<br />
To show the users attached to a port, use the VOIP EP ANALOGUE/DIGITAL<br />
SHOW command.<br />
To show the user registration status, use the VOIP USER SHOW command.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 323<br />
VoIP EP Command <strong>Reference</strong><br />
This section describes the commands available on the Residential Gateway to create,<br />
configure and manage access ports (also called end points - EP).<br />
Two types of port are defined: analogue and digital. The syntax for both analogue<br />
and digital ports is described below. If not otherwise stated, command parameters<br />
apply both to analogue and digital ports.<br />
If particular parameters or commands specific only for one type of port, this will be<br />
explicitly indicated in the description.<br />
voip ep CLI commands<br />
The table below lists the VOIP EP commands provided by the CLI:<br />
Command<br />
VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SET CNG<br />
VOIP EP SET CODECS<br />
VOIP EP SET COUNTRY<br />
VOIP EP SET DIALMASK<br />
VOIP EP SET DIALMODE<br />
VOIP EP SET DIGITMAP<br />
VOIP EP SET IDT-CRITICAL<br />
VOIP EP SET IDT-PARTIAL<br />
VOIP EP SET JITTERDELAY<br />
VOIP EP SET LEC<br />
VOIP EP SET OFFHOOK-TIME<br />
VOIP EP SET ONHOOK-TIME<br />
VOIP EP SET RXGAIN<br />
VOIP EP SET TXGAIN<br />
VOIP EP SET VAD<br />
VOIP EP SHOW<br />
VOIP EP SIGNALING ADD<br />
VOIP EP SIGNALING CREATE
324 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
VOIP EP SIGNALING DELETE<br />
VOIP EP SIGNALING LIST<br />
VOIP EP SIGNALING REMOVE<br />
VOIP EP SIGNALING SHOW
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 325<br />
VOIP EP CREATE<br />
Syntax VOIP EP ANALOGUE CREATE TYPE PHYSICAL-PORT <br />
VOIP EP DIGITAL CREATE TYPE PHYSICAL-PORT <br />
Description This command adds a named access port and binds it to a physical access port.<br />
If the physical resource is already assigned to another named port, an error is raised<br />
and the command fails.<br />
<br />
<br />
<br />
On AT-RG613TX model, up 2 analogue ports can be created with TYPE al-fxsdel<br />
and PHYSICAL-PORT tel1 or tel2.<br />
On AT-RG613TXJ model, up 2 analogue ports with TYPE al-fxs-del and<br />
PHYSICAL-PORT tel1 or tel2 can be created plus a third analog port with TYPE<br />
al-fxo-del and PHYSICAL-PORT tel3.<br />
On AT-RG623TX model, only one digital port can be created with TYPE dl-brilt-s<br />
and PHYSICAL-PORT tel. On AT-RG623TX model, only one digital port can<br />
be created with TYPE dl-bri-lt-s and PHYSICAL-PORT tel.<br />
Options The following table gives the range of values for each option that can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
port-type<br />
An arbitrary name that identifies the access<br />
port. It can be made up of one or more<br />
letters or a combination of letters and digits,<br />
but it cannot start with a digit. The<br />
maximum length is fixed to 16 characters.<br />
This is the user access typology served by<br />
the physical port; the possible values<br />
depend on the model (analog access or<br />
digital access).<br />
Valid values are:<br />
al-fxs-del: analog line, foreign exchange<br />
subscriber side, direct exchange line.<br />
al-fxo-del: analog line, foreign exchange<br />
office side, direct exchange line.<br />
dl-bri-lt-s: digital line, ISDN basic rate<br />
interface, LT-S termination.<br />
N/A<br />
N/A
326 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
phy-port-id<br />
This is the physical port providing the<br />
access to VoIP network. It may assume the<br />
following values depending on port-type<br />
selection:<br />
tel1: first analog fxs port N/A<br />
tel2: second analog fxs port<br />
tel3: analog fxo port (only AT-RG613TXJ<br />
model)<br />
tel1: digital isdn port<br />
Example<br />
--> voip ep analogue create prt0 type al-fxs-del physical-port tel1<br />
--> voip ep digital create prt0 type dl-bri-lt-s physical-port tel1<br />
See also VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SET<br />
VOIP EP SHOW<br />
VOIP EP DELETE<br />
Syntax VOIP EP ANALOGUE DELETE <br />
VOIP EP DIGITAL DELETE <br />
Description This command deletes the named access port created previously using the VOIP EP<br />
CREATE command.<br />
<br />
Deleting an access port where one or more users are attached, causes a<br />
deregistration procedure to be invoked for the users attached to the removed<br />
port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing access<br />
port. To display existing access port names,<br />
use the VOIP EP LIST command.<br />
N/A<br />
Example --> voip ep analogue delete prt0<br />
--> voip ep digital delete prt0<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SET
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 327<br />
VOIP EP SHOW<br />
VOIP EP DISABLE<br />
Syntax VOIP EP ANALOGUE DISABLE <br />
VOIP EP DIGITAL DISABLE <br />
Description This command disables the physical port referred to by the named access port.<br />
Use the VOIP EP SHOW command to retrieve the Operational Status of a specific<br />
port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing access<br />
port. To display existing access port names,<br />
use the VOIP EP LIST command.<br />
N/A<br />
Example --> voip ep analogue disable prt0<br />
--> voip ep digital disable prt0<br />
See also VOIP EP CREATE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SET<br />
VOIP EP SHOW<br />
VOIP EP ENABLE<br />
Syntax VOIP EP ANALOGUE ENABLE <br />
VOIP EP DIGITAL ENABLE <br />
Description This command enables the physical port referred to by the named access port.<br />
Use the VOIP EP SHOW command to retrieve the Operational Status of a specific<br />
port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing access<br />
port. To display existing access port names,<br />
use the VOIP EP LIST command.<br />
N/A
328 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
Example --> voip ep analogue enable prt0<br />
--> voip ep digital enable prt0<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP LIST<br />
VOIP EP SET<br />
VOIP EP SHOW<br />
VOIP EP LIST<br />
Syntax VOIP EP ANALOGUE LIST<br />
VOIP EP DIGITAL LIST<br />
Description This command lists the named access port defined in the system using the VOIP EP<br />
CREATE command.<br />
The following information is displayed:<br />
• end-point (analogue or digital) ID value<br />
• end-point (analogue or digital) name<br />
• physical port index<br />
• physical port typology<br />
Example --> voip ep analogue list<br />
Gateway access ports:<br />
ID | Name | Physical Port | Typology<br />
-----|------------|------------------|------------------<br />
1 | prt0 | tel1 | al-fxs-del<br />
--------------------------------------------------------<br />
--> voip ep digital list<br />
Gateway access ports:<br />
ID | Name | Physical Port | Typology<br />
-----|------------|------------------|------------------<br />
1 | prt0 | isdn0 | dl-bri-lt-s<br />
--------------------------------------------------------<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP SET<br />
VOIP EP SHOW<br />
VOIP EP SET CFWD<br />
Syntax CFWD all-calls
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 329<br />
VOIP EP SET CFWD ENABLE ALL-CALLS ON-<br />
PREFIX ON-SUFFIX OFF-PREFIX <br />
CFWD on-busy<br />
VOIP EP SET CFWD ENABLE ON-BUSY ON-PREFIX<br />
ON-SUFFIX OFF-PREFIX <br />
CFWD on-no-answer<br />
VOIP EP SET CFWD ENABLE ON-NO-ANSWER ON-<br />
PREFIX ON-SUFFIX OFF-PREFIX <br />
VOIP EP SET CFWD ON-NO-ANSWER TIMEOUT<br />
<br />
Description Call ForWarDing (CFWD) enables to forward incoming calls to another destination<br />
previously decided in a static way. The feature must be enabled on the RG6xx via<br />
the command line, and can be set for following cases:<br />
• CFWD for all incoming calls<br />
• CFWD in case of busy state of the receiver of the call<br />
• CFWD in case of no answer. In this case a timer can be set. The timer allows users<br />
to decide a time threshold after which the call is considered not answered.<br />
In order to have all rules set at the same time, you need to digit on the phone<br />
keyboard the ʺon-prefix + + on-suffixʺ. You can see changes on the<br />
RG6xx by typing the following command:<br />
voip ep show cfwd <br />
Then, to disable it on the phone, you need to digit the ʺoff-prefixʺ. If you want to<br />
disable it on the RG600, type the following command:<br />
voip ep disable cfwd <br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
on-prefix<br />
on-suffix<br />
A name that identifies an existing access<br />
port. To display access port names, use the<br />
VOIP EP LIST command.<br />
The sequence to be composed on the phone<br />
keyboard, before the phone number to<br />
where the call will be forwarded<br />
The sequence to be composed on the phone<br />
keyboard after the prefix and the phone<br />
N/A<br />
N/A<br />
N/A
330 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
number<br />
off-suffix<br />
secs<br />
The sequence to be composed by the user<br />
on his phone keyboard to disable the call<br />
forwarding.<br />
The time threshold after which the call is<br />
considered not answered<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set tel1 cfwd enable all-calls on-prefix *123* on-suffix # offprefix<br />
**<br />
--> voip ep analogue set tel1 cfwd enable on-busy on-prefix<br />
*123* on-suffix # off-prefix **<br />
--> voip ep analogue set tel1 cfwd enable on-no-answer on-prefix *123* on-suffix<br />
# off-prefix **<br />
voip ep analogue set tel1 cfwd on-no-answer timeout 10<br />
See also<br />
VOIP EP SHOW CFWD<br />
VOIP EP DISABLE<br />
VOIP EP SET CNG<br />
Syntax VOIP EP ANALOGUE SET CNG <br />
VOIP EP DIGITAL SET CNG <br />
Description This command enables or disables the comfort noise generation feature.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
status<br />
A name that identifies an existing access<br />
port. To display access port names, use the<br />
VOIP EP LIST command.<br />
The status of the comfort noise generation<br />
feature.<br />
Valid values are:<br />
off: CNG disabled<br />
on: CNG enabled<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 cng off<br />
--> voip ep digital set prt0 cng off<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 331<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET CODECS<br />
Syntax VOIP EP ANALOGUE SET CODECS <br />
VOIP EP DIGITAL SET CODECS <br />
Description This command sets the codec capability list for an existing access port.<br />
<br />
T38 support must always be selected together with another speech codec<br />
(G711a/u or G726 or G729ab).<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
codec-list<br />
A name that identifies an existing access<br />
port. To display access port names, use the<br />
VOIP EP LIST command.<br />
The value or a comma separated list of<br />
values defining the compression algorithm<br />
on codec.<br />
Valid values are:<br />
g711a: referring to G.711 a-law PCM<br />
g711u: referring to G.711 µ-law PCM<br />
g729ab: referring to G.729A/B 8 kbps<br />
ACELP A/B<br />
g726-16: referring to G.726 16 kbps<br />
g726-24: referring to G.726 24 kbps<br />
g726-32: referring to G.726 32 kbps<br />
g726-40: referring to G.726 40 kbps<br />
T38<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 codecs g711a,g711u,g729ab<br />
--> voip ep digital set prt0 codecs g711a,g711u,g729ab<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET COUNTRY<br />
Syntax VOIP EP ANALOGUE SET COUNTRY
332 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
VOIP EP DIGITAL SET COUNTRY <br />
Description This command sets dial tone, busy tone and ring back tone frequencies and<br />
cadences on the physical port referred to by the named access port, appropriately<br />
for the selected country.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
country<br />
A name that identifies an existing access<br />
port. To display access port names, use the<br />
VOIP EP LIST command.<br />
The national signalling system and defines<br />
the analogue signaling criteria in use.<br />
Valid values are:<br />
australia<br />
austria<br />
belgium<br />
canada<br />
china<br />
france<br />
germany<br />
israel<br />
italy<br />
japan<br />
newzealand<br />
norway<br />
russia<br />
singapore<br />
spain<br />
sweden<br />
turkey<br />
uk<br />
usa<br />
N/A<br />
N/A<br />
Example --> voip ep analogue(digital) set prt0 country USA<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET DIALMASK<br />
Syntax VOIP EP ANALOGUE SET DIALMASK
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 333<br />
VOIP EP DIGITAL SET DIALMASK <br />
Description This command sets the dial mask value (number of chars to be removed from the<br />
dialed number) on the physical port referred to by the named access port.<br />
<br />
On AT-RG613 TXJ FXO port, dial mask works only in the direction PSTN to<br />
FXO port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
digit-number<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
The number of digits to be removed from<br />
the dialed number.<br />
Acceptable values are from 0 to 3.<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 dialmask 2<br />
--> voip ep digital set prt0 dialmask 2<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET DIALMODE<br />
Syntax VOIP EP ANALOGUE SET DIALMODE {AUTO | DTMF | PULSE<br />
10PPS|20PPS}<br />
Description This command sets the dial mode used by analogue ports. On the fxo port, if<br />
DIALMODE is set to AUTO, the Residential Gateway examines the type of<br />
signalling mode supported on the PSTN line and set the port signalling to the same<br />
mode automatically. On fxs ports, if DIALMODE is set to AUTO, the Residential<br />
Gateway uses the same signalling mode selected for fxo port.<br />
If PULSE mode is selected, itʹs also necessary select the pulse rate: 10pps or 20pps.<br />
Example --> voip ep analogue set prt0 dialmode auto<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE
334 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET DIGITMAP<br />
Syntax VOIP EP ANALOGUE SET DIGITMAP <br />
VOIP EP DIGITAL SET DIGITMAP <br />
Description This command sets the digit map rule on the physical port referred to by the named<br />
access port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
digit-map<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
The digit map expression. A Digit map<br />
may have up to 32 chars.<br />
The following symbols can be used:<br />
DTMF: A digit from ʹ0ʹ to ʹ9ʹ or one of the<br />
symbols ʺAʺ, ʺBʺ, ʺCʺ, ʺDʺ, ʺ#ʺ, or ʺ*ʺ.<br />
Timer: The symbol ʺTʺ<br />
Wildcard: The symbol ʺxʺ<br />
Range: The symbols ʺ[ʺ and ʺ]ʺ<br />
Subrange: The symbol ʺ-ʺ<br />
Position: The symbol ʺ.ʺ<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 digitmap x.T<br />
--> voip ep digital set prt0 digitmap x.T<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET IDT-CRITICAL<br />
Syntax VOIP EP ANALOGUE SET IDT-CRITICAL <br />
VOIP EP DIGITAL SET IDT-CRITICAL
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 335<br />
Description This command set the Inter-digit critical time on the physical port referred to by the<br />
named access port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
secs<br />
A name that identifies an existing access<br />
port. To display access port names, use the<br />
VOIP EP LIST command.<br />
The time duration in seconds of the interdigit<br />
critical time. Acceptable values are<br />
from 5secs to 30secs.<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 idt-critical 16<br />
--> voip ep digital set prt0 idt-critical 16<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET IDT-PARTIAL<br />
Syntax VOIP EP ANALOGUE SET IDT-PARTIAL <br />
VOIP EP DIGITAL SET IDT-PARTIAL <br />
Description This command sets the Inter-digit time on the physical port referred to by the<br />
named access port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
secs<br />
A name that identifies an existing access<br />
port. To display existing access port names,<br />
use the VOIP EP LIST command.<br />
The time duration in seconds of the interdigit<br />
time. Acceptable values are from 2secs<br />
to 10secs.<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 idt-partial 10<br />
--> voip ep digital set prt0 idt-partial 10<br />
See also VOIP EP CREATE
336 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET JITTERDELAY<br />
Syntax VOIP EP ANALOGUE SET JITTERDELAY <br />
VOIP EP DIGITAL SET JITTERDELAY <br />
Description This command sets the jitter delay value on the port referred to by the named access<br />
port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
msec<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
The delay in milliseconds that the jitter<br />
buffer waits before it transmits the data<br />
samples that are collected from the VoIP<br />
network.<br />
Valid values are from 0 to 130msec:<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 jitterdelay 6<br />
--> voip ep digital set prt0 jitterdelay 6<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET LEC<br />
Syntax VOIP EP ANALOGUE SET LEC <br />
VOIP EP DIGITAL SET LEC <br />
Description This command sets the line echo cancellation length on the port referred to by the<br />
named access port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 337<br />
Option Description Default Value<br />
name<br />
msec<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
The line echo cancellation length in milliseconds.<br />
Valid values are 0, 8, 16 and 32 msec.<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 lec 16<br />
--> voip ep digital set prt0 lec 16<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET OFFHOOK-TIME<br />
Syntax VOIP EP ANALOGUE SET OFFHOOK-TIME <br />
Description This command set the off-hook time on the port referred to by the named access<br />
port.<br />
Only analog access ports accept off-hook time settings.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
msec<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
The off-hook time in millisecond.<br />
Valid values are from 100 to 500msec.<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 offhook-time 350<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW
338 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
VOIP EP SET ONHOOK-TIME<br />
Syntax VOIP EP ANALOGUE SET ONHOOK-TIME <br />
Description This command set the on-hook time on the port referred to by the named access<br />
port.<br />
Only analog access ports accept on-hook time settings.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
msec<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
The on-hook time in millisecond.<br />
Valid values are from 100 to 500msec.<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 onhook-time 250<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET RXGAIN<br />
Syntax VOIP EP ANALOGUE SET RXGAIN <br />
VOIP EP DIGITAL SET RXGAIN <br />
Description This command sets the input gain (in the direction from AT-RG600/VoIP network to<br />
phone/user) of the port referred to by the named access port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
gain<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
The value of rx gain in dB.<br />
Valid values are from –48dB to +28dB.<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 rxgain –3.0
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 339<br />
--> voip ep digital set prt0 rxgain –3.0<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET TXGAIN<br />
Syntax VOIP EP ANALOGUE SET TXGAIN <br />
VOIP EP DIGITAL SET TXGAIN <br />
Description This command sets the output gain (in the direction from phone/user to AT-<br />
RG600/VoIP network) of the port referred to by the named access port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
gain<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
The value of tx gain in dB.<br />
Valid values are from –48dB to +28dB.<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 txgain –3.0<br />
--> voip ep digital set prt0 txgain –3.0<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SET VAD<br />
Syntax VOIP EP ANALOGUE SET VAD <br />
VOIP EP DIGITAL SET VAD <br />
Description This command enables or disables the voice activity detection feature on the port<br />
referred to by the named access port.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).
340 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
Option Description Default Value<br />
name<br />
status<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
The status of the VAD feature.<br />
Valid values are:<br />
on VAD enabled<br />
off VAD disabled<br />
N/A<br />
N/A<br />
Example --> voip ep analogue set prt0 vad off<br />
--> voip ep digital set prt0 vad off<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SHOW<br />
VOIP EP SHOW<br />
Syntax VOIP EP ANALOGUE SHOW <br />
VOIP EP DIGITAL SHOW <br />
Description This command displays the following information about a named access port:<br />
• Physical Port<br />
• Typology<br />
• Operational status<br />
• Comfort Noise Generation (CNG)<br />
• Codec Capabilities<br />
• Country<br />
• Critical-digit time<br />
• Inter-digit time<br />
• Dialing Mode (AT-RG613TX and AT-RG613TXJ models)<br />
• Digit map<br />
• Dial mask<br />
• Line Echo Cancellation (AT-RG613TX and AT-RG613TXJ models)<br />
• Jitter Delay<br />
• Voice Activity Detection (VAD)<br />
• Off-hook time (AT-RG613TX and AT-RG613TXJ models)
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 341<br />
• On-hook time (AT-RG613TX and AT-RG613TXJ models)<br />
• Rx gain<br />
• Tx gain<br />
• Attached users<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing access<br />
port. To display the existing access port<br />
names, use the VOIP EP LIST command.<br />
N/A<br />
Example --> voip ep analogue show prt0<br />
--> voip ep analogue show prt0<br />
Gateway access port: prt0<br />
--------------------------------------------------<br />
Physical port:<br />
tel1<br />
Typology:<br />
al-fxs-del<br />
Operational status:<br />
Activated<br />
Confort Noise Generation (CNG): OFF<br />
Codec Capabilities:<br />
G711A,G711U<br />
Country:<br />
Italy<br />
Critical-digit time:<br />
16 Sec.<br />
Inter-digit time:<br />
4 Sec.<br />
Digit map:<br />
x.T<br />
Dial mask: 0<br />
Dial mode:<br />
DTMF<br />
Line Echo Cancellation (LEC): 16<br />
Jitter Delay:<br />
130 mSec.<br />
Voice Activity Detection (VAD): ON<br />
Off-hook time:<br />
250 mSec.<br />
On-hook time:<br />
350 mSec.<br />
Rx gain:<br />
-3.0 dB.<br />
Tx gain:<br />
+0.0 dB.<br />
Attached users:<br />
See also VOIP EP CREATE<br />
VOIP EP DISABLE<br />
VOIP EP DELETE<br />
VOIP EP ENABLE<br />
VOIP EP LIST<br />
VOIP EP SET<br />
VOIP EP SIGNALING ADD<br />
Syntax VOIP EP SIGNALING ADD PORT <br />
Description This command adds a previously created customized signaling to an existing
342 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
endpoint.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
port<br />
A name that identifies an existing<br />
customized signalling created with the<br />
VOIP EP SIGNALING CREATE command.<br />
To display the existing access port names,<br />
use the VOIP EP LIST command.<br />
A name that identifies an existing access<br />
port. To display the existing customized<br />
signalling use the VOIP EP SINALING LIST<br />
command.<br />
N/A<br />
N/A<br />
Example --> voip ep signaling add myring port prt0<br />
See also VOIP EP SIGNALING CREATE<br />
VOIP EP SIGANLING DELETE<br />
VOIP EP SIGANLING LIST<br />
VOIP EP SIGANLING REMOVE<br />
VOIP EP SIGANLING SHOW<br />
VOIP EP SIGNALING CREATE<br />
Syntax VOIP EP SIGNALING CREATE TYPE TIME-OUT <br />
FREQUENCY CADENCE <br />
Description This command creates a new entry in the customized signaling list. Each<br />
customized signaling must have a different . If the customized signaling<br />
already exists, an error message is raised.<br />
The type of the signaling, the used frequency and the cadence must be provided.<br />
The setting of a time-out is optional and is available only for the ring type.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
An arbitrary name that identifies the<br />
customized signaling port. It can be made<br />
up of one or more letters, digit or a<br />
combination of letters and digits. To display<br />
the existing access port names, use the<br />
VOIP EP LIST command.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 343<br />
type<br />
secs<br />
frequency<br />
cadence<br />
The class of the customized signalling.<br />
Valid values are:<br />
busy-tone<br />
dial-tone<br />
ring<br />
ringback-tone.<br />
Time interval expressed in seconds. Valid<br />
values are from 1 to 3600 seconds.<br />
One or more (up to three) tones separated<br />
by a “/” char. Each tones can be composed<br />
by one of the following combination of<br />
frequency:<br />
f1 - Single frequency<br />
f1xf2 - f1 is modulated by f2<br />
f1+f2 - f1 is a juxtaposition of f2<br />
Only one frequency can be set on a<br />
signalling with a type set to ring.<br />
Values are in Hz.<br />
A sequence of time intervals to specify if the<br />
signale must be present or not. Each time<br />
interval is prefixed by “+” or “-“ indicating,<br />
respectively, the signal issue or a pause.<br />
Sub-sequences may by provisioned<br />
specifying the number of cycles followed by<br />
the cadence inside brackets. The item<br />
“continuous” is available for infinite<br />
repetition or time. Values are in seconds.<br />
N/A<br />
N/A<br />
N/A<br />
N/A<br />
Example A customized dial tone with a single frequency of 440 Hz always present (with no<br />
pause).<br />
--> voip ep signaling create create dial1 type dial-tone frequency 440 cadence<br />
+continuous<br />
A customized dial tone with a modulated tone (240 Hz modulated by 450 Hz) with<br />
a cadence of +0.4 sec. on, 0.2 sec. off, 0.4 sec. on and 2..6 sec. off.<br />
--> voip ep signaling create create dial2 type dial-tone frequency 240x450 cadence<br />
+0.4-0.2+0.4-2.6<br />
A customized ringback tone with a sequence of three tones followed by a pause.<br />
The three tones are executed in order for 0.4 sec, 0.5 sec and 0.6 sec. The pause is 2.5<br />
sec.<br />
--> voip ep signaling create create rbt type ringback-tone frequency<br />
225x325/424x525/320+480 cadence +0.4+0.5+0.6-2..5<br />
A customized ring signal with a complext cadence. The ring is executed three times<br />
with a cadence of 0.5 sec. on and 0.5 sec. off followed by an infinite cadence of 1 sec<br />
on and 2 sec off. The timeout is set to 180 sec.
