BreezeNET® B130/B300 GigE Operational User Manual Software Version: 1.
Document History Document History Changed Item Description Date First revision Document’s first revision April 2009 Second revision Added BNB 130 November 2009 Third revision Added GigE support July 2010 Alvarion BreezeNET B130/B300 GigE ii Operational User Manual
Legal Rights Legal Rights © Copyright 2010 Alvarion Ltd. All rights reserved. The material contained herein is proprietary, privileged, and confidential and owned by Alvarion or its third party licensors. No disclosure thereof shall be made to third parties without the express written permission of Alvarion Ltd. Alvarion Ltd. reserves the right to alter the equipment specifications and descriptions in this publication without prior notice.
Legal Rights improvements and/or bug fixes, upon availability (the "Warranty"). Bug fixes, temporary patches and/or workarounds may be supplied as Firmware updates. Additional hardware, if required, to install or use Firmware updates must be purchased by the Customer. Alvarion will be obligated to support solely the two (2) most recent Software major releases.
Legal Rights LIMITED TO WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, CORRESPONDENCE WITH DESCRIPTION, NON-INFRINGEMENT, AND ACCURACY OF INFORMATION GENERATED. ALL OF WHICH ARE EXPRESSLY DISCLAIMED. ALVARION' WARRANTIES HEREIN RUN ONLY TO PURCHASER, AND ARE NOT EXTENDED TO ANY THIRD PARTIES.
Important Notice Important Notice This user manual is delivered subject to the following conditions and restrictions: This manual contains proprietary information belonging to Alvarion Ltd. Such information is supplied solely for the purpose of assisting properly authorized users of the respective Alvarion products.
Contents Contents Chapter 1 - Introduction .......................................................................... 1 1.1 General Notes .............................................................................................................3 1.2 IP-Address Format .....................................................................................................4 Chapter 2 - General Purpose Command Set ........................................... 5 2.1 Help Command .................................
Contents Chapter 3 - Layer 2 Command Set - PHY and MAC............................... 36 3.1 Rfconfig Command (Radio Interface Configuration) ............................................38 3.2 MINT (“mint” command) ..........................................................................................42 3.2.1 General Description ..........................................................................................42 3.2.2 General Commands Description .................................................
Contents Chapter 4 - Layer 3 Command Set - IP Networking ............................ 102 4.1 Ifconfig Command (Interfaces Configuration).....................................................104 4.2 Tun Command (Tunnels Building)........................................................................107 4.3 Qm Command (QoS Configuration) .....................................................................111 4.4 Route Command (Static Routes Configuration)..................................................
Contents 4.7.10 Router Running Configuration View................................................................161 4.8 Netstat Command (Network Statistics) ................................................................169 4.9 Ipfw Command (IP Firewall) ..................................................................................171 4.9.1 General Description ........................................................................................171 4.9.2 Packet Filtering Rules .....................
List of Tables List of Tables Table 3-1: “rf stat” output for 5GHz devices ................................................................................ 40 Table 4-1: Compliance Scheme of MINT and IEEE 802.1p Priorities ....................................... 116 Table 4-2: Standard Access Lists.............................................................................................. 126 Table 4-3: Extended Access Lists ................................................................................
List of Figures List of Figures Figure 2-1: Mem Command ........................................................................................................ 35 Figure 3-1: Mint Map Output ....................................................................................................... 55 Figure 3-2: Mint Map Routes Output ........................................................................................... 56 Figure 3-3: Mint Map Swg Output ..................................................
Chapter 1 Introduction
Chapter 1 - Introduction In This Chapter: “General Notes” on page 3 “IP-Address Format” on page 4 Alvarion BreezeNET B130/B300 GigE 2 Operational User Manual
Chapter 1 - Introduction 1.1 General Notes General Notes This manual lists the commands of the WANFleX operating system. For device's management and configuration a Unix-like command line interface is used. Every command is having power right after Enter key is pressed. However, each command lifetime duration is limited within one configuration session. In order to save a current configuration "config save" command is used. Several commands can be grouped in one line using ";" character.
Chapter 1 - Introduction 1.2 IP-Address Format IP-Address Format Many commands of the operating system require specification of IP-addresses. In OS WANFleX, the IP-addressees may be specified in traditional numeric format. Optionally, the mask may be specified either by its bit length (the specified number of leading bits in the mask are set to 1, the remaining bits are reset to 0) or numeric value. The IP-address 0/0 denotes all possible IP-addresses.
Chapter 2 General Purpose Command Set
Chapter 2 - General Purpose Command Set In This Chapter: “Help Command” on page 7 “System Command” on page 8 “Set Command (Time Zone Settings)” on page 11 “Config Command (Configuration Manipulations)” on page 12 “Flashnet Command (Firmware Uploading)” on page 14 “Restart Command” on page 15 “Ping Command” on page 16 “Telnet Command” on page 17 “Tracert Command” on page 18 “Webcfg (Web Interface Support)” on page 19 “Rshd Command (Remote Shell)” on page 20 “Ipstat Command (IP-Statis
Chapter 2 - General Purpose Command Set 2.1 Help Command Help Command The command displays system commands information. Syntax: help Description: Displays the list of all device commands. Executed automatically, if the user types an unknown command.
Chapter 2 - General Purpose Command Set 2.2 System Command System Command The command is used to review and update system parameters. Syntax: system [arguments] Command arguments: system name [system_name] Assigns to the system a new name specified by system_name parameter. If the parameter is not specified, the current system name will be displayed.
Chapter 2 - General Purpose Command Set System Command system password qwerty system prompt any-word Replaces the prompt on the screen with the given any-word of a maximum length of 16 characters. The resulting prompt will look as "Prompt#ttyN>". Example: system prompt MyHost system [no]fastroute Enables/disables the fast routing mode. In this mode the router becomes invisible for traceroute network tracing procedures, while still performing all routing functions.
Chapter 2 - General Purpose Command Set System Command Manages the system log operation. The optional ADDR parameter specifies the UNIX host where the system log is located to which messages are directed under the standard syslog protocol.
Chapter 2 - General Purpose Command Set 2.3 Set Command (Time Zone Settings) Set Command (Time Zone Settings) The command is used for time zone settings manipulations. Automatic summer/winter time switching is supported when time zone is set. Syntax: set TZ TIMEZONE To delete time zone: set TZ Example: set TZ EST+5EDT,M4.1.0/2,M10.5.0/2 set TZ GMT+2 For more details on time zones please visit: http://en.wikipedia.org/wiki/Time_zone.
Chapter 2 - General Purpose Command Set 2.4 Config Command (Configuration Manipulations) Config Command (Configuration Manipulations) This command is used to view, save, export, and import the device configuration. Syntax: config [show | save | clear] config import | export login:password@host/file Description: show Displays the current configuration of the system. Any change of the system parameters may be immediately viewed using the config show command.
Chapter 2 - General Purpose Command Set Config Command (Configuration Manipulations) from which the information is transferred. The file name shall be specified in full, in the format of the remote server's file system. Example: config export user:secret@192.168.1.1/var/conf/test.
Chapter 2 - General Purpose Command Set 2.5 Flashnet Command (Firmware Uploading) Flashnet Command (Firmware Uploading) This command uploads a new version of software. Syntax: flashnet get|put login:password@host/file [-S src addr] Description: Flashnet get loads a new software version into the device from a remote server using FTP.
Chapter 2 - General Purpose Command Set 2.6 Restart Command Restart Command The command performs soft device reset. Syntax: restart [y] restart SECONDS restart stop Description: Full reset and reinitialization of a device. Equivalent to toggling the power switch off and on. May be used to restore initial configuration after a number of unsuccessful attempts to understand what exactly is done wrong, and after loading a new version of software.
Chapter 2 - General Purpose Command Set 2.7 Ping Command Ping Command The command sends test packets. Syntax: ping IP [size|-s size_in_bytes] [count|-c count_packets] [source|-S IP] Description: Sends test packets (ICMP_ECHO_REQUEST) to the given IP-address. Enables to estimate attainability of a host and the destination response time.
Chapter 2 - General Purpose Command Set 2.8 Telnet Command Telnet Command Use telnet protocol to enter a remote host. Syntax: telnet address [port] [-s source] Description: Sets up a connection with a remote host specified by the IP-address in the terminal emulation mode. The telnet command uses transparent symbols stream without any intermediate interpretation; therefore, the terminal type is defined by the terminal from which the command has been executed.
Chapter 2 - General Purpose Command Set 2.9 Tracert Command Tracert Command The command trace attainability of an IP-node. Syntax: tracert [-s SourceAddress] HostAddress Description: Traces the packet transmission path up to the IP node (host), specified by the HostAddress parameter. By default, the sending interface's address is put in the "source address" field of the packets. Using the -s option, any other IP address (SourceAddress) may be substituted for this default address.
Chapter 2 - General Purpose Command Set 2.10 Webcfg (Web Interface Support) Webcfg (Web Interface Support) Web-interface support module. Syntax: webcfg start|stop Description: This command enables/disables Web-interface support on the device. Web-interface allows easy graphical device configuration with the help of a Web-browser.
Chapter 2 - General Purpose Command Set 2.11 Rshd Command (Remote Shell) Rshd Command (Remote Shell) RSH (remote shell) protocol support module. Syntax: rshd {enable | ipstat | disable} RUSER RHOST LUSER rshd start | stop | flush | [-]log Description: The built-in RSH server makes it possible remote command execution using the rsh program. Identification is based on using privileged TCP ports and a list of authorized hosts. By default, the RSH server is disabled.
Chapter 2 - General Purpose Command Set Rshd Command (Remote Shell) CAUTION "rshd ipstat" command disables the allowed rshd user. Log option enables "rshd" service messages to be written into system log. Example: rshd enable admin 195.38.44.1 mysecretuser rshd enable root 195.38.45.
Chapter 2 - General Purpose Command Set 2.12 Ipstat Command (IP-Statistics) Ipstat Command (IP-Statistics) IP statistics gathering module. Syntax: ipstat enable [incoming|outgoing|full] [detail] [SLOTS] | disable ipstat clear ipstat traf [detail] [bytes | total_bytes] ipstat fixit | fixget | fixclear ipstat strict | -strict ipstat add [intf] rules...
Chapter 2 - General Purpose Command Set Ipstat Command (IP-Statistics) If the record table in the router memory overflows, or if there is not enough memory currently available, an appropriate warning is written into the system log, and further statistical data are discarded. If enable "ipstat strict" option has been specified, then at the overflow condition the transit routing is disabled, but the router still responds to any protocol.
Chapter 2 - General Purpose Command Set Ipstat Command (IP-Statistics) statistics gathering including ports and protocols information. Bytes(/total_bytes) option sort ipstat output according to the number of transmitted bytes in the moment(/bytes transmitted for the whole period).
Chapter 2 - General Purpose Command Set 2.13 Sflowagent (Sflow Agent) Sflowagent (Sflow Agent) Sflow Agent is a realization of a standard STP protocol agent.
Chapter 2 - General Purpose Command Set Sflowagent (Sflow Agent) sflow wi[pe] - stops Sflow agent and clears its configuration sflow add[instance] 'name' - adds statistics gathering component (if 'name' parameter is not specified then 'ipstat' component will be used) sflow del[instance] 'name' - deletes statistics gathering component (if 'name' parameter is not specified then 'ipstat' component will be used) sflow stat 'name' - shows statistics for a component (if 'name' parameter is not specified
Chapter 2 - General Purpose Command Set Sflowagent (Sflow Agent) flow -agent=IPaddress - sets agent's own address (device) sflow -maxpacket=size - sets maximum size of a Sflow-packet in bytes. 1472 bytes by default. Upper bound is limited by hardware and operational system capabilities. In case of its exceeding packet size will be decreased to acceptable value. sflow -interval=number - time in seconds equal to interval with which statistics is delivered from instance.