344 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
--> voip ep signaling create create myring type ring time-out 180 frequency 25<br />
cadence -3(+0.5-0.5)+continuous(+1.0-2.0)<br />
See also VOIP EP SIGNALING ADD<br />
VOIP EP SIGANLING DELETE<br />
VOIP EP SIGANLING LIST<br />
VOIP EP SIGANLING REMOVE<br />
VOIP EP SIGANLING SHOW<br />
VOIP EP IGNALING DELETE<br />
Syntax VOIP EP SIGNALING DELETE <br />
Description This command deletes an entry in the customized signaling list.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option<br />
name<br />
Description<br />
A name that identifies an existing<br />
customized signalling created with the<br />
VOIP EP SIGNALING CREATE command.<br />
To display the existing access port names,<br />
use the VOIP EP LIST command.<br />
Default Value<br />
N/A<br />
Example --> voip ep signaling create delete dial1<br />
See also VOIP EP SIGNALING ADD<br />
VOIP EP SIGANLING CREATE<br />
VOIP EP SIGANLING LIST<br />
VOIP EP SIGANLING REMOVE<br />
VOIP EP SIGANLING SHOW<br />
VOIP EP SIGNALING LIST<br />
Syntax VOIP EP SIGNALING LIST<br />
Description This command lists all the entries in the customized signaling list defined in the<br />
system using the VOIP EP SIGNALING CREATE command.<br />
The following information is displayed:<br />
• signaling entry ID value<br />
• signaling entry name<br />
• signaling entry type<br />
Example --> voip ep signaling list<br />
Custom Signaling Protocol items:
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 345<br />
ID | Name | Type<br />
-----|------------|---------------------------------------<br />
1 | mydial | dial-tone<br />
2 | mybusy | busy-tone<br />
3 | myring | cai<br />
-----|------------|---------------------------------------<br />
See also VOIP EP SIGNALING ADD<br />
VOIP EP SIGANLING CREATE<br />
VOIP EP SIGANLING DELETE<br />
VOIP EP SIGANLING REMOVE<br />
VOIP EP SIGANLING SHOW<br />
VOIP EP SIGNALING REMOVE<br />
Syntax VOIP EP SIGNALING REMOVE PORT <br />
Description This command removes a previously added customized signaling from an existing<br />
endpoint.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
port<br />
A name that identifies an existing<br />
customized signalling created with the<br />
VOIP EP SIGNALING CREATE command.<br />
To display the existing access port names,<br />
use the VOIP EP LIST command.<br />
A name that identifies an existing access<br />
port. To display the existing customized<br />
signalling use the VOIP EP SINALING LIST<br />
command.<br />
N/A<br />
N/A<br />
Example --> voip ep signaling remove myring port prt0<br />
See also VOIP EP SIGNALING ADD<br />
VOIP EP SIGANLING CREATE<br />
VOIP EP SIGANLING DELETE<br />
VOIP EP SIGANLING LIST<br />
VOIP EP SIGANLING SHOW<br />
VOIP EP SIGNALING SHOW<br />
Syntax VOIP EP SIGNALING SHOW <br />
Description This command shows a previously created customized signaling.<br />
The following information is displayed:
346 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
• signaling entry type<br />
• signaling entry time out<br />
• signaling entry frequency<br />
• signaling entry cadence<br />
• signaling entry attached endpoints<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing<br />
customized signalling created with the<br />
VOIP EP SIGNALING CREATE command.<br />
To display the existing access port names,<br />
use the VOIP EP LIST command.<br />
N/A<br />
Example --> voip ep signaling show mydial<br />
Custom Signaling Protocol item: mydial<br />
----------------------------------------------------------<br />
Type:<br />
dial-tone<br />
Time-Out:<br />
Frequency: 240x340/425x525/340+480 Hz.<br />
Cadence:<br />
-3(+0.5-0.5)+continuous(+1-1)<br />
Attached ports:<br />
tel1<br />
--><br />
See also VOIP EP SIGNALING ADD<br />
VOIP EP SIGANLING CREATE<br />
VOIP EP SIGANLING DELETE<br />
VOIP EP SIGANLING LIST<br />
VOIP EP SIGANLING REMOVE
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 347<br />
VoIP Lifeline Command <strong>Reference</strong><br />
This section describes the commands available on the Residential Gateway to<br />
manage the lifeline port (fxo port).<br />
The following commands are available only on AT-RG613TXJ model.<br />
voip lifeline CLI commands<br />
The table below lists the VOIP LIFELINE commands provided by the CLI:<br />
Command<br />
VOIP LIFELINE DISABLE<br />
VOIP LIFELINE ENABLE<br />
VOIP LIFELINE SHOW<br />
VOIP LIFELINE DISABLE<br />
Syntax VOIP LIFELINE DISABLE<br />
Description This command disable the lifeline feature and in this case the fxo port is used to<br />
offer gateway service.<br />
Outgoing call is forwarded to it on dial selection base, while incoming call may be<br />
forwarded to any internal and external user allowing destination re-dialling. A user,<br />
calling from PSTN, needs two phases to reach the destination; the first dialled<br />
number allows to gain the access to VoIP network and next selection have to be<br />
dialled to reach the final destinationadds a named access port and binds it to a<br />
physical access port.<br />
Example<br />
--> voip lifeline disable<br />
See also VOIP LIFELINE ENABLE<br />
VOIP LIFELINE SHOW<br />
VOIP LIFELINE ENABLE<br />
Syntax VOIP LIFELINE DISABLE<br />
Description This command enable the lifeline support.<br />
If it is enabled the system uses it as back-up line. Serious VoIP network failures like<br />
ethernet link down or location server/gatekeeper unreacheble bring outgoing call to<br />
be forwarded on the network terminated by fxo port. Incoming calls are forwarded<br />
only to local fxs ports.
348 Chapter 15 – VoIP Analogue and Digital Access Ports<br />
Example<br />
--> voip lifeline enable<br />
See also VOIP LIFELINE DISABLE<br />
VOIP LIFELINE SHOW<br />
VOIP LIFELINE SHOW<br />
Syntax VOIP LIFELINE SHOW<br />
Description This command shows the current lifeline status.<br />
See also VOIP LIFELINE DISABLE<br />
VOIP LIFELINE ENABLE
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 349<br />
Chapter 16<br />
VoIP SIP<br />
Introduction<br />
This chapter describes the main features of the SIP standard, the protocols<br />
supported, the implementation of the call processes in the AT-RG613, AT-RG623<br />
and AT-RG656 and how to configure and operate the AT-RG613, AT-RG623 and<br />
AT-RG656 to provide, or connect to, a VoIP Network.<br />
SIP Protocol<br />
SIP (Session Initiation Protocol) is a protocol developed to assist in providing<br />
advanced telephony services across the Internet. Internet telephony is evolving from<br />
its use as a ʺcheapʺ (but low quality) way to make international phone calls to a<br />
serious business telephony capability. SIP is one of a group of protocols required to<br />
ensure that this evolution can occur.<br />
SIP is part of the IETF standards process and is modeled upon other Internet<br />
protocols such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext<br />
Transfer Protocol.).<br />
It is used to establish, change and tear down (end) calls between one or more users<br />
in an IP-based network.<br />
In order to provide telephony services there is a need for a number of different<br />
standards and protocols to come together - specifically to ensure transport (RTP),<br />
signalling inter-working with today’s telephony network, to be able to guarantee<br />
voice quality (RSVP, YESSIR), to be able to provide directories (LDAP), to<br />
authenticate users (RADIUS, DIAMETER), and to scale to meet the anticipated<br />
growth curves.<br />
SIP is described as a control protocol for creating, modifying and terminating<br />
sessions with one or more participants. These sessions include Internet multimedia<br />
conferences, Internet (or any IP Network) telephone calls and multimedia<br />
distribution. Members in a session can communicate via multicast or via a mesh of<br />
unicast relations, or via a combination of these.
350 Chapter 16 – VoIP SIP<br />
SIP supports session descriptions that allow participants to agree on a set of<br />
compatible media types. It also supports user mobility by proxying and redirecting<br />
requests to the userʹs current location. SIP is not tied to any particular conference<br />
control protocol.<br />
In essence, SIP has to provide or enable the following functions:<br />
Name Translation and User Location<br />
Ensuring that the call reaches the called party wherever they are located. Carrying<br />
out any mapping of descriptive information to location information. Ensuring that<br />
details of the nature of the call (Session) are supported.<br />
• Feature Negotiation<br />
This allows the group involved in a call (this may be a multi-party call) to agree<br />
on the features supported – recognizing that not all the parties can support the<br />
same level of features. For example video may or may not be supported; as any<br />
form of MIME type is supported by SIP, there is plenty of scope for negotiation.<br />
• Call Participant Management<br />
During a call a participant can bring other users onto the call or cancel<br />
connections to other users. In addition, users could be transferred or placed on<br />
hold.<br />
• Call feature changes<br />
A user should be able to change the call characteristics during the course of the<br />
call. For example, a call may have been set up as ‘voice-only’, but in the course<br />
of the call, the users may need to enable a video function. A third party joining a<br />
call may require different features to be enabled in order to participate in the<br />
call<br />
Protocol Components<br />
There are two components within SIP. The SIP User Agent and the SIP Network<br />
Server. The User Agent is effectively the end system component for the call and the<br />
SIP Server is the network device that handles the signaling associated with multiple<br />
calls.<br />
The User agent itself has a client element, the User Agent Client (UAC) and a server<br />
element, the User Agent Server (UAS.) The client element initiates the calls and the<br />
server element answers the calls. This allows peer-to-peer calls to be made using a<br />
client-server protocol.<br />
The SIP Server element also provides for more than one type of server. There are<br />
effectively three forms of server that can exist in the network - the SIP stateful proxy<br />
server, the SIP stateless proxy server and the SIP re-direct server. The main function<br />
of the SIP servers is to provide name resolution and user location, since the caller is<br />
unlikely to know the IP address or host name of the called party. What will be<br />
available is perhaps an email-like address or a telephone number associated with<br />
the called party. Using this information, the caller’s user agent can identify with a<br />
specific server to ʺresolveʺ the address information – it is likely that this will involve<br />
many servers in the network.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 351<br />
A SIP proxy server receives requests, determines where to send these, and passes<br />
them onto the next server (using next hop routing principals). There can be many<br />
server hops in the network.<br />
The difference between a stateful and stateless proxy server is that a stateful proxy<br />
server remembers the incoming requests it receives, along with the responses it<br />
sends back and the outgoing requests it sends on.<br />
A stateless proxy server forgets all information once it has sent on a request. This<br />
allows a stateful proxy server to fork requests to try multiple possible user locations<br />
in parallel and only send the best responses back. Stateless Proxy servers are most<br />
likely to be the fast, backbone of the SIP infrastructure.<br />
Stateful proxy servers are then most likely to be the local devices close to the User<br />
Agents, controlling domains of users and becoming the prime platform for the<br />
application services.<br />
A re-direct server receives requests, but rather than passing these onto the next<br />
server it sends a response to the caller indicating the address for the called user. This<br />
provides the address for the caller to contact the called party at the next server<br />
directly.<br />
SIP addresses users by an email-like address. Each user is identified through a<br />
hierarchical URL that is built around elements such as a user’s phone number or<br />
host name (for example, SIP:user@company.com). Because of this similarity, SIP<br />
URLs are easy to associate with a user’s e-mail address.<br />
SIP provides its own reliability mechanism and is therefore independent of the<br />
packet layer and only requires an unreliable datagram service.<br />
SIP is typically used over UDP or TCP.<br />
SIP provides the necessary protocol mechanisms so that end systems and proxy<br />
servers can provide services:<br />
• User location<br />
• User capabilities<br />
• User availability<br />
• Call set-up<br />
• Call handling<br />
• Call forwarding, including<br />
• The equivalent of 700-, 800- and 900- type calls<br />
• Call-forwarding no answer<br />
• Call-forwarding busy<br />
• Call-forwarding unconditional<br />
• Other address-translation services<br />
• Callee and calling ʺnumberʺ delivery, where numbers can be any (preferably<br />
unique) naming scheme<br />
• Personal mobility, i.e., the ability to reach a called party under a single, locationindependent<br />
address even when the user changes terminals
352 Chapter 16 – VoIP SIP<br />
• Terminal-type negotiation and selection: a caller can be given a choice how to<br />
reach the party, e.g., via Internet telephony, mobile phone, an answering service,<br />
etc.<br />
• Terminal capability negotiation<br />
• Caller and callee authentication<br />
• Blind and supervised call transfer<br />
• Invitations to multicast conferences<br />
When a user wants to call another user, the caller initiates the call with an invite<br />
request. The request contains enough information for the called party to join the<br />
session. If the client knows the location of the other party it can send the request<br />
directly to their IP address. If not the client can send it to a locally configured SIP<br />
network server. If that server is a proxy server it will attempt to resolve the called<br />
user’s location and send the request to them. There are many ways it can do this,<br />
such as searching the DNS or accessing databases. Alternatively, the server may be a<br />
redirect server that may return the called user location to the calling client for it to<br />
try directly. During the course of locating a user, one SIP network server can, of<br />
course, proxy or redirect the call to additional servers until it arrives at one that<br />
definitely knows the IP address where the called user can be found.<br />
Once found, the request is sent to the user, and from there several options arise. In<br />
the simplest case, the user’s telephony client receives the request—that is, the user’s<br />
phone rings. If the user takes the call, the client responds to the invitation with the<br />
designated capabilities* of the client software and a connection is established. If the<br />
user declines the call, the session can be redirected to a voice mail server or to<br />
another user.<br />
ʺDesignated capabilitiesʺ refers to the functions that the user wants to invoke. The<br />
client software might support videoconferencing, for example, but the user may<br />
only want to use audio conferencing. Regardless, the user can always add<br />
functions—such as videoconferencing, white-boarding, or a third user—by issuing<br />
another invite request to other users on the link.<br />
SIP has two additional significant features. The first is a stateful SIP proxy server’s<br />
ability to split or ʺforkʺ an incoming call so that several extensions can be rung at<br />
once. The first extension to answer takes the call. This feature is handy if a user is<br />
working between two locations (a lab and an office, for example), or where someone<br />
is ringing both a boss and their secretary.<br />
The second significant feature is SIP’s unique ability to return different media types.<br />
Take the example of a user contacting a company. When the SIP server receives the<br />
client’s connection request, it can return to the customer’s phone client via a Web<br />
Interactive Voice Response page (IVR or could use the term Interactive Web<br />
Response or IWR), with the extensions of the available departments or users<br />
provided on the list. Clicking the appropriate link sends an invitation to that user to<br />
set up a call.<br />
SIP Messages<br />
A SIP request message consists of three elements:<br />
• Request Line<br />
• Header
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 353<br />
• Message Body<br />
A SIP response message consists of three elements:<br />
• Status Line<br />
• Header<br />
• Message Body<br />
The Request line and header field define the nature of the call in terms of services,<br />
addresses and protocol features. The message body is independent of the SIP<br />
protocol and can contain anything.<br />
SIP defines the following methods (SIP uses the term ‘method’ to describe the<br />
specification areas):<br />
• Invite<br />
• Bye<br />
• Options<br />
• Ack<br />
invites a user to join a call.<br />
terminates the call between two of the users on a call<br />
requests information on the capabilities of a server<br />
confirms that a client has received a final response to an INVITE<br />
• Register provides the map for address resolution, letting a server know the<br />
location of other users.<br />
• Cancel<br />
ends a pending request, but does not end the call<br />
• The INFO method, for mid-session signalling, is also being added Related<br />
Standards Activity.<br />
AT-RG613, AT-RG623 and AT-RG656 Call Processes<br />
The AT-RG613, AT-RG623 and AT-RG656 can communicate with the following<br />
devices:<br />
• Another VoIP terminal on the IP network, such as another AT-RG613, AT-RG623<br />
and AT-RG656.<br />
• Any LAN SIP endpoint on the IP network, for instance:<br />
• a Soft Phone<br />
• an IP phone directly connected to the IP network<br />
Calls Involving Another Terminal<br />
The following example shown in Figure 16 illustrates how to reach a phone or fax<br />
on another AT-RG613/AT-RG623TX terminal.
354 Chapter 16 – VoIP SIP<br />
SIP IP Phone<br />
VoIP Network<br />
Analog Phone<br />
(or Digital Phone)<br />
A<br />
B<br />
Analog Phone<br />
(or Digital Phone)<br />
AT-RG613<br />
(or AT-RG623)<br />
AT-RG613<br />
(or AT-RG623)<br />
SIP Server<br />
Figure 16. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone<br />
A user makes a call with the phone connected to an AT-RG613/AT-RG623, which in<br />
turn contacts another AT-RG613/ AT-RG623, which completes the connection to the<br />
phone which is attached to it.<br />
Calls Involving a Terminal and a SIP Endpoint<br />
The following examples illustrate how a phone connected to an AT-RG613/AT-<br />
RG623TX terminal can communicate with a LAN SIP endpoint on the IP network.<br />
Such endpoints could be:<br />
• a Soft Phone<br />
• an IP phone directly connected to the IP network<br />
A user makes a call with the phone connected to an AT-RG613/AT-RG623, which<br />
reaches the corresponding LAN SIP endpoint on the IP network (Figure 17).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 355<br />
SIP IP Phone<br />
VoIP Network<br />
Analog Phone<br />
(or Digital Phone)<br />
A<br />
B<br />
Analog Phone<br />
(or Digital Phone)<br />
AT-RG613<br />
(or AT-RG623)<br />
AT-RG613<br />
(or AT-RG623)<br />
SIP Server<br />
Figure 17. Phone --> AT-RG613/RG623 (A) --> SIP IP Phone<br />
VoIP SIP Servers, Users & Forwarding Database<br />
Introduction<br />
The VoIP SIP subsystem on AT-RG613, AT-RG623 and AT-RG656 residential<br />
gateways is based on the concept of SIP servers, local users, call forwarding rules<br />
and access ports.<br />
The following section describe SIP servers, local users and forwarding database.<br />
• SIP servers are servers where local users register themselves (Location Servers)<br />
and where calls are routed (Proxy Servers) when an outgoing call is going to be<br />
set up.<br />
• Users are entities uniquely identified in the system by a name with an associated<br />
phone number. The Userʹs phone number represents the userʹs address on the<br />
local system.<br />
• Forwarding rules are local call routing rules used to forward an incoming call on<br />
a local user to a remote system or to a remote user. Forwarding rules are also<br />
used for locally originated calls when the called party is not a local user and the<br />
call must be routed to a specific contact that typically is different from the proxy<br />
server.<br />
Definition of SIP servers, users, and optionally forwarding database rules, are three<br />
basic steps in correctly configuring the VoIP SIP subsystem (see Figure 18).