Chapter 2 - General Purpose Command Set 2.14 Acl Command (Access Control Lists) Acl Command (Access Control Lists) Access Control Lists. Syntax: acl add $NAME TYPE params... acl del $NAME [params...] acl ren $NAME1 $NAME2 acl flush Possible TYPES: net num Predefined ACL names: $ACLOCAL - Hosts (networks) permitted to configure the device. Command description While network planning you may often need to group similar parameters in lists which can be used for different filters (e.g. ipfw, qm, ipstat).
Chapter 2 - General Purpose Command Set Acl Command (Access Control Lists) Lists of net type optimize their parameters by excluding duplicates and by having the feature that enables bigger networks include smaller networks. For example, if the list contained 1.1.1.1 parameter, when you include 1.1.1.0/24 parameter in the list 1.1.1.1 will be excluded. Example: acl add $LIST1 net 10.0.0.0/8 192.168.0.0/16 5.5.5.5 acl del $LIST1 5.5.5.
Chapter 2 - General Purpose Command Set 2.15 Sntp Command Sntp Command SNTP parameters management. SNTP support developed in WANFleX lets the system to synchronize the time with configured NTP server using fourth version of SNTP protocol RFC 2030. Client works in unicast server request mode in certain time range.
Chapter 2 - General Purpose Command Set Sntp Command Example: sntp stop Parameters: The parameters can be set using any sequence with or without the command itself. server Using the server parameter, you can set the IP-address of your NTP server. Example: sntp -server=9.1.1.1 interval Using the interval parameter, one can set the time value (in seconds) defining client's periodicity of NTP server requesting. 3600 by default.
Chapter 2 - General Purpose Command Set 2.16 Date Command Date Command Date and time management. This command shows or sets the date and time in WANFleX system. Syntax: date [[[[[cc]yy]mm]dd]HH]MM[.ss]] cc - Century (is added before Year) yy - Year in abbreviated form (i.e. 89 for 1989, 05 for 2005) mm - Month in numeric form (1 to 12) dd - Day (1 to 31) HH - Hour (0 to 23) MM - Minute (0 to 59) ss - Second (0 to 61 - 59 plus maximum two leap seconds) Example: date 200402100530.
Chapter 2 - General Purpose Command Set 2.17 License Command License Command This command manages operations with a license file on the device. Syntax: license [options] Options are: --install= - install new license --export= - export current license to external server --show - show license info = ftp://[login[:password]@]host/file Description: Install option uploads license file into the device from a remote server using FTP.
Chapter 2 - General Purpose Command Set 2.18 Dport Command Dport Command Syntax: dport BAUD Description: This command sets a bitrate of the console port. Available values are: 9600, 19200, 38400, 57600, 115200 Bit/sec. Default value is 38400 Bit/sec.
Chapter 2 - General Purpose Command Set 2.19 Mem Command Mem Command Syntax: mem Description: This command show statistics for allocated device memory, network buffers, queues and drops on interfaces. Command output is described in the picture below.
Chapter 3 Layer 2 Command Set - PHY and MAC
Chapter 3 - Layer 2 Command Set - PHY and MAC In This Chapter: “Rfconfig Command (Radio Interface Configuration)” on page 38 “MINT (“mint” command)” on page 42 “Ltest (Radio Link Test)” on page 61 “Muffer Command (Environment Analyzer)” on page 66 “Arp Command (ARP Protocol)” on page 74 “Macf Command (Addresses Mapping)” on page 76 “Switch Command” on page 79 “Dfs (Dynamic Frequency Selection)” on page 99 Alvarion BreezeNET B130/B300 GigE 37 Operational User Manual
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.1 Rfconfig Command (Radio Interface Configuration) Rfconfig Command (Radio Interface Configuration) The command is used to configure a radio module. Syntax: rf interface parameters... Interface rf5.0 parameters: band XXX: bandwidth (MHz) - {double (40)|full (20)|half (10)|quarter (5)} freq XXX: central frequency bitr XXX: bitrate (Kbps) sid XXX: system identifier - up to 8 hex digits.
Chapter 3 - Layer 2 Command Set - PHY and MAC Rfconfig Command (Radio Interface Configuration) bitr XXX: the bit transfer rate (in Kbit/s) of the radio link.
Chapter 3 - Layer 2 Command Set - PHY and MAC Rfconfig Command (Radio Interface Configuration) higher than Noise Floor Threshold. See Noise Floor and Noise floor Threshold values with "rf IFNAME stat" command. Commands Description: statistics: displays current values of the radio module's statistics with 1 sec interval.
Chapter 3 - Layer 2 Command Set - PHY and MAC Rfconfig Command (Radio Interface Configuration) Table 3-1: “rf stat” output for 5GHz devices Parameter Description Aggr Subframe Retries Number of packet drops in an aggregate due to protocol excesses (for transmission) Aggr Full Retries Number of duplicate aggregates transmitted Max aggr frames Maximal detected number of packets in an aggregate Max aggr bytes Maximal detected bytes in an aggregate Encrypted frames Number of successfully encrypted
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) 3.2 MINT (“mint” command) 3.2.1 General Description MINT - Microwave Interconnection NeTworks - architecture gives a functionality to present a radio interface of a unit (as well as a network connected to it) as a traditional Ethernet in a bus topology. Therefore the unit can have several Ethernet interfaces and several pseudo-interfaces (tun, ppp, null etc).
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) mint IFNAME addnode -mac X:X:X:X:X:X [-key STRING] [-note STRING] [-maxrate XX] [-lip X.X.X.X] [-tip X.X.X.X] [-mask X.X.X.X] [-lgw X.X.X.X] [-tgw {X.X.X.X | none}] [-lcost XX] [-tcost XX] [{-setpri | -addpri} NN | -1] [-disable | -enable | -delete] mint IFNAME addnode [-defgw X.X.X.X] [-defmask X.X.X.X] mint IFNAME delnode -mac X:X:X:X:X:X mint IFNAME map [routes | full | swg] [detail] [-m] mint IFNAME monitor [-s] [-i SEC] [MAC [MAC ...
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) SLAVE: Can connect to the node with master type. When connection is lost, the device attempts to restore the connection to the master node. NOTE When the node's type is switched to slave the following configuration changes are performed automatically: the "roaming enable" mode is enabled and a roaming profile is created with current rf5.0 settings.
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.2.2.4 MINT (“mint” command) Setting Node Name Syntax: mint IFNAME -name NAME The command sets the name for the node. Node name will be displayed in "mint map" set of commands. Node name should not exceed 16 characters. Spaces in the node name are accepted if put between quotation marks. Example: mint rf5.0 -name My_node mint rf5.0 -name "Master Unit" 3.2.2.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) Example: mint rf5.0 poll start ub=250 3.2.2.6 Switching to Automatic Bitrate Control Mode Syntax: mint IFNAME -[no]autobitrate [+/-DB] Enables/disables an automatic speed management mode.
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.2.2.7 MINT (“mint” command) Setting Signal Levels Thresholds Syntax: mint IFNAME [-loamp XX] [-hiamp XX] loamp. This option sets the minimal signal level for the neighbor. Signal level is measured in dB above the noise threshold for the current bitrate. If the level gets lower than specified value the connection with a neighbor will be lost. Default value is 2. The possible range is 0 to 6. hiamp. This option sets the minimal SNR for a new neighbor.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) procedures. The same key should be specified in the settings of the connecting unit ("mint IFNAME -key"). lip. Local IP-address. This address will be assigned to this unit when the connection with a remote is established tip and mask. Target IP-address and mask. This address will be assigned to the remote side when a connection is established. The mask is applied to both Local IP and Target IP.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) mint rf5.0 addnode -mac 000028BAF234 -lip 1.1.1.1 -tip 1.1.1.2 -mask 255.255.255.252 -lcost 120 For easy nodes definition in the local database "mint addnode" command is updated with two options: "-defgw X.X.X.X" "-defmask X.X.X.X". -defgw X.X.X.X. Sets default gateway. -defmask X.X.X.X. Set default mask. When mask or gateway values are not defined for the defining node then default gateway or default mask will be used for this node.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) mint rf5.0 start The following command resets the MINT configuration to default and stops the transmission: mint rf5.0 clear To make the unit transmit again it is necessary to enter "mint rf5.0 start". 3.2.2.11 MINT Log Settings The following command is used to control log settings for MINT protocol: mint IFNAME -[no]log [detail] Three different modes are available: No logging. "-nolog" option is used Limited logging.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) mint IFNAME -authmode {public | static | remote} The command sets the type of nodes authentication. There are three types of nodes authentication available: public - all nodes have the same key (password) for access. The simplest case of authentication. It can be used for small workgroups, point-to-point connections, mass public access networks and for MINT architecture testing purposes.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) The information about SNMP relay will be automatically distributed throughout the MINT network. Nodes will use remote SNMP services. Example 1: Nodes A and B use the same key and can establish a connection with each other in public authentication mode. Node A: mint rf5.0 -key SECRETKEY mint rf5.0 -authmode public Node B: mint rf5.0 -key SECRETKEY mint rf5.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) mint rf5.0 -authrelay mint rf5.0 addnode -mac B:B:B:B:B:B -key KEY2 mint rf5.0 addnode -mac A:A:A:A:A:A -key KEY3 Node B: mint rf5.0 -key KEY2 mint rf5.0 -authmode remote Node B will be getting neighbors' information via relay (Node A).
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) In fast mode the unit will wait for the potential source of the firmware to work with new version within two hours with no reboots. Only after two hours the request will be sent. In normal mode the waiting period is 7 hours; in slow - 24 hours By default, passive normal mode is turned on. For immediate firmware upgrade there is a special option “force”.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) The command turns on/off over-the-air encryption. Encryption has the following features: Each node has its own key for outgoing traffic encryption There is no restrictions on the number of nodes that use outgoing traffic encryption in the MINT network Every three minutes the key is dynamically changed Example: mint rf5.0 -crypt 3.2.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) Routes. The following output is displayed: Figure 3-2: Mint Map Routes Output Full. A combination of the above modes Swg. This option is used when switching groups are created in MINT network.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) Common color identifies neighbor nodes that have acceptable characteristics of a link to the current node. Yellow color identifies neighbor nodes that potentially may have problems with sustainability and quality of a link to the current node. In this case link quality can be improved through the change of certain parameters (for example, lowering bitrates).
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.2.8 MINT (“mint” command) Frequency Roaming For a flexible management of frequency resource, higher noise immunity and throughput optimization equipment supports frequency roaming capability based on MINT protocol. Any node of the network can be set up as a roaming leader. Roaming leader will define required radio frequency parameters of the wireless network.
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) fixedbitr - sets fixed bitrate for the node minbitr XXX - minimum bitrate for operation in "autobitrate" mode autobitr [+/-dB] - operation mode with automatic bitrate control. [+/-dB] parameter allows to manage bitrate control sensitivity. enable | disable | delete - enables, disables or deletes the profile. Syntax: mint IFNAME roaming {leader | enable | disable} mint IFNAME profile N [-freq X[,Y,N-M,...] | auto] [-sid X[,Y,..
Chapter 3 - Layer 2 Command Set - PHY and MAC MINT (“mint” command) -node {ADDR|all} - Mac-address of the destination node or access to all MINT nodes [-peer] - performs commands only on the nodes that are connected to the given device directly [-self] - performs commands also on the device itself {-cmd "CMD" | -file URL} - command to be performed on the remote unit or root to a command txt file by ftp [-key KEY] - access key [-quiet] - disables writing replies from remote devices to a system
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.3 Ltest (Radio Link Test) Ltest (Radio Link Test) Test of a radio link. It is recommended for antenna alignment when installing a new device or for testing of existing radio link.
Chapter 3 - Layer 2 Command Set - PHY and MAC Ltest (Radio Link Test) -p - sets priority level to "ltest" packets (from 0 to 16). No priority is set by default. -key [PASSWORD] - sets password for testing. If two devices have different passwords they can't perform testing with each other -disable|-enable - disables/enables ability to perform link test. Enable by default -align [L[,R]] - special "ltest" command mode for antenna alignment. It allows aligning each antenna of the device independently.