356 Chapter 16 – VoIP SIP<br />
Default Configuration<br />
SIP Signaling Protocol<br />
Configuration<br />
Access Port Creation<br />
Users Creation<br />
Location Servers<br />
Forwarding Database<br />
Access Port Config.<br />
Proxy Servers<br />
Users Binding<br />
Incoming/<br />
Outgoing Calls<br />
Figure 18. VoIP subsystem configuration - basic steps.<br />
SIP Servers<br />
Location Servers<br />
The SIP module needs to know where locally defined users attempt to register their<br />
contact in the network.<br />
The VOIP SIP LOCATIONSERVER CREATE command is used to set the location<br />
servers used to register users.<br />
Itʹs possible to define more that one location server in order to increase system<br />
reliability in case the first location server doesnʹt work or cannot be reached.<br />
The system will attempt to register the local users on all the location servers<br />
available in the location server list (see VOIP SIP LOCATIONSERVER LIST<br />
command) until the first registration phase achieves a positive result. Once a<br />
successful registration with a server has been achieved no further registration<br />
requests will be performed even if other location servers are defined.<br />
In the case that more than one location server is defined in the system, itʹs possible<br />
to set a location server as Master: all the registration requests will start from the<br />
master location server independently of the position of the server in the location<br />
servers list. In the case of registration failure on the Master server, the Location<br />
Server list will be used as server address table where registration requests will be<br />
sent.<br />
<br />
If no location servers are defined, the system starts trying to use the server<br />
addresses defined in the Proxy Server list as a location server.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 357<br />
<br />
If users are defined without specify the user domain (see VOIP SIP USER<br />
CREATE command), the user domain will be automatically associated to the<br />
location server address where the user has been registered.<br />
Proxy Servers<br />
The SIP module needs to know which proxy server must be used when an outgoing<br />
call cannot be processed by a local number or by a well defined forwarding rule but<br />
must resolved by an external proxy server.<br />
The VOIP SIP PROXYSERVER CREATE command is used to inform the system<br />
about the proxy servers that can be contacted when an outgoing call is going to be<br />
established.<br />
Similarly to location servers, itʹs possible to define more that one proxy server in<br />
order to increase system reliability in case the first proxy server doesnʹt work or<br />
cannot be reached.<br />
The system will attempt to contact all the proxy servers available in the proxy server<br />
list (see VOIP SIP PROXYSERVER LIST command) until the first server answers to<br />
the INVITE request. In that case no further INVITE requests are sent to the other<br />
proxy servers even if the called user cannot be reached.<br />
In the case that more than one proxy server is defined in the system, itʹs possible to<br />
set a proxy server as Master: all the INVITE requests will start from the master<br />
proxy server independently of the position of the server in the proxy servers list. In<br />
the case that the Master proxy server cannot be reached, the Proxy Server list will be<br />
used as server address table where INVITE requests will be sent.<br />
<br />
The Proxy Server is also used as registration server if no location servers are<br />
defined.<br />
<br />
If users are defined without specify the user domain (see VOIP SIP USER<br />
CREATE command) and no Location Servers are defined, the user domain will<br />
be automatically associated with the proxy server where the user has been<br />
registered.<br />
Users<br />
The system is designed to support up to 100 entries, shared between users and<br />
forwarding rules.<br />
Users are defined by the VOIP SIP USER CREATE command.<br />
Each user must have an associated user number, composed of an address number<br />
and, optionally, an area code number if a complete E.164 number must be defined.
358 Chapter 16 – VoIP SIP<br />
<br />
Note: In any given system there cannot exist two or more users with the same<br />
area code and address.<br />
In any given system it is allowable to have two or more users with the same<br />
address but different area code or no area code at all.<br />
Users may inform the VoIP network about the location (IP address) where they can<br />
be contacted by registering themselves on the location server defined in the VOIP<br />
SIP LOCATIONSERVER CREATE command. In this way, other endpoints on the<br />
VoIP network can contact each user by simply using the user address.<br />
The domain where users are members is the domain defined in the VOIP SIP USER<br />
CREATE command. If the DOMAIN is not defined, users will get as domain the<br />
address of the Location Server (or Proxy Server if no location servers are defined)<br />
where they are registered.<br />
To know the userʹs registration status use the VOIP SIP USER SHOW command.<br />
The user number used in the location registration messages is the complete user<br />
number: area code + address number.<br />
users and access port<br />
A user needs to be attached to at least one physical port in order to receive or to<br />
make a call.<br />
To attach a user to a physical port use the VOIP SIP USER ADD command.<br />
When a user receives a call, only the access lines where the user is attached are<br />
engaged by the communication.<br />
The same user may be attached to more than one access port. In this case when a call<br />
is made to that user, all the lines on which the user is attached will be used to signal<br />
the incoming call.<br />
To know the physical port where a user is attached, use the VOIP SIP USER SHOW<br />
command<br />
<br />
Note that physical access ports don’t have their own fixed phone number. They<br />
inherit the phone number from the user number of attached users.<br />
More than one user may be attached to the same physical access port and therefore<br />
more than one phone number can be associated to the same physical access port.<br />
If a user receives a call but the physical line where the user is attached is already<br />
involved in another communication (because it is used by another user), the call is<br />
rejected.<br />
When an outgoing call (in the direction user to VoIP network) is made and more<br />
than one user is attached on the access port being used to make the call, the identity<br />
of calling user is deemed to be the first user defined in the list of users attached to<br />
that port.<br />
To know which users are attached to a physical port, use the VOIP EP SHOW<br />
command. All the local users belong to the same domain.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 359<br />
When an access port is deleted from the system, all the users previously attached are<br />
removed from the port.<br />
Removing a user from a port, by using the VOIP SIP USER REMOVE command or<br />
by deleting the access port, results in an un-registration process from the location<br />
server defined during user creation phase.<br />
Forwarding Database (FDB)<br />
The forwarding database is a technical solution implemented on the Residential<br />
Gateway to redirect a call to a different destination address based on the called<br />
party number.<br />
The forwarding database is used by the signaling end-point layer every time the<br />
called end-point cannot be found among the local users. It is used both for<br />
incoming calls from the VoIP network or for outgoing calls generated locally and<br />
directed to a remote end-point.<br />
The forwarding database may collect up to 100 entries (including users).<br />
Forwarding entries are defined by the VOIP SIP FDB CREATE command.<br />
Each fdb entry is uniquely identified by a name and defines the conditions that a<br />
calls must satisfy in order to be routed to the end point specified by fdb entry<br />
parameters.<br />
• When the signaling end-point layer receives a call it retrieves the called end-point<br />
address (called number).<br />
o<br />
o<br />
Typically the called number is defined in the call signaling messages<br />
received from the network (in the To header).<br />
If the call is originated locally, the called number address is equal the dialed<br />
number (unless the anologue/digital endpoint as the dialmask set to a value<br />
different from 0).<br />
• The Called end-point address is searched for among the local user addresses to<br />
check if the recipient of the call is a user on the local system.<br />
• If the called end-point matches the address of a local user, the physical resource<br />
(analog or digital port) associated with the called user starts ringing (if the<br />
resource is available)<br />
• If the called number cannot be found among the local users, the forwarding<br />
database is scanned to look for all the entries matching the called number.<br />
The forwarding algorithm acts differently if the call is originated locally or the<br />
call is an incoming call:<br />
Local originated calls<br />
o<br />
If a match is found, the INVITE message is routed to the IP address defined<br />
in the CONTACT field of the matched fdb entry. The called user domain<br />
will be set to the DOMAIN value (optional) or to the CONTACT value (if no<br />
DOMAIN is specified) defined by the DOMAIN and CONTACT fields in the<br />
fdb entry respectively.
360 Chapter 16 – VoIP SIP<br />
If the fdb entry has defined the FWADDRESS field, the called number is<br />
changed from the dialed number to the number defined in the fdb entry<br />
FWADDRESS field. In this way itʹs possible to dial short numbers that will<br />
be replaced by full qualified numbers in the outgoing calls.<br />
By default, the calling user is the first user defined in the system that is<br />
attached to the outgoing physical port.<br />
o<br />
If no match is found in the forwarding database, the INVITE message is<br />
routed to the first available proxy server (starting from the Master proxy<br />
server if defined) using as called endpoint domain the same domain as the<br />
calling user.<br />
By default, the calling user is the first user defined in the system that is<br />
attached to the outgoing physical port.<br />
Incoming calls<br />
o<br />
If a match is found, a MOVED TEMPORARY message is sent back to the<br />
call originator reporting the contact address defined by the CONTACT field<br />
in the matched fdb entry.<br />
If the fdb entry has defined the FWADDRESS field, the called number is<br />
changed from the dialed number to the number defined in the fdb entry<br />
FWADDRESS field.<br />
o<br />
If no match is found in the forwarding database, the call is discharged.<br />
Address and digit-map<br />
The address field specified in fdb entries can be defined using digit map expressions.<br />
Digit map expressions are used to increase system flexibility when defining<br />
forwarding rules that must mach multiple addresses (the digit map is used also in<br />
the voip access port module).<br />
A digit map is defined either by a (case insensitive) ʺstringʺ or by a list of strings.<br />
Each string in the list is an alternative numbering scheme, specified either as a set of<br />
digits or as an expression to which the called address is compared by the signaling<br />
end-point layer to find the shortest possible match. The following constructs can be<br />
used in each digit map:<br />
Digit: A digit from ʹ0ʹ to ʹ9ʹ<br />
Wildcard: The symbol ʺxʺ which matches any digit (ʺ0ʺ to ʺ9ʺ).<br />
Range: One or more digit symbols enclosed between square brackets (ʺ[ʺ and<br />
ʺ]ʺ).<br />
Subrange: Two digits separated by hyphen (ʺ-ʺ) which matches any digit between<br />
and including the two. The subrange construct can only be used inside<br />
a range construct, i.e., between ʺ[ʺ and ʺ]ʺ.<br />
Position: A period (ʺ.ʺ), which matches an arbitrary number, including zero, of<br />
occurrences of the preceding, construct.<br />
Digit map expressions are typically used when managing locally originated calls.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 361<br />
In this case, using digit map expressions, it is possible to define a generic rule in<br />
such a way that all the calls are routed to a specific contact (e.g. the proxy server)<br />
that will be in charge of proceeding with the call routing.<br />
Digit map expressions are also useful for designing a small network without making<br />
use of any location servers or proxy servers or gatekeepers.
362 Chapter 16 – VoIP SIP<br />
VoIP SIP Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG 623 and<br />
AT-RG656 Residential Gateway to configure and manage the SIP protocol signaling<br />
module.<br />
VoIP sip protocol CLI commands<br />
The table below lists the VOIP SIP PROTOCOL commands provided by the CLI:<br />
Command<br />
VOIP SIP PROTOCOL DISABLE<br />
VOIP SIP PROTOCOL ENABLE<br />
VOIP SIP PROTOCOL RESTART<br />
VOIP SIP PROTOCOL SET DEFAULTPORT<br />
VOIP SIP PROTOCOL SET EXTENSION<br />
VOIP SIP PROTOCOL SET NAT<br />
VOIP SIP PROTOCOL SET NETINTERFACE<br />
VOIP SIP PROTOCOL SET ROUNDTRIPTIME<br />
VOIP SIP PROTOCOL SET SESSIONEXPIRE<br />
VOIP SIP PROTOCOL SHOW<br />
VOIP SIP PROTOCOL DISABLE<br />
Syntax VOIP SIP PROTOCOL DISABLE<br />
Description This command stops the VoIP SIP signalling protocol and releases all the resources<br />
associated to it.:<br />
• any analogue or digital port defined in the system is removed.<br />
• any user defined in the system is deleted.<br />
• any forwarding entry in the fdb is deleted.<br />
• any SIP server reference (location and proxy) is removed.<br />
This command is typically used when itʹs necessary to change the VoIP signalling<br />
protocol, i.e. from SIP to H323.<br />
To simply restart the SIP module, use the VOIP SIP PROTOCOL RESTART<br />
command. It doesnʹt remove any resources defined under the voip main module.<br />
To enable the SIP module, use the VOIP SIP PROTOCOL ENABLE command.<br />
Example --> voip sip protocol disable<br />
See also VOIP SIP PROTOCOL RESTART<br />
VOIP SIP PROTOCOL ENABLE.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 363<br />
VOIP SIP PROTOCOL ENABLE<br />
Syntax VOIP SIP PROTOCOL ENABLE<br />
Description This command turns on the SIP signaling module.<br />
To bind the SIP module to a specific IP interface use the VOIP SIP PROTOCOL SET<br />
INTERFACE command.<br />
<br />
Binding the SIP module to a specific IP interface defines the value of the<br />
source IP address for signallng and voice packets. SIP URLs with local<br />
reference offer the hostname and the IP address belonging the provisioned<br />
interface.<br />
<br />
The SIP module MUST be enabled in order to create/set analog/digital<br />
ports, users, call forwarding rules and SIP servers..<br />
Example<br />
--> voip sip protocol enable<br />
See also VOIP SIP PROTOCOL SHOW<br />
VOIP SIP PROTOCOL DISABLE<br />
VOIP SIP PROTOCOL RESTART<br />
Syntax<br />
VOIP SIP PROTOCOL RESTART<br />
Description This command restarts the VoIP SIP signaling protocol module.<br />
Any pending and active calls are released.<br />
Users previously registered to location servers start to unregister themselves and<br />
then re-register. on the same location servers.<br />
This command doesnʹt release any resources (users, physical ports and fdb entries)<br />
previously created during module configuration.<br />
Example --> voip sip protocol restart<br />
See also VOIP SIP PROTOCOL ENABLE<br />
VOIP SIP PROTOCOL SET DEFAULTPORT<br />
Syntax VOIP SIP PROTOCOL SET DEFAULTPORT <br />
Description This command sets the default listening/sending port used for SIP signaling
364 Chapter 16 – VoIP SIP<br />
messages.<br />
By default, when the SIP module is attached to an IP interface using theVOIP SIP<br />
PROTOCOL SET NETINTERFACE command, the following default value is used:<br />
• defaultport: 5060<br />
<br />
Changing the signaling port causes the SIP module to restart.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ipport<br />
UDP/TCP port number used for signalling<br />
messages.<br />
Available values are from 1026 to 65534.<br />
Only even values can be accepted<br />
5060<br />
Example --> voip sip protocol set defaultport 5060<br />
See also VOIP SIP PROTOCOL ENABLE<br />
VOIP SIP PROTOCOL SET EXTENSION<br />
Syntax VOIP SIP PROTOCOL SET EXTENSION <br />
Description This command sets the protocol features extended by the protocol.<br />
<br />
100rel and Session Timer are always supported when requested; setting<br />
“session-timer” the user agent explicitly requires this keep-alive<br />
mechanism. Info method overlaps the event transfer supported by RTP<br />
sessions.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
extension<br />
extensions is a comma separated list of<br />
values defining the protocol extension.<br />
Available values are:<br />
info<br />
session-timer<br />
none<br />
none<br />
Example --> voip sip protocol set extension session-timer
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 365<br />
See also VOIP SIP PROTOCOL SHOW<br />
VOIP SIP PROTOCOL SET NAT<br />
Syntax VOIP SIP PROTOCOL SET NAT {NONE | }<br />
Description This command sets the NAT host reference. Any SIP URLs with local reference is<br />
hidden by the NAT address value.<br />
<br />
Changing the NAT reference causes the SIP module to restart.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
host<br />
The address that must displayed in the local<br />
SIP URL references.<br />
It can be expressed in hostname format or<br />
IPv4 format.<br />
A Hostname can be a maximum of 255<br />
characters long.<br />
None<br />
Example --> voip sip protocol set nat 10.17.90.110<br />
--> voip sip protocol set nat at-rg600.voip.atkk.com<br />
See also VOIP SIP PROTOCOL ENABLE<br />
VOIP SIP PROTOCOL SET NETINTERFACE<br />
Syntax VOIP SIP PROTOCOL SET NETINTERFACE <br />
Description This command sets the IP interface used to access the VoIP network.<br />
• Signaling and voice packets will use the Source IP address defined for the<br />
selected interface.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
interface_name<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
N/A<br />
Example --> voip sip protocol set netinterface ip0<br />
See also VOIP SIP PROTOCOL ENABLE
366 Chapter 16 – VoIP SIP<br />
VOIP SIP PROTOCOL SET ROUNDTRIPTIME<br />
Syntax VOIP SIP PROTOCOL SET ROUNDTRIPTIME <br />
Description This command sets the maximum time between the trasmission of a packet and the<br />
reception of the response. If the time expires, protocol primitives are retransmitted.<br />
Retransmission of protocol primitives are useful in case of unreliable transports like<br />
UDP to recover errors in transactions.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
msec<br />
The round trip time in milliseconds.<br />
Acceptable values are from 500 to 4000<br />
msecs.<br />
500<br />
Example --> voip sip protocol set roundtriptime 1000<br />
See also VOIP SIP PROTOCOL ENABLE<br />
VOIP SIP PROTOCOL SET SESSIONEXPIRE<br />
Syntax VOIP SIP PROTOCOL SET SESSIONEXPIRE <br />
Description This command sets the largest amount of time that can occur between session<br />
refresh in dialog before the session will be considered timed out..<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
secs<br />
The session expire time in seconds.<br />
Available values are from 30 to 86400 secs<br />
(24 hours).<br />
1800<br />
Example --> voip sip protocol set sessionexpire 180<br />
See also VOIP SIP PROTOCOL SHOW<br />
VOIP SIP PROTOCOL SHOW<br />
Syntax VOIP SIP PROTOCOL SHOW<br />
Description This command displays basic SIP module configuration parameters set by the VOIP
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 367<br />
SIP PROTOCOL SET commands.<br />
Example --> voip sip protocol show<br />
Gateway base protocol: SIP<br />
------------------------------------------------------------<br />
Network interface:<br />
ip0<br />
Default port: 5060<br />
NAT: 10.17.90.110<br />
Round-trip time:<br />
1000 msecs.<br />
Session expire time:<br />
1800 secs.<br />
Extension features:<br />
none<br />
See also VOIP SIP PROTOCOL ENABLE<br />
VOIP SIP PROTOCOL SET MEDIAPORT<br />
VOIP SIP PROTOCOL SET EXTENSION
368 Chapter 16 – VoIP SIP<br />
VoIP SIP Locationserver Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the VoIP SIP<br />
Locationserver module.<br />
voip sip locationserver CLI commands<br />
The table below lists the VOIP SIP LOCATIONSERVER commands provided by the<br />
CLI:<br />
Command<br />
VOIP SIP LOCATIONSERVER CREATE<br />
VOIP SIP LOCATIONSERVER DELETE<br />
VOIP SIP LOCATIONSERVER LIST<br />
VOIP SIP LOCATIONSERVER SET MASTER<br />
VOIP SIP LOCATIONSERVER CREATE<br />
Syntax VOIP SIP LOCATIONSERVER CREATE CONTACT <br />
Description This command creates a new entry in the location servers list. Each location server<br />
must have a different . If the location server already exists, an error message<br />
is raised.<br />
This command is accepted only if the SIP module is already running. See the VOIP<br />
SIP PROTOCOL ENABLE command to turn on the SIP module.<br />
This command doesn’t set the master location server. To define a location server as<br />
master use the VOIP SIP LOCATIONSERVER SET MASTER command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
host<br />
An arbitrary name that identifies the<br />
location server. The name must not be<br />
present already.<br />
The name can be a maximum of 16<br />
characters long; cannot start with a digit<br />
and cannot contain dots ʹ.ʹ or slash symbols<br />
ʹ/ʹ.<br />
The hostname or IPv4 address of the<br />
location server where registrations are sent<br />
host can be a maximum of 256 chars long<br />
(when using hostname format).<br />
N/A<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 369<br />
port<br />
transport<br />
The UDP/TCP port on the location server to<br />
which signalling messages are sent.<br />
The protocol used to transport the<br />
signalling messages to the location server.<br />
Possible values are:<br />
udp<br />
tcp<br />
5060<br />
udp<br />
Example<br />
--> voip sip locationserver create default contact 192.168.102.3<br />
See also VOIP SIP LOCATIONSERVER LIST<br />
VOIP SIP LOCATIONSERVER SHOW<br />
VOIP SIP LOCATIONSERVER DELETE<br />
Syntax VOIP SIP LOCATIONSERVER DELETE <br />
Description This command deletes a single location server created using the VOIP SIP<br />
LOCATIONSERVER CREATE command.<br />
To show the list of existing location servers, use the VOIP SIP LOCATIONSERVER<br />
LIST command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing location<br />
server (it can also be the ID value associated<br />
with the location server). To display the<br />
existing location servers, use the VOIP SIP<br />
LOCATIONSERVER LIST command.<br />
N/A<br />
Example --> voip sip locationserver delete backuplocserv<br />
See also VOIP SIP LOCATIONSERVER CREATE<br />
VOIP SIP LOCATIONSERVER LIST<br />
VOIP SIP LOCATIONSERVER SHOW<br />
VOIP SIP LOCATIONSERVER LIST<br />
Syntax VOIP SIP LOCATIONSERVER LIST<br />
Description This command lists information about location servers that were added using the<br />
VOIP SIP LOCATIONSERVERS CREATE command. The following information is<br />
displayed:
370 Chapter 16 – VoIP SIP<br />
• server ID numbers<br />
• server names<br />
• Master: whether the server has been set as Master or not. A star symbol<br />
in the field identifies the server as the current location server where local user are<br />