Chapter 3 - Layer 2 Command Set - PHY and MAC Ltest (Radio Link Test) Figure 3-5: Ltest Output "ltest" output when using the "-align" parameter: Figure 3-6: Ltest Align Output The difference of this output from the standard one is that "ant.amps" column is used instead of "amp/max". "Ant.amps" column indicates signal levels from 0, 1 and 2 antennas divided by ":" correspondingly.
Chapter 3 - Layer 2 Command Set - PHY and MAC Ltest (Radio Link Test) For successful radio link establishment the following factors have to be considered: 1 It is recommended to start antenna alignment with searching maximum signal level on a minimal possible bitrate. Afterwards automatic MINT mechanisms will set the most appropriate bitrate if autobitrate mode will be enabled. 2 Current incoming signal level in "amp/max" columns (see "ltest" command output) must be between 12 and 40.
Chapter 3 - Layer 2 Command Set - PHY and MAC Ltest (Radio Link Test) Packet size by default - 1536 bytes (to change packet size use "-s" option). "Seconds" parameter allows setting test period (5 seconds by default). Maximum value is 60 seconds. -load N[m|k] option allows setting a limit on the maximal tested channel bandwidth. By default, N parameter is measured in Megabits per second. If k parameter is specified then in kilobits per second (for example, 10m - 10 Mbps, 500k - 500 Kbps).
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.4 Muffer Command (Environment Analyzer) Muffer Command (Environment Analyzer) The muffer module is used to analyze the electromagnetic environment. Syntax: muffer IFNAME [-tXX] [-lXX] review [FREQ1 [FREQ2 ...
Chapter 3 - Layer 2 Command Set - PHY and MAC Muffer Command (Environment Analyzer) Figure 3-8: Muffer Review Mode The picture above shows the output of the review mode. 3.4.2 MAC|MAC2|MAC3|MYNET Modes These modes perform the efficiency of their utilization of the air link. The analysis is carried out for all MAC-addresses at the frequency previously specified by rfconfig command. [MAC] option allows carrying the air link analysis in MAC|MAC2|MAC3|MYNET modes for the specified MAC-address.
Chapter 3 - Layer 2 Command Set - PHY and MAC Muffer Command (Environment Analyzer) Figure 3-9: Muffer MAC2 Mode 3.4.3 Scan Mode The scanning regime is enabled by a muf scan command, and provides for deep analysis of radio emission sources within the given network's territory. In this regime, the device scans the radio spectrum on all frequencies and for all modulation types. [MAC] option allows carrying the air link analysis for the specified MAC-address.
Chapter 3 - Layer 2 Command Set - PHY and MAC Muffer Command (Environment Analyzer) Figure 3-10: Muffer Scan Mode Supplementary options for all the above regimes: -tXX specifies the duration of time, in seconds, for which the test regime is enabled (2 minutes by default). The value 0 in this field enables a test regime for unlimited time.
Chapter 3 - Layer 2 Command Set - PHY and MAC Muffer Command (Environment Analyzer) Figure 3-11: Muffer Statistics Module The following decisions can be made by analyzing the outputted parameters: If the number of repeated packets is comparable with total number of packets that means that you might have an interference source on the selected frequency. For normally operating link the percentage of repeated packets should not exceed 10%.
Chapter 3 - Layer 2 Command Set - PHY and MAC Muffer Command (Environment Analyzer) got a permanent source of interference. Otherwise, it means that a strong interference source appears from time to time breaking your signal Concerning the fact that statistics module outputs the information for each MAC-address separately, you can reveal the problem for some specific unit on the wireless network The "muffer stat" command shows the statistics only from registered devices.
Chapter 3 - Layer 2 Command Set - PHY and MAC Muffer Command (Environment Analyzer) Figure 3-12: Muffer Spectrum Analyzer Mode Supplementary options for "muf sensor" command: F1 - sets the initial frequency for scanning in MHz. Minimal available frequency for the given equipment model is used by default.
Chapter 3 - Layer 2 Command Set - PHY and MAC Muffer Command (Environment Analyzer) F2 - sets the ending frequency for scanning in MHz. Maximal available frequency for the given equipment model is used by default. The actual shown ending frequency is limited by the size of the program window. BW - sets bandwidth in MHz. Allowed values are 1/5/10/20 MHz depending on the concrete equipment mode. STEP - sets frequency changing step in MHz.
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.5 Arp Command (ARP Protocol) Arp Command (ARP Protocol) Implementation of Address Resolution Protocol. Syntax: arp view [IP] arp add IP MAC|auto proxy arp del IP|all [proxy] arp [-]freeze arp [-]proxyall [$ACL] Description: ARP protocol serves for IP to MAC-address mapping and vice versa. For example in Ethernet it allows to transform IP destination address into its 48-bit Ethernet address for packet forwarding over LAN.
Chapter 3 - Layer 2 Command Set - PHY and MAC Arp Command (ARP Protocol) Enables to freeze ARP table. No more automatically updates allowed. The command fixes only manual records and does not affect the radio interface with active protocol MINT. Be careful when entering this command via telnet. arp [-]proxyall [$ACL] In proxyall mode the system will reply on all ARP requests, if respective IP target address resides in the routing tables and reachable via interface other than source MAC-address. I.e.
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.6 Macf Command (Addresses Mapping) Macf Command (Addresses Mapping) The command is used to map IP-addresses onto Ethernet MAC-addresses Syntax: macf MAC-address IP-address Comment macf del N macf [-]dhcp [-]strict | [-]reverse | [-]simple [-]quiet macf show | clear Description: The macf command performs static mapping of IP-addresses to MAC-addresses in an Ethernet network.
Chapter 3 - Layer 2 Command Set - PHY and MAC Macf Command (Addresses Mapping) The second column in the above table contains automatically assigned internal numbers, which may be used to delete any specific line from the table by a macf del N command. The macf clear command clears the mapping table altogether. Quiet option allows switching off message logging to the system log.
Chapter 3 - Layer 2 Command Set - PHY and MAC Macf Command (Addresses Mapping) regardless of whether the strict option is enabled or not (the second address is not checked). With dhcp option enabled, macf filter is automatically supplemented with addresses issued by local DHCP server. These records are not stored in a permanent configuration and work until the given address is deleted by DHCP server. Hereafter, some possible scenarios of using different filtering options: 1 Flat model.
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.7 Switch Command Switch Command This command is used to configure MAC Switch. Syntax: ________ LIST commands __________________________________ switch list LISTNAME [{iface | mac | numrange | match}] {add | del} [VALUE ...] dump [WILDCARD] rename file NEWNAME FILENAME [ flush|remove] ________ GROUP commands _________________________________ switch group GROUPID {add | del} IFNAME[:{TAG|0}] ...
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command switch group ID order N switch {group ID | interface IFNAME} [ setpri|addpri prio ] {deny | permit | showrules} switch group GROUPID [dump [interface] [WILDCARD]] [dbdelete MACADDRESS] {start | stop | remove} switch group GROUPID in-trunk [{GROUPID|0}] switch admin-group {GROUPID|0} ________ RULES commands _________________________________ switch {group GROUPID | interface IFNAME} rule NUMBER [set NEWNUMBER] [not] [src LIST] [dst LIST] [vlan
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command switch {start | stop | restart | destroy | dead-interval DEAD_INTERVAL | strict-admin [(on|off)]} switch statistics [(clear|help)] switch maxsources (MAXSOURCES|0) 3.7.1 Wildcard Format Wildcards are used in switch command to filter printed information. As a difference from standard wildcards, in special cases the following characters can be used: * - any number of any symbols (or empty). ~ - any symbol (just one). Examples: rf~.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command {add | del} [VALUE ...] dump [WILDCARD] rename file NEWNAME FILENAME [ flush|remove] Lists are used as a set of acceptable values for rules. Each list must have a unique name and must be of one of the types: iface, mac, numrange, match. List name may consist of letters and digits. List name should not start with a digit. List name is case-insensitive. Command parameters: LISTNAME - list name.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command switch list ip_mynet match add 'net 195.38.45.64/26' A list-expression of match type is created. In this case when using filter its effect will cover all types of packets (ip, arp and so on) from 195.38.45.64/26 network. switch list ip_mynet match add 'ip net 195.38.45.64/26' In this example a list-expression of match type is also created but now only ip packets from 195.38.45.64/26 network will be affected when using filter.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command switch group GROUPID {add | del} IFNAME[:{TAG|0}] ...
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command GROUPID - numeric switching group identifier (1-4095) add|del - these commands add/delete specified interfaces to/from the switching group. If "add" keyword is used and there is no switching group with GROUPID identifier, it will be automatically created. IFNAME - network interface name which should be added or deleted from the switching group. TAG.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command switch group 12 trunk on If trunk group which will provide transmission of multiple VLAN flows in different directions is enabled on device then in-trunk option should be used on a subscriber station for exact instruction of what trunk group is the group: switch group GROUPID in-trunk [{GROUPID|0}] For example, if a Group No100 on a subscriber station is a member of a trunk Group No5 (Group No100 was formed as a result of conversion of VLAN ID N
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command group number (in this case 10), tagged packets - with group numbers concurred with VLAN ID. switch list MYNET numrange add 100 200 300 switch group 20 vlan MYNET switch group 20 trunk on Group No20 handles only tagged packets from the MYNET list and transmits them upgrading VLAN ID number to appropriate group (and vice versa).
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command start|stop - starts/stops a specified switching group. restart - restarts the switching group (same as "switch group GROUPID start; switch group GROUPID start" set of commands). The command is used to clean the switching group database. remove - deletes a specified switching group from the switch configuration.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command Figure 3-13: Switch Group STP Output switch group GROUPID stp priority [PRIO] This command sets STP priority of a switch, where [PRIO] - priority value. If priority is not specified then default value 57344 is set. When setting priority value one should take into consideration that it will be automatically rounded down to a value divisible by 4096 (step 4096).
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command This command sets STP parameter "cost" of a switch port which determines switch port cost, where [COST] - value oh this parameter. If not specified default value is set that is equal to 200000 for RSTP, 65535 for STP. Example: switch group 1 add eth0 rf5.0 switch group 1 stp priority 36864 switch group 1 stp on switch group 1 start In this example switch group "group 1" is configured.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command Example: switch group 1 addpri 15 3.7.4 Rules Configuration Commands Rules are used for the following purposes: Selecting an appropriate switching group when packet is received through eth* interface. Packet will be switched only by that group to which rules it fully satisfies. When packet is chosen by the switching group and group decides whether this packet needs to be sent through one of the interfaces.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command empty, non of the values of the corresponding parameter can match the condition even if this parameter is missing in the packet (for example, VLAN tag).
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command switch list MACGROUP1 MACGROUP1 mac add 00:01:02:03:04:05 00:11:12:13:14:15 switch list VGROUP numrange add 10 20-30 40 switch list IP_NET3845 match add 'arp net 195.38.45.64/26 || ip net 195.38.45.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command switch {start | stop | restart | destroy | dead-interval DEAD_INTERVAL | strict-admin [(on|off)]} switch statistics [(clear|help)] switch maxsources (MAXSOURCES|0) switch resynchronize Forces to reload lists which had an external file as a source switch trace { off | on | verbose } Enables/disables logging of service information into a system log. Verbose option provides more detailed information to be written in the system log.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command The "clear" option clears the switch statistic. The "help" option shows a list of the descriptions of the drooped packets reasons used in the switch statistics command output. The following command allows setting the maximum allowed number of records in the switch MAC-address table: switch maxsources (MAXSOURCES|0) The default number of records is 5000. When the value "0" is used the number of records is set to minimum possible of 500.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command Figure 3-14: Switch IGMP Snooping Dump Output Parameter "detail" allows seeing detailed information on Multicast-subscribers. switch igmp-snooping lmqt Value This command sets "Last Member Query Time" value, i.e. the maximum time during which the switch will wait for the answer from active subscribers after receiving "IGMP leave". If no answer is received the switch will stop Multicast packets delivery to the particular Gateway.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command group N - defines a switching group that uses "IGMP Snooping" services. source X - sets source IP-address for Multicast packets mcast X - sets concrete Multicast Group to be allowed for subscription. vlan N - enables transmission of Multicast packets using Vlan. 3.7.6 Sample Configuration switch list VGROUP numrange add 10 20-30 40 switch list ALL_VLAN numrange add 0-4095 switch group 5 add eth0 rf5.