registered.<br />
• Contact: the IP address (IPv4 or hostname format) of the location server<br />
<br />
Note: If a name is longer than 32 chars, the name is shown in a short format<br />
(only the initial part of the name is displayed). To show the full name use the<br />
VOIP SIP LOCATIONSERVER SHOW command, specifying the server ID<br />
instead of server name.<br />
Example<br />
--> voip sip location list<br />
ID | Name | Master | Contact<br />
-----|------------|----------|--------------------------------------------<br />
1 | default | false * | 192.168.1.2<br />
--------------------------------------------------------------------------<br />
See also VOIP SIP LOCATIONSERVER CREATE<br />
VOIP SIP LOCATIONSERVER SHOW<br />
VOIP SIP LOCATIONSERVER SET MASTER<br />
Syntax VOIP SIP LOCATIONSERVER SET MASTER<br />
Description This command sets a location server as Master. If another location server was set<br />
Master previously, the flag Master is removed from the old one.<br />
To show the list of existing location servers, use the VOIP SIP LOCATIONSERVER<br />
LIST command.<br />
Example --> voip sip locationserver set backuplocserv master<br />
See also VOIP SIP LOCATIONSERVER CREATE<br />
VOIP SIP LOCATIONSERVER LIST<br />
VOIP SIP LOCATIONSERVER SHOW
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 371<br />
VoIP SIP Proxyserver Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the VoIP SIP<br />
Proxyserver module.<br />
voip sip proxyserver CLI commands<br />
The table below lists the VOIP SIP PROXYSERVER commands provided by the CLI:<br />
Command<br />
VOIP SIP PROXYSERVER CREATE<br />
VOIP SIP PROXYSERVER DELETE<br />
VOIP SIP PROXYSERVER LIST<br />
VOIP SIP PROXYSERVER SET MASTER<br />
VOIP SIP PROXYSERVER CREATE<br />
Syntax VOIP SIP PROXYSERVER CREATE CONTACT <br />
Description This command creates a new entry in the proxy servers list. Each proxy server must<br />
have a different . If the proxy server already exists, an error message is<br />
raised.<br />
This command is accepted only if the SIP module is already running. See the VOIP<br />
SIP PROTOCOL ENABLE command to turn on the SIP module.<br />
This command doesn’t set the master proxy server. To define a proxy server as<br />
master use the VOIP SIP PROXYSERVER SET MASTER command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
host<br />
port<br />
An arbitrary name that identifies the proxy<br />
server. The name must not be present<br />
already.<br />
The name can be a maximum of 16<br />
characters long; cannot start with a digit<br />
and cannot contain dots ʹ.ʹ or slash symbols<br />
ʹ/ʹ.<br />
The hostname or Ipv4 address of the proxy<br />
server where signaling messages are sent<br />
host can be a maximum of 256 chars long<br />
(when using hostname format).<br />
The UDP/TCP port on the proxy server to<br />
which signalling messages are sent.<br />
N/A<br />
N/A<br />
5060
372 Chapter 16 – VoIP SIP<br />
transport<br />
The protocol used to transport the<br />
signalling messages to the proxy server.<br />
Possible values are:<br />
udp<br />
tcp<br />
udp<br />
Example<br />
--> voip sip proxy create default contact 192.168.102.3<br />
See also VOIP SIP PROXYSERVER LIST<br />
VOIP SIP PROXYSERVER SHOW<br />
VOIP SIP PROXYSERVER DELETE<br />
Syntax VOIP SIP PROXYSERVER DELETE <br />
Description This command deletes a single proxy server created using the VOIP SIP<br />
PROXYSERVER CREATE command.<br />
To show the list of existing proxy servers, use the VOIP SIP PROXYSERVER LIST<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name that identifies an existing proxy<br />
server (it can also be the ID value associated<br />
with the proxy server). To display the<br />
existing proxy servers, use the VOIP SIP<br />
PROXYSERVER LIST command.<br />
N/A<br />
Example --> voip sip proxyserver delete backuplocserv<br />
See also VOIP SIP PROXYSERVER CREATE<br />
VOIP SIP PROXYSERVER LIST<br />
VOIP SIP PROXYSERVER SHOW<br />
VOIP SIP PROXYSERVER LIST<br />
Syntax VOIP SIP PROXY LIST<br />
Description This command lists information about proxy servers that were added using the<br />
VOIP SIP PROXYSERVER CREATE command. The following information is<br />
displayed:<br />
• server ID numbers
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 373<br />
• server names<br />
• Master: whether the server has been set as Master or not. A star symbol in the<br />
field identifies the server as the currect proxy server used by outgoing calls.<br />
• Contact: the IP address (IPv4 or hostname format) of the proxy server<br />
<br />
Note: If a name is longer than 32 chars, the name is shown in a short format<br />
(only the initial part of the name is displayed). To show the full name use the<br />
VOIP SIP PROXYSERVER SHOW command, specifying the server ID instead of<br />
server name.<br />
Example<br />
--> voip sip proxyserver list<br />
ID | Name | Master | Contact<br />
-----|------------|----------|--------------------------------------------<br />
1 | default | false * | 192.168.1.2<br />
--------------------------------------------------------------------------<br />
See also VOIP SIP PROXYSERVER CREATE<br />
VOIP SIP PROXYSERVER SHOW<br />
VOIP SIP PROXYSERVER SET MASTER<br />
Syntax VOIP SIP PROXYSERVER SET MASTER<br />
Description This command sets a proxy server as Master. If another proxy server was set Master<br />
previously, the flag Master is removed from the old one.<br />
To show the list of existing proxy servers, use the VOIP SIP PROXYSERVER LIST<br />
command.<br />
Example --> voip sip proxyserver set backuplocserv master<br />
See also VOIP SIP PROXYSERVER CREATE<br />
VOIP SIP PROXYSERVER LIST<br />
VOIP SIP PROXYSERVER SHOW
374 Chapter 16 – VoIP SIP<br />
VoIP SIP User Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the VoIP SIP User<br />
module.<br />
voip sip user CLI commands<br />
The table below lists the VOIP SIP USER commands provided by the CLI:<br />
Command<br />
VOIP SIP USER ADD<br />
VOIP SIP USER CREATE<br />
VOIP SIP USER DELETE<br />
VOIP SIP USER LIST<br />
VOIP SIP USER REMOVE<br />
VOIP SIP USER SHOW<br />
VOIP SIP USER ADD<br />
Syntax VOIP SIP USER ADD PORT <br />
Description This command attaches a user created with the command VOIP SIP USER CREATE<br />
to a named port created with the command VOIP EP CREATE.<br />
As soon as this command is entered, the registration phase starts.<br />
<br />
The system tries to register the user with the location server specified by<br />
the VOIP SIP LOCATIONSERVER CREATE command. If no location<br />
servers are defined, the system tries to register the user with the proxy<br />
server specified by the VOIP SIP PROXYSERVER CREATE command. If no<br />
proxy server are defined, registration phase is not performed until a<br />
location server or proxy server is added to the SIP module.<br />
To display the userʹs registration status and port association use the VOIP SIP USER<br />
SHOW command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
username<br />
A name that identifies an existing user (it<br />
can be also the ID value associated with the<br />
user name). To display the existing users,<br />
use the VOIP SIP USER LIST command.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 375<br />
portname<br />
A name that identifies an existing port. To<br />
display the existing ports, use the VOIP EP<br />
LIST command.<br />
N/A<br />
Example --> voip sip user add MrBrown port fxs0<br />
See also VOIP SIP USER ADD<br />
VOIP SIP USER CREATE<br />
VOIP SIP USER DELETE<br />
VOIP SIP USER LIST<br />
VOIP SIP USER REMOVE<br />
VOIP SIP USER SHOW<br />
VOIP EP LIST<br />
VOIP SIP USER CREATE<br />
Syntax VOIP SIP USER CREATE ADDRESS [AREACODE ]<br />
[AUTHENTICATION ] [DOMAIN ] [TRANSPORT<br />
]<br />
Description This command creates a new entry in the users list. Each user must have a different<br />
. If the user already exists, an error message is raised.<br />
This command is accepted only if the SIP module is already running. See the VOIP<br />
SIP PROTOCOL ENABLE command to turn on the SIP module.<br />
This command doesn’t bind the user to a physical access port. In order to inform the<br />
system that the user is attached to a specific physical port, the VOIP SIP USER ADD<br />
command must be used.<br />
<br />
If the DOMAIN parameter is not specified, the user domain is set equal to<br />
the location server address (if defined) or proxyserver address (if location<br />
server is not defined).<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
username<br />
digit-map<br />
An arbitrary name that identifies the user.<br />
The name must not be present already.<br />
The username can be a maximum of 16<br />
characters long; cannot start with a digit<br />
and cannot contain dots ʹ.ʹ or slash symbols<br />
ʹ/ʹ.<br />
The phone number (E.164) used to reach the<br />
user.<br />
The address can be 32 characters long.<br />
N/A<br />
N/A
376 Chapter 16 – VoIP SIP<br />
area-number<br />
login<br />
password<br />
host<br />
transport<br />
The prefix number to be dialed before the<br />
destination number. Valid characters are<br />
only numerical characters. The area number<br />
can be a maximum of 10 digits long.<br />
The user name used during the<br />
authentication phase. The login can be a<br />
maximum of 32 characters long.<br />
The same rules defined for the username<br />
field also apply here, except the login can<br />
start with a digit.<br />
The password used during the<br />
authentication phase. The password can be<br />
a maximum of 16 characters long.<br />
The same rules defined for the username<br />
field also apply here, except the password<br />
can start with a digit.<br />
The domain address in hostname format or<br />
IPv4 format.<br />
The domain can be a maximum of 255<br />
characters long.<br />
The transport protocol used to contact the<br />
user. Valid values are:<br />
udp<br />
tcp<br />
empty<br />
empty<br />
empty<br />
empty<br />
udp<br />
Example<br />
--> voip sip user create MrBrown address 12345 locationserver 192.168.102.3<br />
See also VOIP SIP USER ADD<br />
VOIP SIP USER CREATE<br />
VOIP SIP USER DELETE<br />
VOIP SIP USER LIST<br />
VOIP SIP USER REMOVE<br />
VOIP SIP USER SHOW<br />
VOIP SIP USER DELETE<br />
Syntax VOIP SIP USER DELETE <br />
Description This command deletes a single user created using the VOIP SIP USER CREATE<br />
command.<br />
To show the list of existing users, use the VOIP SIP USER LIST command.<br />
As soon this command is entered, the deregistration phase starts (REGISTER<br />
request) to the location server (registar) removing the user from the user list on the<br />
server.<br />
Options The following table gives the range of values for each option which can be specified
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 377<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
username<br />
A name that identifies an existing user (it<br />
can also be the ID value associated with the<br />
user name). To display the existing users,<br />
use the VOIP SIP USER LIST command.<br />
N/A<br />
Example --> voip sip user delete MrBrown<br />
See also VOIP SIP USER ADD<br />
VOIP SIP USER CREATE<br />
VOIP SIP USER DELETE<br />
VOIP SIP USER LIST<br />
VOIP SIP USER REMOVE<br />
VOIP SIP USER SHOW<br />
VOIP SIP USER LIST<br />
Syntax VOIP SIP USER LIST<br />
Description This command lists information about users that were added using the VOIP SIP<br />
USER CREATE command. The following information is displayed:<br />
• user ID numbers<br />
• user names<br />
• Area Codes<br />
• Addresses<br />
<br />
Note: If a user name is longer than 32 chars, the name is shown in a short format<br />
(only the initial part of the name is displayed). To show the full name use the<br />
VOIP SIP USER SHOW command, specifying the user ID instead of user name.<br />
Example<br />
--> voip sip user list<br />
ID | Name | Area Code | Address<br />
---- |------------|------------------|------------------------------------<br />
1 | MrBrown | | 12345<br />
---- |------------|------------------|------------------------------------<br />
See also VOIP SIP USER ADD<br />
VOIP SIP USER CREATE<br />
VOIP SIP USER DELETE<br />
VOIP SIP USER LIST<br />
VOIP SIP USER REMOVE<br />
VOIP SIP USER SHOW
378 Chapter 16 – VoIP SIP<br />
VOIP SIP USER REMOVE<br />
Syntax VOIP SIP USER REMOVE PORT <br />
Description This command remove a single user from the port where it was added with the<br />
VOIP SIP USER ADD command.<br />
Removing a user from a port results in an un-registration request to the location<br />
server.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
username<br />
portname<br />
A name that identifies an existing user (it<br />
can also be the ID value associated with the<br />
user name). To display the existing users,<br />
use the VOIP SIP USER LIST command.<br />
A name that identifies an existing port. To<br />
know the ports where the user is added, use<br />
the VOIP SIP USER SHOW command.<br />
N/A<br />
N/A<br />
Example --> voip sip user remove MrBrown port fxs0<br />
See also VOIP SIP USER ADD<br />
VOIP SIP USER CREATE<br />
VOIP SIP USER DELETE<br />
VOIP SIP USER LIST<br />
VOIP SIP USER REMOVE<br />
VOIP SIP USER SHOW<br />
VOIP SIP USER SHOW<br />
Syntax VOIP SIP USER SHOW <br />
Description This command displays the following information about a named user:<br />
• Address<br />
• Area Code<br />
• Domain<br />
• Authetication (login:password)<br />
• Transport<br />
• Attached ports<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 379<br />
Option Description Default Value<br />
username<br />
A name that identifies an existing user. To<br />
display the existing users, use the VOIP SIP<br />
USER LIST command.<br />
N/A<br />
Example --> voip sip user show MrBrown<br />
Gateway user: MrBrown<br />
--------------------------------------------------------------<br />
Address: 12345<br />
Area Code (AC):<br />
Domain: 192.168.102.3<br />
Authentication: charlie:123charlie<br />
Transport:<br />
State:<br />
registered (expire time: 2864 Sec.)<br />
Attached ports: port0<br />
See also VOIP SIP USER ADD<br />
VOIP SIP USER CREATE<br />
VOIP SIP USER DELETE<br />
VOIP SIP USER LIST<br />
VOIP SIP USER REMOVE<br />
VOIP SIP USER SHOW
380 Chapter 16 – VoIP SIP<br />
VoIP SIP FDB Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to configure and manage the FDB module.<br />
voip sip fdb CLI commands<br />
The table below lists the VOIP SIP FDB commands provided by the CLI:<br />
Command<br />
VOIP SIP FDB CREATE<br />
VOIP SIP FDB DELETE<br />
VOIP SIP FDB LIST<br />
VOIP SIP FDB SHOW<br />
VOIP SIP FDB CREATE<br />
Syntax VOIP SIP FDB CREATE ADDRESS CONTACT <br />
[DOMAIN ] [FWADDRESS ]<br />
Description This command creates a new entry in the forwarding database (FDB).<br />
ADDRESS is the called address expected to be received from the calling end-point in<br />
order to forward the call to the CONTACT.<br />
CONTACT is the host reference where the call is forwarded. The contact-host part is<br />
the default to form the URL domain (Request-URI, From and To fields).<br />
The flag proxy modifies the rule to make the Request-URI: if it is present then the<br />
Request-URI domain gets the value from the contact-host part of CONTACT<br />
parameter otherwise the current call domain will be used.<br />
The DOMAIN assigns the call domain and it is used to format the ʺToʺ and ʺFromʺ<br />
headers. It is optional and the contact host part is used if it is not set.<br />
The FWADDRESS replaces the destination address of the call. It is optional and it is<br />
used to make a short selection rule (e.g. dialed number 01 corresponds to<br />
00390224141121)<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
An arbitrary name that identifies this<br />
specific fdb rule. The name must not be<br />
present already.<br />
The fdb name can be a maximum of 16<br />
characters long.<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 381<br />
digit-map<br />
contact-host<br />
port<br />
transport<br />
proxy<br />
host<br />
tel-number<br />
The called user address (i.e. phone number)<br />
expected to be received.<br />
It can be a digit map expression as<br />
described in section 0.<br />
The digit-map can be a maximum of 32<br />
chars long.<br />
The hostname or IPv4 address of the remote<br />
end-point where call must be routed.<br />
Contact-host can be a maximum of 256<br />
chars long (when using hostname format).<br />
The UDP/TCP port on the contact host to<br />
which signalling messages are sent.<br />
The protocol used to transport the<br />
signalling messages to the contact host.<br />
Possible values are:<br />
udp<br />
tcp<br />
If proxy is specified, the contact host is<br />
considered to be a proxy server, otherwise<br />
the contact-host is considered to be another<br />
SIP end-point (e.g. another AT-RG613, AT-<br />
RG623 and AT-RG656 unit)<br />
The domain assigned to the redirected call.<br />
It can be a hostname or IPv4 address.<br />
Host can be a maximum of 256 chars long<br />
(when using hostname format).<br />
Is the new number to which the call is<br />
redirected.<br />
N/A<br />
N/A<br />
5060<br />
udp<br />
none<br />
N/A<br />
N/A<br />
Example<br />
--> voip sip fdb create default address 9x. contact 192.168.1.10 domain<br />
voip.atkk.com<br />
See also VOIP SIP FDB LIST<br />
VOIP SIP FDB SHOW<br />
VOIP SIP FDB DELETE<br />
Syntax VOIP SIP FDB DELETE <br />
Description This command deletes a single fdb entry created using the VOIP SIP FDB CREATE<br />
command.<br />
To show the list of existing FDB entries, use the VOIP SIP FDB LIST command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).
382 Chapter 16 – VoIP SIP<br />
Option Description Default Value<br />
name<br />
A name (or the ID value) that identifies an<br />
existing user in the forwarding database. To<br />
display the existing FDB entries, use the<br />
VOIP SIP FDB LIST command.<br />
N/A<br />
Example --> voip sip fdb delete default<br />
See also VOIP SIP FDB CREATE<br />
VOIP SIP FDB LIST<br />
VOIP SIP FDB LIST<br />
Syntax VOIP SIP FDB LIST<br />
Description This command lists information about FDB entries added using the VOIP SIP FDB<br />
CREATE command.<br />
The following information is displayed:<br />
• FDB entry ID numbers<br />
• FDB entry names<br />
• FDB entry Address<br />
<br />
Note: If an fdb name is longer than 32 chars, the name is shown in a short<br />
format (only the initial part of the name is displayed). To show the full name use<br />
the VOIP SIP FDB SHOW command, specifying the user ID instead of user<br />
name.<br />
Example --> voip sip fdb list<br />
Gateway forwarding database:<br />
ID | Name | Address<br />
----|------------|---------------------<br />
1 | pstn | 9x.<br />
---------------------------------------<br />
See also VOIP SIP FDB CREATE<br />
VOIP SIP FDB SHOW<br />
VOIP SIP FDB SHOW<br />
Syntax VOIP SIP FDB SHOW <br />
Description This command lists information about a named FDB entry added to the forwarding<br />
data base using the VOIP SIP FDB CREATE command. The following information is<br />
displayed:<br />
• Address
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 383<br />
• Domain<br />
• Contact<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name (or the ID value) that identifies an<br />
existing user in the forwarding database. To<br />
display the existing FDB entries, use the<br />
VOIP SIP FDB LIST command.<br />
N/A<br />
Example --> voip sip fdb show MrJohn<br />
Gateway forwarding database entry: MrJohn<br />
----------------------------------------------<br />
Address: 2010<br />
Area Code (AC):<br />
Domain: 192.168.0.5<br />
Contact: 10.17.90.51<br />
See also VOIP SIP FDB LIST
384 Chapter 17 – VoIP H323<br />
Chapter 17<br />
VoIP H323<br />
Introduction<br />
This chapter describes the main features of H.323 standard, the protocols supported,<br />
the implementation of the call processes in the AT-RG613, AT-RG623 and AT-<br />
RG656 and how to configure and operate the AT-RG613, AT-RG623 and AT-RG656<br />
to provide, or connect to, a VoIP Network.<br />
H.323 Protocols<br />
H.323 is a standard that specifies the components, protocols and procedures that<br />
provide multimedia communication services, real-time audio, video, and data<br />
communications over packet networks (see Figure 19), including Internet protocol<br />
(IP) based networks. H.323 is part of a family of ITU–T recommendations called<br />
H.32x that provides multimedia communication services over a variety of networks.<br />
Packet-based networks include IP based (including the Internet) or Internet packet<br />
exchange (IPX) based local-area networks (LANs), enterprise networks (ENs),<br />
metropolitan-area networks (MANs), and wide area networks (WANs). H.323 can<br />
be applied in a variety of mechanisms audio only (IP telephony); audio and video<br />
(video telephony); audio and data; and audio, video and data. H.323 can also be<br />
applied to multipoint-multimedia communications. H.323 provides myriad services<br />
and, therefore, can be applied in a wide variety of areas consumer, business, and<br />
entertainment applications.<br />
Packet Network (IP)<br />
H323<br />
H323 Terminal<br />
H323 Terminal
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 385<br />
Figure 19. H.323 Terminals on a Packet Network<br />
H.323 Components<br />
The H.323 standard specifies four kinds of components, which, when networked<br />
together, provide the point-to-point and point-to-multipoint multimediacommunication<br />
services:<br />
• terminals<br />
• gateways<br />
• gatekeepers<br />
• multipoint control units (MCUs)<br />
Terminals<br />
Used for real-time bi-directional multimedia communications, an H.323 terminal<br />
can either be a personal computer (PC) or a stand-alone device, running an H.323<br />
and the multimedia applications. It supports audio communications and can<br />
optionally support video or data communications.<br />
Because the basic service provided by an H.323 terminal is audio communications,<br />
an H.323 terminal plays a key role in IP–telephony services. An H.323 terminal can<br />
either be a PC or a stand-alone device, running an H.323 stack and multimedia<br />
applications.<br />
The primary goal of H.323 is to interwork with other multimedia terminals. H.323<br />
terminals are compatible with H.324 terminals on SCN and wireless networks,<br />
H.310 terminals on B–ISDN, H.320 terminals on ISDN, H.321 terminals on B– ISDN,<br />
and H.322 terminals on guaranteed QoS LANs. H.323 terminals may be used in<br />
multipoint conferences.<br />
Gateways<br />
A gateway connects two dissimilar networks. An H.323 gateway provides<br />
connectivity between an H.323 network and a non–H.323 network.<br />
For example, a gateway can connect and provide communication between an H.323<br />
terminal and SCN networks (SCN networks include all switched telephony<br />
networks, e.g., public switched telephone network PSTN. This connectivity of<br />
dissimilar networks is achieved by translating protocols for call setup and release,<br />
converting media formats between different networks, and transferring information<br />
between the networks connected by the gateway.<br />
A gateway is not required, however, for communication between two terminals on<br />
an H.323 network.<br />
Gatekeepers<br />
A gatekeeper can be considered the brain of the H.323 network. It is the focal point<br />
for all calls within the H.323 network.<br />
Although they are not required, gatekeepers provide important services such as<br />
addressing, authorization and authentication of terminals and gateways; bandwidth<br />
management and accounting. Gatekeepers may also provide call-routing services.
386 Chapter 17 – VoIP H323<br />
Multipoint Control Units<br />
MCUs provide support for conferences of three or more H.323 terminals.<br />
All terminals participating in the conference establish a connection with the MCU.<br />
The MCU manages conference resources, negotiates between terminals for the<br />
purpose of determining the audio or video coder/decoder (CODEC) to use, and may<br />
handle the media stream.<br />
The gatekeepers, gateways, and MCUs are logically separate components of the<br />
H.323 standard but can be implemented as a single physical device.<br />
Protocols Specified by H.323<br />
The protocols specified by H.323 are listed below:<br />
• audio CODECs<br />
• video CODECs<br />
• H.225 registration, admission, and status (RAS)<br />
• H.225 call signaling<br />
• H.245 control signaling<br />
• real-time transfer protocol (RTP)<br />
• real-time control protocol (RTCP)<br />
H.323 is independent of the packet network and the transport protocols over which<br />
it runs.<br />
Audio CODEC<br />
An audio CODEC encodes the audio signal from the microphone for transmission<br />
on the transmitting H.323 terminal and decodes the received audio code that is sent<br />
to the speaker on the receiving H.323 terminal.<br />
Because audio is the minimum service provided by the H.323 standard, all H.323<br />
terminals must have at least one audio CODEC support, as specified in the ITU–T<br />
G.711 recommendation (audio coding at 64 kbps).<br />
Additional audio CODEC recommendations such as G.722 (64, 56, and 48 kbps),<br />
G.723.1 (5.3 and 6.3 kbps), G.728 (16 kbps), and G.729 (8 kbps) may also be<br />
supported.<br />
Video CODEC<br />
A video CODEC encodes video from the camera for transmission on the<br />
transmitting H.323 terminal and decodes the received video code that is sent to the<br />
video display on the receiving H.323 terminal.<br />
Because H.323 specifies support of video as optional, the support of video CODECs<br />
is optional as well. However, any H.323 terminal providing video communications<br />
must support video encoding and decoding as specified in the ITU–T H.261<br />
recommendation.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 387<br />
H.225 Registration, Admission, and Status<br />
Registration, admission, and status (RAS) is the protocol between endpoints<br />
(terminals and gateways) and gatekeepers.<br />
The RAS is used to perform registration, admission control, bandwidth changes,<br />
status, and disengage procedures between endpoints and gatekeepers.<br />
A RAS channel is used to exchange RAS messages. This signaling channel is opened<br />
between an endpoint and a gatekeeper prior to the establishment of any other<br />
channels.<br />
H.225 Call Signaling<br />
The H.225 call signaling is used to establish a connection between two H.323<br />
endpoints. This is achieved by exchanging H.225 protocol messages on the callsignaling<br />
channel.<br />
The call-signaling channel is opened between two H.323 endpoints or between an<br />
endpoint and the gatekeeper.<br />
H.245 Control Signaling<br />
H.245 control signaling is used to exchange end-to-end control messages governing<br />
the operation of the H.323 endpoint.<br />
These control messages carry information related to the following:<br />
• capabilities exchange<br />
• opening and closing of logical channels used to carry media streams<br />
• flow-control messages<br />
• general commands and indications<br />
Real-Time Transport Protocol<br />
Real-time transport protocol (RTP) provides end-to-end delivery services of realtime<br />
audio and video.<br />
Whereas H.323 is used to transport data over IP–based networks, RTP is typically<br />
used to transport data via the user datagram protocol (UDP). RTP, together with<br />
UDP, provides transport-protocol functionality. RTP provides payload-type<br />
identification, sequence numbering, time stamping, and delivery monitoring. UDP<br />
provides multiplexing and checksum services. RTP can also be used with other<br />
transport protocols.<br />
Real-Time Transport Control Protocol<br />
Real-time transport control protocol (RTCP) is the counterpart of RTP that provides<br />
control services.<br />
The primary function of RTCP is to provide feedback on the quality of the data<br />
distribution. Other RTCP functions include carrying a transport-level identifier for<br />
an RTP source, called a canonical name, which is used by receivers to synchronize<br />
audio and video.
388 Chapter 17 – VoIP H323<br />
Terminal Characteristics<br />
H.323 terminals must support the following:<br />
• H.245 for exchanging terminal capabilities and creation of media channels<br />
• H.225 for call signaling and call setup<br />
• RAS for registration and other admission control with a gatekeeper<br />
• RTP/RTCP for sequencing audio and video packets<br />
H.323 terminals must also support the G.711 audio CODEC.<br />
Optional components in an H.323 terminal are video CODECs, T.120 dataconferencing<br />
protocols, and MCU capabilities.<br />
Gateway and Gatekeeper Characteristics<br />
Gateway Characteristics<br />
A gateway provides translation of protocols for call setup and release, conversion of<br />
media formats between different networks, and the transfer of information between<br />
H.323 and non H.323 networks An application of the H.323 gateway is in IP<br />
telephony, where the H.323 gateway connects an IP network and SCN network (e.g.,<br />
ISDN network).<br />
On the H.323 side, a gateway runs H.245 control signaling for exchanging<br />
capabilities, H.225 call signaling for call setup and release, and H.225 registration,<br />
admissions, and status (RAS) for registration with the gatekeeper.<br />
On the SCN side, a gateway runs SCN–specific protocols (e.g., ISDN and SS7<br />
protocols). Terminals communicate with gateways using the H.245 controlsignaling<br />
protocol and H.225 call-signaling protocol. The gateway translates these<br />
protocols in a transparent fashion to the respective counterparts on the non H.323<br />
network and vice versa. The gateway also performs call setup and clearing on both<br />
the H.323–network side and the non–H.323–network side. Translation between<br />
audio, video, and data formats may also be performed by the gateway.<br />
Audio and video translation may not be required if both terminal types find a<br />
common communications mode. For example, in the case of a gateway to H.320<br />
terminals on the ISDN, both terminal types require G.711 audio and H.261 video, so<br />
a common mode always exists. The gateway has the characteristics of both an H.323<br />
terminal on the H.323 network and the other terminal on the non–H.323 network it<br />
connects.<br />
Gatekeepers are aware of which endpoints are gateways because this is indicated<br />
when the terminals and gateways register with the gatekeeper. A gateway may be<br />
able to support several simultaneous calls between the H.323 and non–H.323<br />
networks. In addition, a gateway may connect an H.323 network to a non–H.323<br />
network. A gateway is a logical component of H.323 and can be implemented as<br />
part of a gatekeeper or an MCU.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 389<br />
Gatekeeper Characteristics<br />
Gatekeepers provide call-control services for H.323 endpoints, such as address<br />
translation and bandwidth management as defined within RAS. If they are present<br />
in a network, however, terminals and gateways must use their services.<br />
The H.323 standards both define mandatory services that the gatekeeper must<br />
provide and specify other optional functionality that it can provide.<br />
An optional feature of a gatekeeper is call-signaling routing. Endpoints send callsignaling<br />
messages to the gatekeeper, which the gatekeeper routes to the destination<br />
endpoints. Alternately, endpoints can send call-signaling messages directly to the<br />
peer endpoints. This feature of the gatekeeper is valuable, as monitoring of the calls<br />
by the gatekeeper provides better control of the calls in the network. Routing calls<br />
through gatekeepers provides better performance in the network, as the gatekeeper<br />
can make routing decisions based on a variety of factors, for example, load<br />
balancing among gateways.<br />
The services offered by a gatekeeper are defined by RAS and include address<br />
translation, admissions control, bandwidth control, and zone management. H.323<br />
networks that do not have gatekeepers may not have these capabilities, but H.323<br />
networks that contain IP telephony gateways should also contain a gatekeeper to<br />
translate incoming E.164 telephone addresses into transport addresses. A gatekeeper<br />
is a logical component of H.323 but can be implemented as part of a gateway or<br />
MCU.<br />
AT-RG613, AT-RG623 and AT-RG656 Call Processes<br />
The AT-RG613, AT-RG623 and AT-RG656 can communicate with the following<br />
devices:<br />
• Another terminal on the IP network, such as another AT-RG613, AT-RG623 and<br />
AT-RG656.<br />
• Any LAN H.323 endpoint on the IP network, for instance:<br />
• a Soft Phone<br />
• an IP phone directly connected to the IP network<br />
• A PSTN phone or fax. However, the AT-RG613, AT-RG623 and AT-RG656 would<br />
need to contact a PSTN gateway<br />
Calls Involving Another Terminal<br />
The following example (see Figure 20) illustrates how to reach a phone or fax on<br />
another AT-RG613/AT-RG623TX terminal.
390 Chapter 17 – VoIP H323<br />
H323 IP Phone<br />
VoIP Network<br />
Analog Phone<br />
(or Digital Phone)<br />
A<br />
B<br />
Analog Phone<br />
(or Digital Phone)<br />
AT-RG613<br />
(or AT-RG623)<br />
AT-RG613<br />
(or AT-RG623)<br />
H323 Gatekeeper<br />
Figure 20. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone<br />
A user makes a call with the phone connected to an AT-RG613/AT-RG623TX<br />
Residential Gateway, which in turn contacts another AT-RG613/AT-RG623TX<br />
Residential Gateway, which completes the connection to its locally attached phone.<br />
Calls Involving a Terminal and a H.323 Endpoint<br />
The following examples (see Figure 21) illustrate how a phone connected to an AT-<br />
RG613/AT-RG623TX Residential Gateway can communicate with a LAN H.323<br />
endpoint on the IP network.<br />
Such endpoints could be:<br />
• a Soft Phone<br />
• an IP phone directly connected to the IP network
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 391<br />
H323 IP Phone<br />
VoIP Network<br />
Analog Phone<br />
(or Digital Phone)<br />
A<br />
B<br />
Analog Phone<br />
(or Digital Phone)<br />
AT-RG613<br />
(or AT-RG623)<br />
AT-RG613<br />
(or AT-RG623)<br />
H323 Gatekeeper<br />
Figure 21. Phone --> AT-RG613/RG623 (A) --> H323 IP Phone<br />
A user makes a call with the phone connected to an AT-RG613/AT-RG623TX<br />
Residential Gateway, which reaches the corresponding LAN H.323 endpoint on the<br />
IP network.<br />
VoIP H323 Users<br />
Introduction<br />
The VoIP H323 subsystem on the AT-RG613, AT-RG623 and AT-RG656 Residential<br />
gateways is based on the concept of users and access ports.<br />
The following section describe users while Error! <strong>Reference</strong> source not found.<br />
describes access ports.<br />
Users are entities uniquely identified in the system by a name with an associated<br />
phone number. A userʹs phone number represents the userʹs address on the local<br />
system.<br />
User definition is a mandatory step in the correct configuration of the VoIP H323<br />
subsystem (see Figure 22).
392 Chapter 17 – VoIP H323<br />
Default Configuration<br />
H323 Signaling Protocol<br />
Configuration<br />
Access Port Creation<br />
Users Creation<br />
Access Port Config.<br />
Users Binding<br />
Incoming/<br />
Outgoing Calls<br />
Figure 22. VoIP H323 subsystem configuration - basic steps.<br />
Users<br />
The system is designed to support up to 100 users.<br />
Users are defined by the VOIP H323 USER CREATE command.<br />
Each user must have an associated a user number composed of an address number<br />
and, optionally, an area code number if a complete E.164 number must be defined.<br />
<br />
<br />
<br />
Note 1: In any given system there cannot exist two or more users with the same<br />
area code and address.<br />
In the any given it is valid to have two ore more users with the same address<br />
but different area code or no area code at all.<br />
Note 2: Users may inform the VoIP network about the location (IP address)<br />
where they can be contacted by registering themselves on the gatekeeper<br />
defined in the VOIP H323 USER CREATE command. In this way other<br />
endpoints on the VoIP network can contact each user by simply using the user<br />
address.<br />
Note 3: All the users must use the same gatekeeper, i.e.it is not possible manage<br />
simultaneously registrations on multiple gatekeepers.<br />
If no gatekeeper is specified, a gatekeeper autodiscover procedure is initialized to<br />
find a list of available gatekeepers.<br />
To know the userʹs registration status use the VOIP H323 USER SHOW command.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 393<br />
The user number used in the registration messages is the complete user number:<br />
area code + address number.<br />
users and access port<br />
A user needs to be attached at least to one physical port in order to receive or to<br />
make a call.<br />
To attach a user to a physical port use the VOIP H323 USER ADD command.<br />
When a user receives a call, only the access lines where the user is attached are<br />
engaged by the communication.<br />
The same user may be attached to more than one access port. In this case when it<br />
receives the call all the lines where it is attached will be used to signal the incoming<br />
call.<br />
To know the physical port where a user is attached, use the VOIP H323 USER<br />
SHOW command<br />
Note that physical access ports don’t have their own fixed phone number. They<br />
inherit the phone number from the user number of the attached users.<br />
More than one user may be attached to the same physical access port and therefore<br />
more than one phone number can be associated with the same physical access port.<br />
If a user receive a call but the physical line where it is attached is already involved<br />
in another communication (because it is being used by another user), the call is<br />
rejected.<br />
When an outgoing call (in the direction user to VoIP network) is made and more<br />
than one user is attached on the access port being used to make the call, the identity<br />
of the calling user is deemed to be the first user defined in the list of attached users.<br />
To know which users are attached to a physical port, use the VOIP EP SHOW<br />
command. All the local users belongs to the same domain.<br />
When an access port is deleted from the system, all users previously attached are<br />
removed from the port.<br />
Removing a user from a port, using the VOIP H323 USER REMOVE command or<br />
deleting the access port, results in an un-registration process from the gatekeeper<br />
defined during user creation phase.
394 Chapter 17 – VoIP H323<br />
VoIP H323 Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG 623 and<br />
AT-RG656 Residential Gateway to configure and manage the H323 protocol<br />
signaling module.<br />
VoIP h323 protocol CLI commands<br />
The table below lists the VOIP H323 PROTOCOL commands provided by the CLI:<br />
Command<br />
VOIP H323 PROTOCOL DISABLE<br />
VOIP H323 PROTOCOL ENABLE<br />
VOIP H323 PROTOCOL SET MEDIAPORT<br />
VOIP H323 PROTOCOL SET ALIAS<br />
VOIP H323 PROTOCOL SET CONNECT<br />
VOIP H323 PROTOCOL SET GATEKEEPER<br />
VOIP H323 PROTOCOL SET NETINTERFACE<br />
VOIP H323 PROTOCOL SET Q931PORT<br />
VOIP H323 PROTOCOL SET RASPORT<br />
VOIP H323 PROTOCOL SET REGISTRATION<br />
VOIP H323 PROTOCOL SET RESPONSE<br />
VOIP H323 PROTOCOL SET SECONDARYGATEKEEPER<br />
VOIP H323 PROTOCOL SHOW<br />
VOIP H323 PROTOCOL DISABLE<br />
Syntax VOIP H323 PROTOCOL DISABLE<br />
Description This command stops the VoIP H323 signaling protocol and releases all the resources<br />
associated with it.:<br />
• any analogue or digital port defined in the system is removed.<br />
• any user defined in the system is deleted.<br />
This command is typically used when itʹs necessary to change the VoIP signaling<br />
protocol, i.e. from H323 to SIP.<br />
To simply restart the H323 module, use the VOIP H323 PROTOCOL RESTART<br />
command. It doesnʹt remove any resources defined under the voip main module.<br />
To enable the H323 module, use the VOIP H323 PROTOCOL ENABLE command.<br />
Example --> voip h323 protocol disable.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 395<br />
See also VOIP H323 PROTOCOL RESTART<br />
VOIP H323 PROTOCOL ENABLE.<br />
VOIP H323 PROTOCOL ENABLE<br />
Syntax VOIP H323 PROTOCOL ENABLE<br />
Description This command turns on the H323 signaling module.<br />
To bind the H323 module to a specific IP interface uset the VOIP H323 PROTOCOL<br />
SET INTERFACE command.<br />
<br />
Binding the H323 module to a specific IP interface defines the value of the<br />
source IP address for signallng and voice packets.<br />
<br />
The H323 module MUST be enabled in order to create/set analog/digital<br />
ports, users and H323 gatekeeper.<br />
By default, when the H323 module is started the following default values are used:<br />
• q931port: 1720<br />
• rasport: 1719<br />
Example<br />
--> voip h323 protocol enable<br />
See also VOIP H323 PROTOCOL SHOW<br />
VOIP H323 PROTOCOL DISABLE<br />
VOIP H323 PROTOCOL SET ALIAS<br />
Syntax VOIP H323 PROTOCOL SET ALIAS <br />
• Description This command sets the user logical name used for<br />
remote party calling, translated by the Gatekeeper to the network address<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
alias<br />
The terminal alias used in H.225 registration<br />
messages to identify the residential<br />
gateway.<br />
N/A<br />
Example --> voip h323 protocol set alias at-rg613-1.voip.atkk.com
396 Chapter 17 – VoIP H323<br />
See also VOIP H323 PROTOCOL SHOW<br />
VOIP H323 PROTOCOL SET CONNECT<br />
Syntax VOIP H323 PROTOCOL SET CONNECT <br />
Description This command sets response timeout value.<br />
By default, when the H323 module is started using the VOIP H323 PROTOCOL<br />
ENABLE command, the following default values are used:<br />
• registration:<br />
• response:<br />
• connect:<br />
7200 secs<br />
20 secs<br />
30 secs<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
secs<br />
The interval time (expressed in seconds) for<br />
which the system waits for CONNECTmessages<br />
when a call is placed before<br />
tearing down the connection.<br />
Acceptable value are from 10 to 5255<br />
seconds.<br />
30<br />
Example --> voip h323 protocol set connect 60<br />
See also VOIP H323 PROTOCOL SHOW<br />
VOIP H323 PROTOCOL SET GATEKEEPER<br />
Syntax VOIP H323 PROTOCOL SET GATEKEEPER <br />
Description This command sets the primary gatekeeper.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
gk<br />
ipport<br />
The hostname or IPv4 address of the<br />
primary gatekeeper.<br />
Primary-host can be a maximum of 256<br />
chars long (when using hostname format).<br />
The port on primary gatekeeper where<br />
H225 registration messages are sent.<br />
N/A<br />
1719
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 397<br />
id<br />
Itʹs the gatekeeper identifier. Id can be 20 a<br />
maximum of 20 chars long<br />
N/A<br />
Example --> voip h323 protocol set gatekeeper 10.17.90.110<br />
See also VOIP H323 PROTOCOL ENABLE<br />
VOIP H323 PROTOCOL SHOW<br />
VOIP H323 PROTOCOL SET NETINTERFACE<br />
Syntax VOIP H323 PROTOCOL SET NETINTERFACE <br />
Description This command sets the IP interface used to access the VoIP network.<br />
Signaling and voice packets will use the Source IP address defined for the selected<br />
interface.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
interface_name<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
N/A<br />
Example --> voip h323 protocol set netinterface ip0<br />
See also VOIP H323 PROTOCOL ENABLE<br />
VOIP H323 PROTOCOL SHOW<br />
VOIP H323 PROTOCOL SET Q931PORT<br />
Syntax VOIP H323 PROTOCOL SET Q931PORT <br />
Description This command sets the UDP/TCP port on the Residential Gateway used to send and<br />
receive signalling messages.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
ipport<br />
The UDP/TCP port on the Residential<br />
Gateway used to send and receive<br />
signalling messages.<br />
1720<br />
Example --> voip h323 protocol set q931port 1740<br />
See also VOIP H323 PROTOCOL SET RASPORT<br />
VOIP H323 PROTOCOL SHOW
398 Chapter 17 – VoIP H323<br />
VOIP H323 PROTOCOL SET RASPORT<br />
Syntax VOIP H323 PROTOCOL SET RASPORT <br />
Description This command sets the UDP/TCP port on the Residential Gateway used to send and<br />
receive registration messages.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
ipport<br />
The UDP/TCP port on the Residential<br />
Gateway used to send and receive<br />
registration messages.<br />
1719<br />
Example --> voip h323 protocol set rasport 1739<br />
See also VOIP H323 PROTOCOL SET Q931PORT<br />
VOIP H323 PROTOCOL SHOW<br />
VOIP H323 PROTOCOL SET REGISTRATION<br />
Syntax VOIP H323 PROTOCOL SET REGISTRATION <br />
Description This command sets registration timeout value.<br />
By default, when the H323 module is started using the VOIP H323 PROTOCOL<br />
ENABLE command, the following default values are used:<br />
• registration:<br />
• response:<br />
• connect:<br />
7200 secs<br />