Chapter 3 - Layer 2 Command Set - PHY and MAC Switch Command without VLAN tags. Moreover, group 25 will be used to send the traffic to "outer" world.
Chapter 3 - Layer 2 Command Set - PHY and MAC 3.8 Dfs (Dynamic Frequency Selection) Dfs (Dynamic Frequency Selection) This command is used to configure DFS (Dynamic Frequency Selection) function of a radio interface. CAUTION On both units, master and slave, please use only the frequencies approved by your country regulations. It is own client responsibility if other frequencies apart from the one accepted by the regulations are used during operational mode, dfs scanning and any other purposes.
Chapter 3 - Layer 2 Command Set - PHY and MAC Dfs (Dynamic Frequency Selection) CAUTION The accuracy of the "dfs cot" function is about 5 minutes - dfs "interface_name" scansec - sets the time that is spent on scanning each available frequency in seconds. By default: 6 seconds. DFS default operational characteristics: Channel occupation time: 24 hours Scanned time for DFS leader: 6 seconds for each available frequency Listening to the Radar on the chosen frequency: 1 minute 3.8.
Chapter 3 - Layer 2 Command Set - PHY and MAC Dfs (Dynamic Frequency Selection) To set a unit as a "DFS Client" (example): 1 Configure the unit as a slave: mint rf5.0 -type slave Please refer to the "MINT" chapter for detailed description. 2 Set the automatic frequency selection in the roaming profile: rf rf5.0 -freq auto Please refer to the "Frequency roaming" section of the "MINT" chapter for detailed description. Now the unit will work on the same frequency as the "DFS Leader" unit.
Chapter 4 Layer 3 Command Set - IP Networking
Chapter 4 - Layer 3 Command Set - IP Networking In This Chapter: “Ifconfig Command (Interfaces Configuration)” on page 104 “Tun Command (Tunnels Building)” on page 107 “Qm Command (QoS Configuration)” on page 111 “Route Command (Static Routes Configuration)” on page 120 “ARIP” on page 122 “ARDA” on page 135 “OSPFv2 (Dynamic Routing Protocol Module)” on page 141 “Netstat Command (Network Statistics)” on page 169 “Ipfw Command (IP Firewall)” on page 171 “Loadm Command (Load Meter)” on pag
Chapter 4 - Layer 3 Command Set - IP Networking 4.1 Ifconfig Command (Interfaces Configuration) Ifconfig Command (Interfaces Configuration) The command is used to set and view configuration of network interfaces.
Chapter 4 - Layer 3 Command Set - IP Networking Ifconfig Command (Interfaces Configuration) Example: ifconfig eth0 inet 192.168.1.1/26 ifconfig eth0 inet 192.168.1.1:255.255.255.192 ifconfig eth0 inet 192.168.1.1 up|down: flags enabling/disabling the interface. System limitations: lo0 interface cannot be set to down state. Radio interfaces states are not saved in the configuration (after rebooting all interfaces are in the up state) Example: ifconfig eth0 up ifconfig eth0 1.1.1.1/24 up ifconfig rf5.
Chapter 4 - Layer 3 Command Set - IP Networking Ifconfig Command (Interfaces Configuration) or ifconfig vlan1 1.1.1.1/24 up ifconfig vlan1 vlan 5 vlandev eth0 ifconfig -vlandev eth0 Last line in the example cancels the connection between vlan1 logical interface and physical device eth0 Both additional parameters of vlanX interface should be entered in one line as it is shown in the example, and if needed one can add a new IP-address setup.
Chapter 4 - Layer 3 Command Set - IP Networking 4.2 Tun Command (Tunnels Building) Tun Command (Tunnels Building) The command specifies the parameters of a software tunnel. General Description: Tunnels are used to merge two remote and physically not connected networks into one logical structure.
Chapter 4 - Layer 3 Command Set - IP Networking Tun Command (Tunnels Building) Figure 4-2: Tunnels Inside the Same Network There are several approaches to build tunnels. One of these, IP into IP Encapsulation (described in RFC 2003), is implemented in OS WANFleX. This technology is used, for example, in Cisco Systems routers, and is a subset of the IPSEC protocol supported by several operating systems.
Chapter 4 - Layer 3 Command Set - IP Networking Tun Command (Tunnels Building) Outgoing packets are encapsulated into IP datagrams and sent to the dst address. The src address is inserted into the datagram as source address. CAUTION The dst address shall also be attainable through an interface of the device different from that used to access the tunnel.
Chapter 4 - Layer 3 Command Set - IP Networking Tun Command (Tunnels Building) tunnel mode ipip ! Alvarion BreezeNET B130/B300 GigE 110 Operational User Manual
Chapter 4 - Layer 3 Command Set - IP Networking 4.3 Qm Command (QoS Configuration) Qm Command (QoS Configuration) The command manages the "Quality-of-Service" (QoS) parameters. General description: QoS manager is a convenient and flexible mechanism to manipulate data streams going through the device.
Chapter 4 - Layer 3 Command Set - IP Networking Qm Command (QoS Configuration) Description: qm classL max=N This command creates a service class #L. It is used for dynamic bandwidth allocation between different channels. The "max = N" option defines the total bandwidth of the class that will be limited to a given value (thousands bps).
Chapter 4 - Layer 3 Command Set - IP Networking Qm Command (QoS Configuration) 16 (the lowest). Default value is 0 therefore when setting another value it is possible only to lower the priority. latency=N determines the maximum time for the packets to stay in the channel. If a packet is waiting in a queue of the channel more than this time then it is discarded. Measured in milliseconds. To disable set the parameter to 0. pri=P Sets priority level of the specified channel (0..16).