20 secs<br />
30 secs<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
secs<br />
The interval time (expressed in seconds)<br />
between two consecutive registrations.<br />
Acceptable value are from 10 to 10800<br />
seconds.<br />
7200<br />
Example --> voip h323 protocol set registration 3600<br />
See also VOIP H323 PROTOCOL SET RESPONSE<br />
VOIP H323 PROTOCOL SHOW
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 399<br />
VOIP H323 PROTOCOL SET RESPONSE<br />
Syntax VOIP H323 PROTOCOL SET RESPONSE <br />
Description This command sets response timeout value.<br />
By default, when the H323 module is started using the VOIP H323 PROTOCOL<br />
ENABLE command, the following default values are used:<br />
• registration:<br />
• response:<br />
• connect:<br />
7200 secs<br />
20 secs<br />
30 secs<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
secs<br />
The interval time (expressed in seconds) for<br />
which the system waits for ALERTING<br />
messages when a call is placed before<br />
tearing down the connection.<br />
Acceptable value are from 10 to 5255<br />
seconds.<br />
20<br />
Example --> voip h323 protocol set response 40<br />
See also VOIP H323 PROTOCOL SET REGISTRATION<br />
VOIP H323 PROTOCOL SHOW<br />
VOIP H323 PROTOCOL SET<br />
SECONDARYGATEKEEPER<br />
Syntax VOIP H323 PROTOCOL SET SECONDARYGATEKEEPER <br />
Description This command sets the secondary gatekeeper.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
gk<br />
ipport<br />
The hostname or IPv4 address of the<br />
secondary gatekeeper.<br />
Secondary-host can be a maximum of 256<br />
chars long (when using hostname format).<br />
The port on secondary gatekeeper where<br />
H225 registration messages are sent.<br />
N/A<br />
1719
400 Chapter 17 – VoIP H323<br />
id<br />
Itʹs the gatekeeper identifier. Id can be a<br />
maximum of 20 chars long<br />
N/A<br />
Example --> voip h323 protocol set secondarygatekeeper 10.17.90.111<br />
See also VOIP H323 PROTOCOL ENABLE<br />
VOIP H323 PROTOCOL SHOW<br />
VOIP H323 PROTOCOL SHOW<br />
Syntax VOIP H323 PROTOCOL SHOW<br />
Description This command displays basic H323 module configuration parameters set by the<br />
VOIP H323 PROTOCOL ENABLE command.<br />
Example --> voip h323 protocol show<br />
Gateway base protocol: H323<br />
--------------------------------------------------------------<br />
RAS port: 1719<br />
Q931 port: 1720<br />
Network interface:<br />
ip0<br />
Gatekepeer:<br />
192.168.1.110<br />
Secondarygatekepeer: 192.168.1.111<br />
Alias:<br />
Timers:<br />
Registration: 7200<br />
Response: 20<br />
Connect: 90<br />
See also VOIP H323 PROTOCOL ENABLE
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 401<br />
VoIP H323 User Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to enable, configure and manage the VoIP H323<br />
User module.<br />
voip H323 user CLI commands<br />
The table below lists the VOIP H323 USER commands provided by the CLI:<br />
Command<br />
VOIP H323 USER ADD<br />
VOIP H323 USER CREATE<br />
VOIP H323 USER DELETE<br />
VOIP H323 USER LIST<br />
VOIP H323 USER REMOVE<br />
VOIP H323 USER SHOW<br />
VOIP H323 USER ADD<br />
Syntax VOIP H323 USER ADD PORT <br />
Description This command attaches a user created with the command VOIP H323 USER<br />
CREATE to a named port created with the command VOIP EP CREATE.<br />
H323 protocol:<br />
As soon this command is entered, the registration phase starts to the Gatekeeper<br />
specified in the VOIP H323 USER CREATE command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
username<br />
portname<br />
A name that identifies an existing user (it<br />
can also be the ID value associated with the<br />
user name). To display the existing users,<br />
use the VOIP H323 USER LIST command.<br />
A name that identifies an existing port. To<br />
display the existing ports, use the VOIP EP<br />
LIST command.<br />
N/A<br />
N/A<br />
Example --> voip h323 user add MrBrown port fxs0<br />
See also VOIP H323 USER ADD<br />
VOIP H323 USER CREATE
402 Chapter 17 – VoIP H323<br />
VOIP H323 USER DELETE<br />
VOIP H323 USER LIST<br />
VOIP H323 USER REMOVE<br />
VOIP H323 USER SHOW<br />
VOIP EP LIST<br />
VOIP H323 USER CREATE<br />
Syntax VOIP H323 USER CREATE ADDRESS [AREACODE<br />
]<br />
Description This command creates a new entry in the users list. Each user must have a different<br />
. If the user already exists, an error message is raised.<br />
This command is accepted only if the H323 module is already running. See the<br />
VOIP H323 PROTOCOL ENABLE command to turn on the H323 module.<br />
The username can be 16 characters in length; cannot start with a digit and cannot<br />
contain dots ʹ.ʹ or slash symbols ʹ/ʹ.<br />
This command doesn’t bind the user to a physical access port. In order to inform the<br />
system that the user is attached to a specific physical port, the VOIP H323 USER<br />
ADD command must be used.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
username<br />
digit-map<br />
area-number<br />
An arbitrary name that identifies the user.<br />
The name must not be present already.<br />
The username can be a maximum of 16<br />
characters long.<br />
The phone number (E.164) used to reach the<br />
user.<br />
The address can be 32 characters long.<br />
The prefix number to be dialed before the<br />
destination number. Valid characters are<br />
only digits. The area number can be a<br />
maximum of 10 digits long.<br />
N/A<br />
N/A<br />
empty<br />
Example<br />
--> voip h323 user create MrBrown address 12345<br />
See also VOIP H323 USER ADD<br />
VOIP H323 USER CREATE<br />
VOIP H323 USER DELETE<br />
VOIP H323 USER LIST<br />
VOIP H323 USER REMOVE<br />
VOIP H323 USER SHOW<br />
VOIP EP LIST
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 403<br />
VOIP H323 USER DELETE<br />
Syntax VOIP H323 USER DELETE <br />
Description This command deletes a single user created using the VOIP H323 USER CREATE<br />
command.<br />
To show the list of existing users, use the VOIP H323 USER LIST command.<br />
As soon this command is entered, the deregistration phase starts to the Gatekeeper;<br />
removing the user from the user list on the server.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
username<br />
A name that identifies an existing user (it<br />
can also be the ID value associated with the<br />
user name). To display the existing users,<br />
use the VOIP H323 USER LIST command.<br />
N/A<br />
Example --> voip h323 user delete MrBrown<br />
See also VOIP H323 USER ADD<br />
VOIP H323 USER CREATE<br />
VOIP H323 USER DELETE<br />
VOIP H323 USER LIST<br />
VOIP H323 USER REMOVE<br />
VOIP H323 USER SHOW<br />
VOIP EP LIST<br />
VOIP H323 USER LIST<br />
Syntax VOIP H323 USER LIST<br />
Description This command lists information about users that were added using the VOIP H323<br />
USER CREATE command. The following information is displayed:<br />
• user ID numbers<br />
• user names<br />
• Area Codes<br />
• Addresses<br />
<br />
Note: If the user name is longer than 32 chars, the name is shown in a short<br />
format (only the initial part of the name is displayed). To show the full name use<br />
the VOIP EP USER SHOW command, specifying the user ID instead of user<br />
name.
404 Chapter 17 – VoIP H323<br />
Example<br />
--> voip h323 user list<br />
ID | Name | Area Code | Address<br />
---- |------------|------------------|------------------------------------<br />
1 | MrBrown | | 12345<br />
---- |------------|------------------|------------------------------------<br />
See also VOIP H323 USER ADD<br />
VOIP H323 USER CREATE<br />
VOIP H323 USER DELETE<br />
VOIP H323 USER LIST<br />
VOIP H323 USER REMOVE<br />
VOIP H323 USER SHOW<br />
VOIP EP LIST<br />
VOIP H323 USER REMOVE<br />
Syntax VOIP H323 USER REMOVE PORT <br />
Description This command remove a single user from the port where it was added with the<br />
VOIP H323 USER ADD command.<br />
Removing a user from a port results in an deregistration request to the Gatekeeper<br />
specified in the VOIP H323 USER CREATE command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
username<br />
portname<br />
A name that identifies an existing user (it<br />
canalso be the ID value associated with the<br />
user name). To display the existing users,<br />
use the VOIP H323 USER LIST command.<br />
A name that identifies an existing port. To<br />
know the ports where the user is added, use<br />
the VOIP H323 USER SHOW command.<br />
N/A<br />
N/A<br />
Example --> voip h323 user remove MrBrown port fxs0<br />
See also VOIP H323 USER ADD<br />
VOIP H323 USER CREATE<br />
VOIP H323 USER DELETE<br />
VOIP H323 USER LIST<br />
VOIP H323 USER REMOVE<br />
VOIP H323 USER SHOW<br />
VOIP EP LIST
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 405<br />
VOIP H323 USER SHOW<br />
Syntax VOIP H323 USER SHOW <br />
Description This command displays the following information about a named user:<br />
• Address<br />
• Area Code<br />
• State<br />
• Attached ports<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
username<br />
A name that identifies an existing user. To<br />
display the existing users, use the VOIP<br />
H323 USER LIST command.<br />
N/A<br />
Example --> voip h323 user show MrBrown<br />
Gateway user: MrBrown<br />
------------------------------------------------------<br />
Address: 10<br />
Area Code (AC): 1<br />
State:<br />
registered (expire time: 2739 Sec.)<br />
Attached ports: fxs0<br />
See also VOIP H323 USER ADD<br />
VOIP H323 USER CREATE<br />
VOIP H323 USER DELETE<br />
VOIP H323 USER LIST<br />
VOIP H323 USER REMOVE<br />
VOIP H323 USER SHOW<br />
VOIP EP LIST
406 Chapter 17 – VoIP H323<br />
VoIP H323 FDB Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to configure and manage the FDB module.<br />
voip h323 fdb CLI commands<br />
The table below lists the VOIP H323 FDB commands provided by the CLI:<br />
Command<br />
VOIP H323 FDB CREATE<br />
VOIP H323 FDB DELETE<br />
VOIP H323 FDB LIST<br />
VOIP H323 FDB SHOW<br />
VOIP H323 FDB CREATE<br />
Syntax VOIP H323 FDB CREATE ADDRESS CONTACT <br />
[FWADDRESS ]<br />
Description This command creates a new entry in the forwarding database (FDB).<br />
ADDRESS is the called address expected to be received from the calling end-point in<br />
order to forward the call to the CONTACT. It can be also a digit-map if an address<br />
pool must be forwarded to a specific host address.<br />
CONTACT is the host reference where the call is forwarded.<br />
The FWADDRESS replaces the destination address of the call. It is optional and it is<br />
used to make a short selection rule (e.g. dialed number 01 corresponds to<br />
00390224141121)<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
digit-map<br />
An arbitrary name that identifies this<br />
specific fdb rule. The name must not be<br />
present already.<br />
The fdb name can be a maximum of 16<br />
characters long.<br />
The called user address (i.e. phone number)<br />
expected to be received.<br />
It can be a digit map expression<br />
The digit-map can be a maximum of 32<br />
chars long.<br />
N/A<br />
N/A
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 407<br />
contact-host<br />
port<br />
tel-number<br />
The hostname or IPv4 address of the remote<br />
end-point where call must be routed.<br />
Contact-host can be a maximum of 256<br />
chars long (when using hostname format).<br />
The UDP/TCP port on the contact host to<br />
which signalling messages are sent.<br />
Is the new number to which the call is<br />
redirected.<br />
N/A<br />
5060<br />
N/A<br />
Example<br />
--> voip h323 fdb create default address 9x. contact 192.168.1.10<br />
See also VOIP H323 FDB LIST<br />
VOIP H323 FDB SHOW<br />
VOIP H323 FDB DELETE<br />
Syntax VOIP H323 FDB DELETE <br />
Description This command deletes a single fdb entry created using the VOIP H323 FDB<br />
CREATE command.<br />
To show the list of existing FDB entries, use the VOIP H323 FDB LIST command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name (or the ID value) that identifies an<br />
existing user in the forwarding database. To<br />
display the existing FDB entries, use the<br />
VOIP H323 FDB LIST command.<br />
N/A<br />
Example --> voip h323 fdb delete default<br />
See also VOIP H323 FDB CREATE<br />
VOIP H323 FDB LIST<br />
VOIP H323 FDB LIST<br />
Syntax VOIP H323 FDB LIST<br />
Description This command lists information about FDB entries added using the VOIP H323 FDB<br />
CREATE command.<br />
The following information is displayed:<br />
• FDB entry ID numbers<br />
• FDB entry names
408 Chapter 17 – VoIP H323<br />
• FDB entry Address<br />
<br />
Note: If an fdb name is longer than 32 chars, the name is shown in a short<br />
format (only the initial part of the name is displayed). To show the full name use<br />
the VOIP H323 FDB SHOW command, specifying the user ID instead of user<br />
name.<br />
Example --> voip h323 fdb list<br />
Gateway forwarding database:<br />
ID | Name | Address<br />
----|------------|---------------------<br />
1 | pstn | 9x.<br />
---------------------------------------<br />
See also VOIP H323 CREATE<br />
VOIP H323 SHOW<br />
VOIP H323 FDB SHOW<br />
Syntax VOIP H323 SHOW <br />
Description This command lists information about a named FDB entry added to the forwarding<br />
data base using the VOIP H323 FDB CREATE command. The following information<br />
is displayed:<br />
• Address<br />
• Contact<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name (or the ID value) that identifies an<br />
existing user in the forwarding database. To<br />
display the existing FDB entries, use the<br />
VOIP H323 FDB LIST command.<br />
N/A<br />
Example --> voip h323 fdb show MrJohn<br />
Gateway forwarding database entry: MrJohn<br />
----------------------------------------------<br />
Address: 2010<br />
Contact: 10.17.90.51<br />
See also VOIP H323 FDB LIST
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 409<br />
Chapter 18<br />
VoIP MGCP<br />
Introduction<br />
The MGCP (Media Gateway Control Protocol) is a protocol that assumes a call<br />
control architecture where the call control ʺintelligenceʺ is outside the gateways and<br />
handled by external call control elements, the call agent. MGCP assumes that the<br />
gateways have limited storage and functionality.<br />
So, two are the MGCP entities: Call Agent (Media Gateway Controller MGC) which<br />
handles the call control “intelligence”, that means the call signaling and the call<br />
processing functions; and the Media Gateway (MG) that provides conversion<br />
between the audio signals carried on telephone circuits and data packets carried<br />
over Internet or packets networks and expects to execute command sent by the Call<br />
Agent.<br />
MGCP is a master/slave protocol; while the call agent is mandatory and manages<br />
the calls and conferences and supports the services provided, the endpoint is<br />
unaware of the calls and conferences and does not maintain call states, it’s simply<br />
expected to execute commands sent by the call agent.<br />
Connections & Endpoints<br />
MGCP introduces the concepts of connections and endpoints for establishing endto-end<br />
voice paths and the concepts of events and signals for establishing and<br />
tearing down calls.<br />
Endpoints are sources or sinks of data and can be physical or virtual. Physical<br />
endpoint creation requires hardware installation while software is sufficient for<br />
creating a virtual endpoint. An interface on a gateway that terminates a trunk
410 Chapter 18 – VoIP MGCP<br />
connected to a PSTN switch is an example of a physical endpoint. An audio source<br />
in an audio-content server is an example of a virtual endpoint.<br />
Connections may be either point-to-point or multipoint. A point-to-point connection<br />
is an association between two endpoints for transmitting data between these<br />
endpoints. Once this association is established for both endpoints, data transfer<br />
between these endpoints can take place. A multipoint connection is an association<br />
among multiple endpoints for transmitting data among these endpoints.<br />
Connections can be established over several types of bearer networks:<br />
• Transmission of audio using RTP and UDP over a TCP/IP network.<br />
• Transmission of audio over an ATM network.<br />
The call agent uses MGCP to provision the gateways with the description of<br />
connection parameters such as IP addresses, UDP port and RTP profiles. These<br />
descriptions follow the conventions delineated in the Session Description Protocol<br />
(SDP) which is now an IETF proposed standard, documented in RFC 2327. The use<br />
of SDP facilitates interoperability with the Session Initiation Protocol (SIP).<br />
The control primitives for MGCP operations are Signals sent from the call Agent to<br />
the gateway, and Events sent from the Gateway to the Call agent. The concepts of<br />
Signals and Events are used for establishing and tearing down calls.<br />
Operations are performed by applying Signals TO, and detecting Events FROM<br />
endpoints. A Call agent initiates transactions to manage/configure Endpoint using<br />
MGCP commands. Endpoint sends responses Call agent transaction requests using<br />
either a notification or restart command.<br />
The concepts of events and signals are central to MGCP. A call agent may ask to be<br />
notified about certain events occurring in an endpoint, e.g. off-hook events, and a<br />
call agent may request certain signals to be applied to an endpoint, e.g. dial-tone.<br />
Events and signals are grouped in packages. Packages are groupings of the events<br />
and signals supported by a particular type of endpoint. For instance, one package<br />
may support a certain group of events and signals for analog access lines, and<br />
another package may support another group of events and signals for MF trunks.<br />
Digits, or letters, are supported in many packages. Digits include numbers between<br />
0 and 9. Letters may include the asterisk ʺ*ʺ, the pound sign ʺ#ʺ and others. The call<br />
agent can ask a gateway to detect a set of digits or letters either by individually<br />
describing those letters, or by using the ʺrangeʺ notation defined in the syntax of<br />
digit strings.<br />
Signals and Events needed to support a specific telephony function or type of<br />
endpoint are grouped into Event/Signal Packages. Example packages defined in the<br />
MGCP specification include:<br />
• Generic Media Package<br />
• DTMF Package<br />
• Line package
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 411<br />
MGCP Protocol Commands<br />
There are eight commands in the protocol: NotificationRequest, Notify,<br />
CreateConnection, ModifyConnection, DeleteConnection, AuditEndpoint,<br />
AuditConnection and RestartInProgress.<br />
NotificationRequest<br />
The NotificationRequest command is used by the call agent for requesting from a<br />
gateway to be notified upon the occurrence of specified events in an endpoint. For<br />
example, a notification may be requested for the event that a gateway detects that an<br />
endpoint is going off hook. A list of potential events includes: off hook transition, on<br />
hook transition, flash-hook, MF incoming seizure detected, continuity tone detected<br />
etc.<br />
The call agent can also request that the gateway collect the dialed digits. The<br />
NotificationRequest allows the call agent to download a specific dialing plan to the<br />
gateway to be used for collecting the digits.<br />
A call agent also includes a unique identifier in the NotificationRequest that will be<br />
included by the gateway in the gateway’s Notify message when the requested event<br />
actually occurs. This identifier is used for tying the NotificationRequest to the<br />
Notify message that will be sent by the gateway.<br />
Notify<br />
Notifications are sent by the gateway via the Notify command in response to a<br />
NotificationRequest sent by the call agent to the gateway. The gateway includes in<br />
the Notify command a list of the events it observed. The Notify command includes<br />
the unique identifier that was sent by the call agent to the gateway in the<br />
NotificationRequest command.<br />
CreateConnection<br />
The call agent uses the CreateConnection command for binding an endpoint to a<br />
specific IP address and UDP port. Another CreateConnection request for the remote<br />
endpoint is necessary for creating an end-to-end connection with two endpoints.<br />
The CreateConnection request specifies a CallId that will be used for identifying the<br />
call or session to which this connection belongs. More than one connection may<br />
actually share the same CallId. The CreateConnection request also specifies the<br />
endpoint to be used for this connection and the parameters to be used for the<br />
connection. These parameters may include for example voice encoding, and<br />
compression parameters. The call agent also specifies the mode of the connection.<br />
The mode may be ʺsend,ʺ ʺreceive,ʺ send/receive,ʺ ʺconference,ʺ ʺinactive,ʺ ʺdata,ʺ<br />
ʺloopback,ʺ continuity test,ʺ ʺnetwork loopbackʺ or ʺnetwork continuity test.ʺ<br />
The CreateConnection request from the call agent may include a description of the<br />
remote side of the connection on the IP network i.e. parameters of the connection
412 Chapter 18 – VoIP MGCP<br />
like encoding, but also IP address UDP port. The remote connection description may<br />
be unspecified in some CreateConnection requests. This occurs because the call<br />
agent needs to send two CreateConnection requests for creating an end-to-end<br />
connection. When the first CreateConnection request is sent the call agent doesn’t<br />
yet know the remote connection descriptor. This information may be provided later<br />
via a ModifyConection request.<br />
A CreateConnection request may also include the parameters normally included in<br />
a NotificationRequest. This allows the call agent to send a CreateConnection and a<br />
NotificationRequest combined in one CreateConnection message. This improves the<br />
performance of the protocol.<br />
When the gateway acknowledges the CreateConnection request it also sends to the<br />
call agent a ConnectionId that uniquely identifies the connection with in an<br />
endpoint and local connection information about the IP address and UDP port it<br />
selected. The call agent can potentially select those but the gateway may be sharing<br />
those resources for other functions and it is preferable that the gateway does the<br />
selection.<br />
ModifyConnection<br />
The Call Agent uses the ModifyConnection command for changing the parameters<br />
associated with a previously established connection. The parameters in the<br />
ModifyConnection command are the same as in a CreateConnection request. The<br />
ConnectionId is provided by the call agent to the gateway in a ModifyConnection<br />
request.<br />
The ModifyConnection can be used for:<br />
• Providing information about the other end of the connection through the<br />
remote connection descriptor<br />
• Activating or deactivating a connection<br />
• Changing the parameters of a connection.<br />
DeleteConnection<br />
The call agent can use the DeleteConnection command to delete an existing<br />
connection. When the gateway acknowledges a DeleteConnection request, it<br />
includes a list of parameters about the status of the connection in the response.<br />
These parameters include: numbers of packets and octets sent, number of packets<br />
and octets received, number of packets lost, inter-arrival jitter and average<br />
transmission delay.<br />
The DeleteConnection command may also be sent by a gateway to the call agent for<br />
indicating that a connection can no longer be sustained.<br />
AuditEndpoint<br />
The AuditEndpoint command can be used by the call agent for getting details about<br />
the status of an endpoint or a list of endpoints. The information that can be audited<br />
by the Call Agent includes: requested events, dialing plan and connection<br />
identifiers. The response of the gateway includes all the requested information.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 413<br />
AuditConnection<br />
The AuditConnection can be used by the call agent for retrieving information<br />
related to a specific connection of an endpoint identified by a ConnectionId. The<br />
information that can be retrieved includes: call id, local and remote connection<br />
descriptors, local connection parameters and the mode of the connection. The<br />
response of the gateway to the AuditConnection request includes all the requested<br />
information.<br />
RestartInProgress<br />
The RestartInProgress command is used by the gateway to signal that an endpoint,<br />
or a group of endpoints, is taken in or out of service. The parameters of the<br />
RestartInProgress message indicate the group of endpoints that the message applies<br />
to. The RestartInProgress method also includes a parameter that specifies the type of<br />
restart:<br />
o<br />
o<br />
o<br />
Graceful restart indicates that the endpoints will be taken out of service after<br />
a specified delay<br />
Forced restart indicates that the endpoints are taken immediately out of<br />
service<br />
Restart indicates that the service will be restored after the specified delay
414 Chapter 18 – VoIP MGCP<br />
MGCP Command reference<br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to configure and manage the MGCP protocol<br />
module.<br />
MGCP commands<br />
The table below lists the mgcp commands provided by the CLI:<br />
Command<br />
VOIP MGCP PROTOCOL DISABLE<br />
VOIP MGCP PROTOCOL ENABLE<br />
VOIP MGCP PROTOCOL RESTART<br />
VOIP MGCP PROTOCOL SET DEFAULTPORT<br />
VOIP MGCP PROTOCOL SET MAXRETRANSMITIONTIME<br />
VOIP MGCP PROTOCOL SET NAT<br />
VOIP MGCP PROTOCOL SET NETINTERFACE<br />
VOIP MGCP PROTOCOL SET PIGGYBACK<br />
VOIP MGCP PROTOCOL SET PROFILE<br />
VOIP MGCP PROTOCOL SET ROUNDTRIPTIME<br />
VOIP MGCP PROTOCOL SHOW<br />
VOIP MGCP CALLAGENT CREATE<br />
VOIP MGCP CALLAGENT DELETE<br />
VOIP MGCP CALLAGENT LIST<br />
VOIP MGCP PROTOCOL DISABLE<br />
Syntax VOIP MGCP PROTOCOL DISABLE<br />
Description This command stops the VoIP MGCP signalling protocol and releases all the<br />
resources associated to it.:<br />
This command is typically used when itʹs necessary to change the VoIP signalling<br />
protocol, i.e. from MGCP to SIP to H323.<br />
To simply restart the MGCP module, use the VOIP MGCP PROTOCOL RESTART<br />
command. It doesnʹt remove any resources defined for the protocol.<br />
To enable the MGCP module, use the VOIP MGCP PROTOCOL ENABLE<br />
command.<br />
Example --> voip mgcp protocol disable
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 415<br />
See also VOIP MGCP PROTOCOL RESTART<br />
VOIP MGCP PROTOCOL ENABLE.<br />
VOIP MGCP PROTOCOL ENABLE<br />
Syntax VOIP MGCP PROTOCOL ENABLE<br />
Description This command turns on the MGCP signaling module.<br />
To bind the MGCP module to a specific IP interface use the VOIP MGCP<br />
PROTOCOL SET NETINTERFACE command.<br />
<br />
Binding the MGCP module to a specific IP interface defines the value of<br />
the source IP address for signallng and voice packets.<br />
Example<br />
--> voip mgcp protocol enable<br />
See also VOIP MGCP PROTOCOL SHOW<br />
VOIP MGCP PROTOCOL DISABLE<br />
VOIP MGCP PROTOCOL RESTART<br />
Syntax<br />
VOIP MGCP PROTOCOL RESTART<br />
Description This command restarts the VoIP MGCP signaling protocol module.<br />
Any pending and active calls are released.<br />
This command doesnʹt release any resources previously created during module<br />
configuration.<br />
Example --> voip mgcp protocol restart<br />
See also VOIP MGCP PROTOCOL ENABLE<br />
VOIP MGCP PROTOCOL SET DEFAULTPORT<br />
Syntax VOIP MGCP PROTOCOL SET DEFAULTPORT <br />
Description This command sets the default listening/sending port used for MGCP signaling<br />
messages.<br />
By default, when the MGCP module is attached to an IP interface using theVOIP<br />
MGCP PROTOCOL SET NETINTERFACE command, the following default value is<br />
used:<br />
• defaultport: 2427
416 Chapter 18 – VoIP MGCP<br />
<br />
Changing the signaling port causes the MGCP module to restart.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
ipport<br />
UDP/TCP port number used for signalling<br />
messages.<br />
Available values are from 1026 to 65534.<br />
Only even values can be accepted<br />
2427<br />
Example --> voip mgcp protocol set defaultport 2427<br />
See also VOIP MGCP PROTOCOL ENABLE<br />
VOIP MGCP PROTOCOL SET NAT<br />
Syntax VOIP MGCP PROTOCOL SET NAT {NONE | }<br />
Description This command sets the NAT host reference. Any MGCP message with local<br />
reference is hidden by the NAT address value.<br />
<br />
Changing the NAT reference causes the MGCP module to restart.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
host<br />
The address that must displayed in the<br />
MGCP messages.<br />
It can be expressed in hostname format or<br />
IPv4 format.<br />
A Hostname can be a maximum of 255<br />
characters long.<br />
None<br />
Example --> voip mgcp protocol set nat 10.17.90.110<br />
--> voip mgcp protocol set nat at-rg600.voip.atkk.com<br />
See also VOIP MGCP PROTOCOL ENABLE<br />
VOIP MGCP PROTOCOL SET NETINTERFACE<br />
Syntax VOIP MGCP PROTOCOL SET NETINTERFACE <br />
Description This command sets the IP interface used to access the VoIP network.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 417<br />
• Signaling and voice packets will use the Source IP address defined for the<br />
selected interface.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
interface_name<br />
A name that identifies an existing IP<br />
interface. To display interface names, use<br />
the IP LIST INTERFACES command.<br />
N/A<br />
Example --> voip MGCP protocol set netinterface ip0<br />
See also VOIP MGCP PROTOCOL ENABLE<br />
VOIP MGCP PROTOCOL SET PROFILE<br />
Syntax VOIP MGCP PROTOCOL SET PROFILE <br />
Description This command sets specific customer MGCP call agent profile. This command is<br />
used to fix interoperability constraints when the MGCP module has to work with<br />
call agent that could differer from a standard implementation. Moreover this<br />
command can set the two standard profiles: none and ncs. The available profiles<br />
are:<br />
• none: basic MGCP based on RFC3435.<br />
• ncs: basic NCS profile<br />
• ags: customization for Lucent AGCS iMerge Call Agent<br />
• audiocodes: customization for Audiocodes Mediant 5000 Call Agent<br />
• gb: customization for General Bandwidth G6 Call Agent<br />
• marconi: customization for Marconi Softswitch Call Agent<br />
• nuera: customization for Nuera Call Agent<br />
• siemens: customization for Siemens Softswitch Call Agent<br />
• sphere: customization for SphereCom Call Agent<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
profile<br />
The specific customer call-agent type.<br />
Possible values are:<br />
ags, audiocodes, gb, marconi, ncs, none,<br />
nuera, siemens or sphere<br />
none<br />
Example --> voip mgcp protocol set profile ncs
418 Chapter 18 – VoIP MGCP<br />
VOIP MGCP PROTOCOL SHOW<br />
Syntax VOIP MGCP PROTOCOL SHOW<br />
Description This command displays basic MGCP module configuration parameters set by the<br />
VOIP MGCP PROTOCOL ENABLE command.<br />
Example --> voip mgcp protocol show<br />
Gateway base protocol: MGCP<br />
---------------------------------------------------------<br />
Profile:<br />
sphere<br />
Supported packages:<br />
Basic, Generic Media,<br />
DTMF, Line<br />
Piggy-Back:<br />
Enable<br />
Network interface:<br />
ip0<br />
Default port: 2427<br />
NAT:<br />
None<br />
Round-trip time:<br />
10000 msecs.<br />
Maximum re-transmition time: 30 secs.<br />
Network loss rate: 0 %<br />
See also VOIP MGCP PROTOCOL ENABLE<br />
VOIP MGCP CALLAGENT CREATE<br />
Syntax VOIP MGCP CALLAGENT CREATE CONTACT <br />
Description This command set the call agent address. More than one call agent can be defined to<br />
increas system robustness in case of server failure.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
host<br />
An arbitrary name that identifies the call<br />
agent. The name must not be present<br />
already.<br />
The name can be a maximum of 16<br />
characters long; cannot start with a digit<br />
and cannot contain dots ʹ.ʹ or slash symbols<br />
ʹ/ʹ.<br />
The hostname or IPv4 address of the call<br />
agent. Host can be a maximum of 256 chars<br />
long (when using hostname format).<br />
N/A<br />
N/A<br />
Example<br />
--> voip mgcp callagent create default contact 192.168.102.3<br />
See also VOIP MGCP CALLAGENT LIST
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 419<br />
VOIP MGCP CALLAGENT DELETE<br />
VOIP MGCP CALLAGENT DELETE<br />
Syntax VOIP MGCP CALLAGENT DELETE <br />
Description This command deletes a previously defined call agent created using the VOIP<br />
MGCP CALLAGENT CREATE command.<br />
To show the list of existing CALLAGENT entries, use the VOIP MGCP<br />
CALLAGENT LIST command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
name<br />
A name (or the ID value) that identifies an<br />
existing call agent. To display the existing<br />
calla agent entries, use the VOIP MGCP<br />
CALLAGENT LIST command.<br />
N/A<br />
Example --> voip mgcp callagent delete default<br />
See also VOIP MGCP CALLAGENT CREATE<br />
VOIP MGCP CALLAGENT LIST<br />
VOIP MGCP CALLAGENT LIST<br />
Syntax VOIP MGCP CALLAGENT LIST<br />
Description This command lists information about CALLAGENT entries added using the VOIP<br />
MGCP CALLAGENT CREATE command.<br />
The following information is displayed:<br />
• Call agent ID numbers<br />
• Call agent names<br />
<br />
Note: If a call agent name is longer than 32 chars, the name is shown in a short<br />
format (only the initial part of the name is displayed).<br />
Example --> voip sip fdb list<br />
Gateway call-agents:<br />
ID | Name | Master | Contact<br />
-----|------------|----------|---------------------<br />
1 | default | true * | 172.39.1.201<br />
---------------------------------------------------
420 Chapter 18 – VoIP MGCP<br />
See also VOIP MGCP CALLAGENT CREATE<br />
VOIP MGCP CALLAGENT SHOW
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 421<br />
Chapter 19<br />
VoIP QoS and Media<br />
Introduction<br />
SIP and H323 VoIP signalling protocols typically make use of unreliable transport<br />
protocols like UDP to transfer media information as voice packets. This<br />
transportwasn’t originally designed to transport data for real time applications.<br />
In a multiapplication network environment were traffic typology can be very<br />
variable, real time applications can suffer packet delay and latency due to<br />
overloading of network devices. This candegrade the voice quality (and video)<br />
received from the end user.<br />
On the AT-RG613, AT-RG623 and AT-RG656 Residential Gateway itʹs possible to<br />
assign to the voice/video media packets a high Quality Of Service value in order to<br />
force routers and switches to forward these packets with higher priority compared<br />
to the other type of packets simultaneously passing through the same network<br />
devices.<br />
QoS<br />
To assign a specific priority to the originated voice packets, itʹs possible to specify<br />
the DSCP field value or TOS field value inside the UDP packets used to tranport<br />
voice streams and voice signalling.<br />
The command VOIP QOS SET DSCP is used to set the DSCP value while the VOIP<br />
QOS SET TOS command is used to set the TOS value.<br />
DSCP and TOS are mutually esclusive because they refers to the same IP Header<br />
field using only a different number of bits (3 bits in case of TOS, 6 bits in case of<br />
DSCP) and assigning different packet classification accordingly to the TOS or DSCP<br />
value.
422 Chapter 19 – VoIP Media and QoS<br />
Media<br />
AT-RG613, AT-RG623 and AT-RG656 can be configured to use a specific pool of<br />
ports for media transport.<br />
In this way it is always well known which ports are being used by the system,<br />
making it possible to open the correct firewall ports when media packets must cross<br />
security interfaces.<br />
To configure the RTP pool ports, set the starting port number and the port range<br />
using VOIP MEDIA SET PORTRANGE command. The ports specified by this<br />
command are the RTP ports used as Source Port for outgoing packets and also they<br />
are the ports where incoming RTP packets are expected to be received.<br />
RTCP is also supported as a configurable parameter used to control RTP session.<br />
Itʹs also possible set the Residential Gateway to detect if an incoming RTP flow is<br />
still present or not (e.g. the other end-point was abruptly disconnected or network<br />
has critical problems) forcing the call release if no RTP packet flow has been<br />
detected for the current call for a time longer than the specified observation period.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 423<br />
VoIP QoS Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG 623 and<br />
AT-RG656 Residential Gateway to configure and manage the VoIP QoS module.<br />
VoIP QoS CLI commands<br />
The table below lists the VOIP QOS commands provided by the CLI:<br />
Command<br />
VOIP QOS SET DSCP<br />
VOIP QOS SET TOS<br />
VOIP QOS SHOW<br />
VOIP QOS SET DSCP<br />
Syntax VOIP QOS SET {DSCP | NONE}<br />
Description<br />
This command sets the value of the dscp field in the IP header of RTP voice packets.<br />
<br />
To disable DSCP support (i.e. remove any previous configuration perfomed on<br />
DSCP field on signalling and speech packes) use the VOIP QOS SET NONE<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
dscp-code<br />
The value of dscp field. Acceptable value are<br />
from 0 to 63<br />
none<br />
Example --> voip qos set dscp 24<br />
See also VOIP QOS SET TOS<br />
VOIP QOS SET TOS<br />
Syntax VOIP QOS SET {TOS | NONE}<br />
Description This command sets the value of the tos field in the IP header of RTP voice packets.
424 Chapter 19 – VoIP Media and QoS<br />
<br />
To disable TOS support (i.e. remove any previous configuration perfomed on<br />
TOS field on signalling and speech packes) use the VOIP QOS SET NONE<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
tos<br />
The value of tos field. Acceptable value are<br />
from 0 to 7<br />
none<br />
Example --> voip qos set tos 4<br />
See also<br />
VOIP QOS SET DSCP<br />
VOIP QOS SHOW<br />
Syntax VOIP QOS SHOW<br />
Description<br />
This command shows the value of DSCP and TOS fields used in the IP header of<br />
RTP voice packets.<br />
Example --> voip qos show<br />
Gateway Quality of Service:<br />
-------------------------------------<br />
QOS (DSCP): 24<br />
(TOS):<br />
none<br />
See also VOIP QOS SET DSCP<br />
VOIP QOS SET TOS
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 425<br />
VoIP Media Command <strong>Reference</strong><br />
This section describes the commands available on the AT-RG613, AT-RG 623 and<br />
AT-RG656 Residential Gateway to configure and manage the VoIP Media module.<br />
VoIP Media CLI commands<br />
The table below lists the VOIP MEDIA commands provided by the CLI:<br />
Command<br />
VOIP MEDIA SET PORTRANGE<br />
VOIP MEDIA SET RTCP<br />
VOIP MEDIA SET SESSIONTIMEOUT<br />
VOIP MEDIA SHOW<br />
VOIP MEDIA SET PORTRANGE<br />
Syntax VOIP MEDIA SET PORTRANGE {ANY | }<br />
Description This command sets the port pool available for media transport. Ports are<br />
dynamically allocated in pairs to support new connections; the odd-numbered port<br />
is reserved for RTCP. If the port pool is sold out, new sessions will be refused for<br />
lack of available resource.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
any<br />
ipport<br />
n-ports<br />
any sets the default port range<br />
ipport is theUDP/TCP port number being<br />
set. The range is 1026 to 65534. The value<br />
specified must be an even number..<br />
n-ports are the number of ports. The range is<br />
2 to 32 .; The value specified has to be an<br />
even number.<br />
50600<br />
32<br />
Example --> voip media set portrange 50500/12<br />
See also VOIP MEDIA SET RTCP<br />
VOIP MEDIA SET RTCP<br />
Syntax VOIP MEDIA SET RTCP {OFF | ON }
426 Chapter 19 – VoIP Media and QoS<br />
Description This command enables RTCP.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
off Turn off the RTCP support. off<br />
on<br />
Enable the RTCP support.<br />
Example --> voip media set rtcp on<br />
See also<br />
VOIP MEDIA SET DSCP<br />
VOIP MEDIA SET SESSIONTIMEOUT<br />
Syntax VOIP MEDIA SET SESSIONTIMEOUT <br />
Description This command sets the maximum timeout interval used to detect a fail in the<br />
incoming RTP speech packets. If no RTP packet is received on the UDP port used by<br />
the active call for a time longer than the SESSIONTIMEOUT value, the other<br />
endpoint is considered disconnected and the active call is released.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command and a default value (if applicable).<br />
Option Description Default Value<br />
min<br />
The SESSIONTIMEOUT value expressed in<br />
minutes.<br />
Available values are form 0 mins to 1440<br />
mins (24 hours).<br />
0 mins is equivalent to disable the<br />
SessionTimeOut feature.<br />
0<br />
Example --> voip media set sessiontimeout 1<br />
See also VOIP MEDIA SHOW<br />
VOIP MEDIA SHOW<br />
Syntax VOIP MEDIA SHOW<br />
Description This command shows the media values defined by the VOIP MEDIA SET<br />
PORTRANGE or VOIP MEDIA SET RTCP commands.<br />
Example --> voip media show<br />
Gateway Media:<br />
----------------------------------------------<br />
Port range: 50600/32<br />
RTCP enable:<br />
on
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 427<br />
RTP session time-out:<br />
1 Mins.<br />
See also VOIP MEDIA SET PORTRANGE<br />
VOIP MEDIA SET RTCP<br />
VOIP MEDIA SET SESSIONTIMEOUT
428 Chapter 18 – VoIP MGCP
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 429<br />
Chapter 20<br />
ZTC<br />
Introduction<br />
Wide Area Networks consist of a lot of components (hubs, switches, routers,<br />
residential gateways, set top boxes, PCs) that need to be configured.<br />
The number of components can be very high and often the configuration of these<br />
devices to get them up and running requires a lot of work for network<br />
administrators.<br />
As a result, network administrator operations can be very expensive and in-field<br />
configuration takes a lot of time.<br />
The Zero Touch Configurator (ZTC) is a tool designed to enable a network<br />
administrator to configure and manage network devices remotely and automatically<br />
without end-user intervention.<br />
The Zero Touch Configuration is able to update image software and unit<br />
configuration on multiple devices simultaneously, so administrators can avoid<br />
having to connect to each device separately and repeat the same sequence of actions<br />
for each of them.<br />
Functional blocks<br />
The ZTC is a component-based application, which consists of different logical blocks<br />
that can be distributed on independent runtime environments or machines (see<br />
Figure 23).
430 Chapter 20 - ZTC<br />
ZTC Shell<br />
RMI<br />
HTTP<br />
ZTC Web<br />
Interface<br />
RMI<br />
ZTC Server<br />
LDAP<br />
LDAP Server<br />
WEB Browser<br />
RMI<br />
TFTP plugin<br />
file system<br />
TFTP<br />
TFTP Server<br />
ZTC Client<br />
Figure 23. ZTC network architecture.<br />
ZTC Network Architecture<br />
The ZTC Network Architecture consists of the following parts:<br />
• An LDAP directory service in which data is stored.<br />
• The ZTC Server, that contains all the application logic for:<br />
• User authentication and authorisation<br />
• Data consistency and syntax checking when requesting to add a new device<br />
configuration<br />
• Application logic for creating new configuration scripts<br />
• Application logic to execute commands on the device<br />
• Data Access Object layer to access the data tier<br />
• Several protocols for supporting different kind of clients<br />
• The ZTC WEB Interface. This application lest users interact with the ZTC Server.<br />
Through this interface they can view or update existing configurations, or add<br />
new ones.<br />
• The ZTC Embedded Client. This client is installed on the devices to communicate<br />
with the ZTC Server. Typically, the devices connect to ZTC Server to perform the<br />
following operations:<br />
• Communicate their actual configuration to ZTC Server<br />
• Download, if existing, new configurations from ZTC Server<br />
• The ZTC Shell can be created for testing, not for operational use. Through the<br />
ZTC-Shell, all the main operations can be performed (read, write, user<br />
management). It’s possible to access the ZTC-Server from the ZTC-Shell.<br />
The components of ZTC are independent, and they can run on different machines<br />
and platforms, in a three-tiered architecture fashion.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 431<br />
The core of the application is the ZTC Server. It manages the dialogue with the<br />
directory service backend and performs all operations on data. The ZTC WEB<br />
Interface, used to interact with the ZTC Server, is decoupled from the ZTC server,<br />
and can run on different machines.<br />
ZTC Client<br />
The ZTC Embedded Client, or, shortly, the ZTC Client, is the module running on<br />
the Residential Gateway in charge to communicate with the ZTC server.<br />
ZTC client works accordingly to the so-called ʺConfiguration PULLʺ method. ZTC<br />
Client is in charge to contact the ZTC server passing the current configuration, the<br />
unit identifier and retrieves the new configuration if necessary. ZTC server has the<br />
responsibility to allow the download only of the correct configuration file<br />
depending on the unit identifier (the unit MAC address) and on the configuration<br />
rules defined inside the ZTC Server.<br />
The following three ZTC Client – ZTC Server communication phases are possible:<br />
• Pull-at-startup – This phase is executed when the unit startup.<br />
• Scheduled-pull. - This phase is executed every time the ztcclient polling timeout<br />
expires.<br />
ZTC Client and ZTC Server communicate through TFTP protocol.<br />
The ZTC server IP address con be configured in the ZTC client module in two ways:<br />
statically or dynamically.<br />
• When a static configuration is used, the ZTC Server IPv4 address is defined<br />
explicitly using the ztcclient enable static ztcserveraddr command. This command<br />
set the server IP address that will be used by all the next queries and also turns on<br />
the ztcclient module forcing the module to query the server to retrieve the unit<br />
configuration file.<br />
• When a dynamic configuration is used, the ZTC client module is bind to an<br />
existing IP interface using the ztcclient enable dynamic listeninterface command.<br />
In this way the ZTC client module uses the facilities offered by the dhcpclient<br />
module to force the IP interface to ask to an external DHCP server the ZTC Server<br />
address. When the ZTC client needs to know the ZTC Server address, a DHCP<br />
request is generated by the IP interface requesting a value for option 67 ʺbootfilenameʺ.<br />
The ZTC Client module as ZTC Server IP address uses the value returned<br />
by the DHCP server for option 67.<br />
Similarly to the static configuration, ztcclient enable dynamic listeninterface<br />
command turns on the ztcclient module forcing the module to query the server to<br />
retrieve the unit configuration file.<br />
<br />
ZTC client can be enabled dynamically only if the IP interface where it is<br />
bind, itʹs a dynamic IP interface. Attempting to enable ZTC client module<br />
dynamically on a static IP interface results is an error.
432 Chapter 20 - ZTC<br />
Storing Unit Configuration<br />
The configuration file downloaded from ZTC server is never stored permanently<br />
into the unit flash file system. This solution prevents memory flash failure when too<br />
many write requests are executed.<br />
If the unit restarts, it loses the previous downloaded configuration and starts from<br />
the bootstrap configuration. This behavior allows network administrator to control<br />
the unit configuration based only on the configuration file defined by the ZTC<br />
server framework.<br />
When ZTC Client is enabled, the current running configuration is the result of the<br />
bootstrap configuration plus the unit configuration downloaded from ZTC server.<br />
Any action that save permanently the configuration (e.g. the system configuration save<br />
command) could change the bootstrap configuration file and therefore the resulting<br />
configuration when ZTC Client runs could be unpredictable.<br />
<br />
When ZTC client is enabled, the CLI is locked. To unlock it, press the ʺ+ʺ<br />
key. Unlocking the CLI stops the ZTC client module.<br />
Pull-at-startup<br />
Figure 24<br />
shows the Pull-at-startup phase executed by the ZTC client module when<br />
the Residential Gateway boostraps.<br />
• Considering a scenario where ZTC Client is bind to a dynamic IP interface,<br />
during the bootstrap process, the Residential Gateway uses the facilities provided<br />
by the DHCP client module to setup the IP interface configuration.<br />
• The dynamic IP interface receives the new network configuration and the ZTC<br />
server address in the ʺbootfile-nameʺ DHCP option.<br />
• As soon the network is configured, the ZTC Client runs.<br />
• The ZTC Client contacts the ZTC server, passing in the parameters list the<br />
Residential Gatewayʹs MAC address, the application filename and a value<br />
derived from the current running configuration (that, at boostrap, it is null).<br />
These information define the current device status.<br />
• The ZTC server checks if there is a configuration for the Residential Gateway<br />
looking for the device MAC address into the LDAP server, and if necessary, it<br />
returns the configuration file to the device.<br />
• The device executes the configuration file and starts the ZTC client timeout. The<br />
timeout defines the polling period before ZTC Server will be contacted.<br />
• When the timeout expires the Scheduled-pull phase is executed.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 433<br />
Residential<br />
Gateway<br />
DHCP<br />
server<br />
ZTC Server<br />
LDAP<br />
Database<br />
NULL<br />
Unit<br />
Bootstrap<br />
Setup Dyn<br />
Interface<br />
DHCP Request<br />
DHCP Ack<br />
(ZTC Server address)<br />
Start<br />
ZTCClient<br />
TFTP Read Request<br />
• <strong>Software</strong> Release: <br />
• Unit Identifier: <br />
• Current Unit Config: null<br />
Retrieve Configuration File<br />
TFTP Data Packets<br />
(unit configuration commands list)<br />
Configuration File<br />
Run new conf.<br />
Start ZTC<br />
timeout<br />
ZTC idle<br />
Figure 24. Pull-at-Startup ZTC phase.<br />
Scheduled-pull<br />
Figure 25<br />
shows the Scheduled-pull phase executed by the ZTC client module when<br />
the ztcclient polling timeout expires.<br />
• The ZTC Client contacts the ZTC server, passing in the parameters list the<br />
Residential gateway MAC address, the application filename and the hash key<br />
derived from the current running configuration. These information define the<br />
actual state of the device.<br />
• The ZTC server checks if there is a configuration for the Residential Gateway<br />
looking for the device MAC address into the LDAP server, and if necessary, it<br />
returns the configuration file to the device.<br />
• When the device receives the new configuration, it reboots in order to execute the<br />
new configuration starting from a ʺwell knownʺ status: the boostrap<br />
configuration.
434 Chapter 20 - ZTC<br />
• Because the Residential Gateway never stores the configuration downloaded<br />
from ZTC server, the ZTC client contacts again the ZTC server and execute<br />
exactly the same procedure defined in the Pull-at-startup phase.<br />
Residential<br />
Gateway<br />
ZTC Server<br />
LDAP<br />
Database<br />
ZTC idle<br />
ZTC Timeout<br />
expires<br />
Start<br />
ZTCClient<br />
TFTP Read Request<br />
• <strong>Software</strong> Release: <br />
• Unit Identifier: <br />
• Client Config: current config<br />
Retrieve Configuration File<br />
Configuration File<br />
compare Client<br />
config with<br />
LDAP config<br />
ABORT TFTP<br />
Yes<br />
Is it the<br />
same?<br />
No<br />
TFTP Data Packets<br />
(unit configuration commands list)<br />
Unit<br />
restart<br />
Start<br />
ZTCClient<br />
TFTP Read Request<br />
• <strong>Software</strong> Release: <br />
• Unit Identifier: <br />
• Client Config: null<br />
Retrieve Configuration File<br />
TFTP Data Packets<br />
(unit configuration commands list)<br />
Configuration File<br />
Run new conf.<br />
Start ZTC<br />
timeout<br />
ZTC idle<br />
Figure 25.<br />
Scheduled-pull ZTC phase.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 435<br />
ZTC Command reference<br />
This section describes the commands available on the AT-RG613, AT-RG623 and<br />
AT-RG656 Residential Gateway to configure and manage the ZTC Client module.<br />
ZtcClient commands<br />
The table below lists the ztcclient commands provided by the CLI:<br />
Command<br />
ZTCCLIENT ENABLE DYNAMIC<br />
ZTCCLIENT ENABLE STATIC<br />
ZTCCLIENT DISABLE<br />
ZTCCLIENT SHOW<br />
ZTCCLIENT SET<br />
ZTCCLIENT UPDATE<br />
ZTCCLIENT ENABLE DYNAMIC<br />
Syntax ZTCCLIENT ENABLE DYNAMIC LISTENINTERFACE <br />
Description This command enables the ztcclient and bind it on an existing dynamic IP interface.<br />
This command automatically creates a specific configuration rule that applies to the<br />
IP interface in order to force the dhcpclient module to request the ZTC server<br />
address inside the option list of the DHCP discover request sent to the external<br />
DHCP server.<br />
<br />
This command requests that is defined as dynamic interface,<br />
thus it must have the DHCP flag enabled.<br />
To apply changes to the ZTC client module and turn on it, use the ztcclient update<br />
command.<br />
Options The following table gives the range of values for each option, which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
ipinterface<br />
The name of an existing IP interface.<br />
To see the list of existing interfaces, use the<br />
IP LIST INTERFACE command.<br />
N/A<br />
Example --> ztcclient enable dynamic listeninterface ip0<br />
See also ZTCCLIENT DISABLE
436 Chapter 20 - ZTC<br />
ZTCCLIENT ENABLE STATIC<br />
Syntax ZTCCLIENT ENABLE STATIC ZTCSERVERADDR <br />
Description This command enables the ztcclient, and set the ZTC Server IP address.<br />
To apply changes to the ZTC client module and turn on it, use the ztcclient update<br />
command.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
ztcserveraddr<br />
The IP address of the interface used to<br />
connect to the ZTC Server.<br />
The IP address must be specified in IPv4<br />
format (e.g. 192.168.102.3)<br />
N/A<br />
Example --> ztcclient enable static ztcserveraddr 192.168.102.3<br />
See also ZTCCLIENT DISABLE<br />
ZTCCLIENT DISABLE<br />
Syntax ZTCCLIENT DISABLE<br />
Description This command disables the ztcclient module.<br />
Example --> ztcclient disable<br />
See also ZTCCLIENT ENABLE<br />
ZTCCLIENT SHOW<br />
Syntax ZTCCLIENT SHOW<br />
Description This command shows the ZTC client configuration parameters.<br />
Example The following example shows the ZTC client parameters when a dynamic<br />
configuration is set.<br />
ZTC CLIENT CONFIGURATION<br />
- GENERAL PARAMETERS<br />
enabled: false<br />
dynamic: true<br />
configuration timeout: 60 seconds<br />
server address in use: 192.168.1.10<br />
- DYNAMIC CONFIGURATION
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 437<br />
interface: ip0<br />
- STATIC CONFIGURATION<br />
server address for static configuration: 0.0.0.0<br />
ZTCCLIENT SET<br />
Syntax ZTCCLIENT SET CONFIGTIMEOUT <br />
Description This command changes the value of the configtimeout, which is the polling time<br />
interval before the ZTC client contacts the ZTC Server to check if a new<br />
configuration is available.<br />
Options The following table gives the range of values for each option which can be specified<br />
with this command, and a default value (if applicable).<br />
Option Description Default Value<br />
configtimeout<br />
The time that the ztcclient module stays in<br />
standby before checking the system<br />
configuration against the ztc server<br />
configuration.<br />
Acceptable values are from 20 to 65535 secs<br />
60<br />
Example --> ztcclient set configtimeout 30<br />
ZTCCLIENT UPDATE<br />
Syntax ZTCCLIENT UPDATE<br />
Description This command saves the changes made with ZTCCLIENT SET CONFIGTIMEOUT<br />
and ZTCCLIENT ENABLE DYNAMIC or ZTCCLIENT ENABLE DYNAMIC<br />
commands and turn on the polling timeout.<br />
Example --> ztcclient update
438 Chapter 21 – <strong>Software</strong> Update<br />
Chapter 21<br />
<strong>Software</strong> Update<br />
Introduction<br />
AT-RG600 Residential Gateway software consists of the system application file<br />
(named image) plus additional support files.<br />
All these files are stored permanently into the system flashfs file system and loaded<br />
during the unit bootstrap.<br />
During normal operation mode, to prevent file system corruption, the flashfs file<br />
system is never access directly. Programs that access (read or write) files stored into<br />
flashfs file system, use a copy of the flashfs file system, named isfs (see chapter 1),<br />
running into RAM.<br />
If the unit is powered off, all the changes made into the isfs file system are lost. To<br />
save permanently the contents of the isfs file system into flashfs file system, use the<br />
system configuration save command.<br />
To upgrade the AT-RG600 software, upload a new file or download an existing file,<br />
itʹs possible use one of the following solutions depending on the type of upgrade<br />
requested:<br />
• using FTP<br />
• using TFTP<br />
• using the Windows based Loader application<br />
• using the SwUpdate client module
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 439<br />
FTP server<br />
AT-RG600 Residential Gateway implements an internal FTP server that provides<br />
access to the isfs file system.<br />
FTP connection is used typically to download into the Residential Gateway a new<br />
image file but can be used also to retrieve or to download configuration and support<br />
files too.<br />
To connect the FTP module, simply use a FTP client application and login with the<br />
same username and password used for telnet access.<br />
When connected, itʹs possible browse the isfs file system with the ftp LIST<br />
command.<br />
<br />
When the ftp connection is closed, the content of isfs is copied back into flashfs<br />
and the unit is forced to reboot in order to restart from the new application<br />
code (or with the new configuration files).<br />
TFTP server<br />
Similarly to FTP, AT-RG600 Residential Gateway support also an internal TFTP<br />
server that provide access both to flashfs and isfs file system.<br />
TFTP is a file transfer protocol that is based on UDP transport protocol and<br />
therefore it less reliable than ftp. There is no connection control, but only packets<br />
acknowledge and packet retransmission.<br />
TFTP connection is used typically to download or retrieve configuration and<br />
support files. Differently for FTP, when a file is loaded into the Residential Gateway<br />
using the tftp facility, it doesnʹt result in a system restart when the connection is<br />
closed. Each TFTP connection is protected against uncontrolled access, using the<br />
same name defined for SNMP community write.<br />
To retrieve or download a file from/to the Residential gateway itʹs necessary unlock<br />
the TFTP server sending (TFTP write request command) a special command file<br />
having filename ʺtftplock.keyʺ. This file is a simple ASCII file that includes the TFTP<br />
password without any encryption.<br />
Then, itʹs possible request or sends the configuration file.
440 Chapter 21 – <strong>Software</strong> Update<br />
TFTP Client<br />
TFTP Write Request: tftplock.key<br />
TFTP Write Request: filename<br />
TFTP Data<br />
or<br />
TFTP Read Request: filename<br />
TFTP Data<br />
Figure 26. Access to the Residential Gateway TFTP server.<br />
<br />
The maximum file size that can be downloaded into the Residential Gateway<br />
is 8kbyte. To download files larger than 8kbyte use the FTP service.<br />
Windows Loader<br />
To upgrade the AT-RG600 Residential Gateway a special Windows based<br />
application has been developed: the Loader.<br />
The loader uses the TFTP services provided by the Residential Gateway to<br />
download on the unit the application file plus all the other support files avoiding<br />
the user to download each file separately.<br />
The loader can be used to upgrade an existing software version or can be used to<br />
download a new complete software release if the Residential Gateway is running in<br />
recovery mode.<br />
When the Loader is used to upgrade the Residential Gateway from a previous<br />
software release, all the existing configuration files are kept.<br />
When using the Loader, the IP address of the residential Gateway must be selected<br />
and the SNMP community write name is requested as session password (see Figure<br />
27).
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 441<br />
Figure 27. The Windows Loader<br />
SwUpdate module<br />
FTP, TFTP and Windows Loader are three upgrade solutions based on external<br />
client applications that typically require user manual operation or the development<br />
of dedicated script files.<br />
SwUpdate module is a basic FTP client module running on the Residential Gateway<br />
that contacts periodically a TFTP server and retrieves from it the required software<br />
or support files.<br />
In order to maintain backward compatibility with existing upgrade solutions,<br />
SwUpdate is able to manage software upgrades similarly to the DHCPCONF<br />
feature available on AT-RG200 Residential Gateway family.<br />
SwUpdate retrieves the TFTP Server address from a specific option (option 66 tftpserver-name)<br />
passed by the external DHCP server to the Residential Gateway IP<br />
interface.<br />
It then uses the path passed as filename string to navigate into the TFTP server.<br />
In order to distinguish the correct DHCP Offer (in case more than one DHCP server<br />
is present in the network), the Residential Gateway will consider only DHCP Offers<br />
that include the option 60 (dhcp-class-identifier) with one of the following possible<br />
values depending on the product code:<br />
ʺRG603ʺ
442 Chapter 21 – <strong>Software</strong> Update<br />
ʺRG613TXʺ<br />
ʺRG613TXJʺ<br />
ʺRG613SHʺ<br />
ʺRG613LHʺ<br />
ʺRG613BDʺ<br />
ʺRG623TXʺ<br />
ʺRG623SHʺ<br />
ʺRG623LHʺ<br />
ʺRG623BDʺ<br />
ʺRG656TXʺ<br />
ʺRG656BDʺ<br />
ʺRG656LHʺ<br />
ʺRG656SHʺ<br />
SwUpdate is designed to download only the files that differ or are not present into<br />
the Residential Gateway file-system.<br />
Residential<br />
Gateway<br />
DHCP<br />
Server<br />
TFTP<br />
Server<br />
NULL<br />
Unit<br />
Bootstrap<br />
DHCP Request:<br />
option 66 tftp-server-name<br />
option 60 dhcp-class-identifier<br />
DHCP Offer:<br />
filename: <br />
option 66: <br />
option 60: dhcp-class-identifier = "rg6xx"<br />
Retrieve TFTP list file: MD5SUM<br />
TFTP files: image, derivedata.dat, im.conf, ...<br />
Unit<br />
restart<br />
Figure 28. DHCPCONF like SwUpdate operation mode.<br />
In order to inform the SwUpdate module about which files it must download from<br />
the TFTP server, a special file named MD5SUM must be created on the TFTP server.
AT-RG 600 Residential Gateway – <strong>Software</strong> <strong>Reference</strong> <strong>Manual</strong> 443<br />
When the SwUpdate module connects to the TFTP server, it retrieves immediately<br />
this file and then it download each file reported by this list.<br />
The MD5SUM file is a list of filename where each file name has associated the MD5<br />
value.<br />
To create the MD5SUM file itʹs possible use the md5sum command available under<br />
standard Linux platforms (free md5sum applications are available also under<br />
Windows Operating System).<br />
If a file reported into the MD5SUM list is already present into the Residential<br />
Gateway file-system with the same MD5 value, the SwUpdate skip this download,<br />
otherwise it will download it.<br />
Example:<br />
Assuming the all the files included in the current directory must be downloaded<br />
into the Residential Gateway, the following command must be used to generate the<br />
MD5SUM file:<br />
root# md5sum * > MD5SUM<br />
the MD5SUM file will list the following informations:<br />
96643c6e3af928990ed42a42dda2c554 cleanup<br />
7cf32ce7ba89ab67f977a71ae5b205cd cliconsole<br />
6d3dabc798da4ec9267615f12d1d2a43 consoleinit<br />
810fd9bbababa67844e75e6846805e65 derived_data.dat<br />
fb32c37e1457fcc1304d9cf74cd19bad dnsrelaylandb<br />
444aa423a8d8a2d74640953ff6537948 image<br />
6400dc3f72433a674f99c5b98aa5dae3 im.conf<br />
026238c689022c21468df407a5daaef6 im.conf.factory<br />
b87817d7b9a6c81cc8570deb9e270f34 im.conf.ztc_enabled_dynamic<br />
24ae0c8518b7a98a5aa1c34563032c42 im.descriptions<br />
1d0c14e81301cb630912790d077b79c0 initbun<br />
08d016fe02cc6bde27110dc453e2b7b5 initbun.eg1004<br />
4634050e6bf5e91d5a5872c3eb08d56a initbun.rg603<br />
1b5498efa91b0d901a1235347b15e407 initbun.rg613<br />
fd1fb4825195c080206104ac0443427f initbun.rg613txj<br />
147e3239ce2f712340fa786f0a55a088 initbun.rg623<br />
d55d9bd33ae47f4ea3acb39ae950a952 initbun.rg656<br />
5ed6d58a9482d7aa0b44ff28a1e8ca7e NPimage<br />
6927f315890f4209b8a406a1ee75595a services<br />
0a48b795c03a4a012d1ba77dd647c307 snmpd.cnf<br />
47abd829e3ccf727f9e8b29cbf52ed1e snmpinit<br />
f9ae2f9ec26a5af37418be160fe67339 translate.tab<br />
5318c5d07deb1c00dd42628b0d6f7af6 version<br />
ea8fd2f8c81724291d1b0bcdb8e93df6 xgate_initbun
444 Chapter 21 – <strong>Software</strong> Update<br />
Plug-and-play<br />
If the Residential Gateway is set with dynamic IP interface and the DHCP server<br />
sends the option 66 tftp-file-name togheter with option 60 (dhcp-class-identifier)<br />
equal to same product code of the Residential Gateway, SwUpdate module sets the<br />
server address to the address specified by the tftp-file-name option and will uses the<br />
TFTP protocol to retrieve the MD5SUM file instead of the FTP protocol.<br />
SwUpdate will change the remote directory on the TFTP server accordingly to the<br />
filename option passed in the DHCP Offer message.<br />
TFTP working directory<br />
SwUpdate is able to navigate into the FTP/TFTP server directory.<br />
The working directory can be specified defining in the SwUpdate module a<br />
parameter named path. It identifies the relative path respect the login home<br />
directory where the SwUpdate module expects to found the files.<br />
For example if the home directory is:<br />
/home/manager<br />
and the Residential Gateway path address is set to:<br />
at-rg600-software-xxx<br />
the working directory will be:<br />
/home/manager/at-rg600-software-xxx
![AT-8100L/8POE-E [Rev B] - Allied Telesis](https://img.yumpu.com/25714603/1/190x245/at-8100l-8poe-e-rev-b-allied-telesis.jpg?quality=85)
Change language