Chapter 4 - Layer 3 Command Set - IP Networking Qm Command (QoS Configuration) qm chN clear Cancels the N-th logical channel current specification, making its number free for another specification. qm add[out][num] [ifname] chN [pass] rule ... Specifies one or more rules for accepting packets at the channel #N. When used with optional parameter out (addout) it specifies the rules for outgoing packets. Rules are specified using the same syntax as in the ipfw command.
Chapter 4 - Layer 3 Command Set - IP Networking Qm Command (QoS Configuration) put streams into different channels based on "qm/ipfw" rules as well as "tos" and "dscp" fields. qm ch1 pri=12 qm add ch1 all from x/x to y/y qm add ch1 dscp31 all from a to b qm add ch1 dscp42 Each channel can be assigned a priority (0...16). Once assigned, a priority will be automatically recognized by every node inside MINT network.
Chapter 4 - Layer 3 Command Set - IP Networking Qm Command (QoS Configuration) QM_PRIO_BUSINESS7 15 QM_PRIO_BUSINESS8 16 Priorities "1" and "2" are additionally processed as "voice". Packets from which the priority is not clearly defined will be sent via common queue with "Best Effort". The "qm option" allows automatic prioritization management of data flows in the device.
Chapter 4 - Layer 3 Command Set - IP Networking Qm Command (QoS Configuration) Attention: Real prioritization within MINT network is conducted by priority, given by the option pri=N. DSCP label is transparently transmitted through MINT in any of its modes. 802.1p priority is transparently transmitted only in switch MINT mode. If necessary, when leaving MINT network dot1p and dscp parameters can be assigned by the operator.
Chapter 4 - Layer 3 Command Set - IP Networking Qm Command (QoS Configuration) In more complicated situations, when the devices of service providers are not directly accessible from the given node, one would better start with defining tunnels to those providers, and then redirect traffic to those tunnels. qm option -rtp tos This command disables real time packets automatic prioritization and enables TOS automatic prioritization.
Chapter 4 - Layer 3 Command Set - IP Networking Qm Command (QoS Configuration) qm ch26 vlan=7 dot1p=4 Packets which are coming from MINT network through eth0 interface and having DSCP label 11 is put into channel 25. qm addout eth0 ch25 dscp11 from 0/0 to 0/0 Packets which are coming from MINT network through eth0 interface and having DSCP label 13 is put into channel 26.
Chapter 4 - Layer 3 Command Set - IP Networking 4.4 Route Command (Static Routes Configuration) Route Command (Static Routes Configuration) The command is used to configure static routing tables. Syntax: route cmd args cmd: add, delete. args: network[/mask] gateway [metric N] [-iface] Description: This command provides with manual management of system routing tables. In the normal mode, when a routing daemon is active, this command is not needed.
Chapter 4 - Layer 3 Command Set - IP Networking Route Command (Static Routes Configuration) route add 193.124.189.0:255.255.255.224 195.38.44.108 All routes that are described using route add command are "pseudostatic". It means that this information will be immediately placed into the configuration and will be active until it is deleted using route delete command.
Chapter 4 - Layer 3 Command Set - IP Networking 4.5 ARIP 4.5.1 Getting Started ARIP ARIP module is a realization of a standard routing protocol RIP. ARIP routing module support two RIP (Routing Information Protocol) versions RIP-1 and RIP-2. Module configuration is performed by arip command. 4.5.2 Command language. Basic Principles ARIP has its own command shell (CS).
Chapter 4 - Layer 3 Command Set - IP Networking ARIP The following figure shows the transition scheme between different modes of CS. Figure 4-4: ARIP Transition One can set the necessary mode or execute commands without specially entering into arip module. For example, if we consistently execute the following commands: #1> arip configure #1> arip router #1> arip RIP(config-router)# while entering arip we will enter directly into necessary mode config-router (as it is shown in the example).
Chapter 4 - Layer 3 Command Set - IP Networking ARIP prohibited. In order to avoid a "dead" block of the session, CS automatically quits the configuration mode after five minutes of no activity. Context help is always available using "?". For example: RIP> config RIP(config)#? access-list Add an access list entry clear Reset functions end (CTRL+C). End current mode and change to root mode exit Back to WANFleX command shell (CTRL+D).
Chapter 4 - Layer 3 Command Set - IP Networking ARIP receive Advertisement reception send Advertisement transmission show Show running system information split-horizon Perform split horizon RIP(config-if)# After quitting CS using "exit" command (or Ctrl+D), CS stays in the last active mode. Commands may have different parameters. Commands parameters are specified in several formats.
Chapter 4 - Layer 3 Command Set - IP Networking ARIP RIP> configure RIP(config)# stop daemon If "stop" command is executed with clear parameter, the router will clear its part of the system configuration prior to quitting CS. 4.5.4 Filters In many participating in the configuration parameters of the device filters are used. Filters are represented by two classes of objects: Access lists (access-list) Prefixes lists (prefix-list) Access lists consist of a set of operators.
Chapter 4 - Layer 3 Command Set - IP Networking ARIP Table 4-2: Standard Access Lists Range of values for the parameter This command creates an operator in a standard access list. Value and mask define a range (criteria) for the operator. The mask defines those bits of the value which form the range. For example, in order to specify the range of IP-address from 192.168.12.0 to 192.168.255, one should specify the value of 192.168.12.0 and a mask of 0.0.0.255. For the value and mask of 0.0.0.0 255.255.255.
Chapter 4 - Layer 3 Command Set - IP Networking ARIP While configuring, the operators are appended to the end of the list. Lists of prefixes are different from access lists so that each operator has a number aside from a range (condition). Moreover, when a check for the parameter to fit into an operator's range is performed, one can set up additional condition for the parameter's mask length. Table 4-5: Prefix Lists prefix-list WORD [seq <1-4294967295>] (deny|permit) A.B.C.
Chapter 4 - Layer 3 Command Set - IP Networking ARIP no network A.B.C.D/M no network WORD In some cases not all routers understand multicast requests. To solve this problem, you can establish a direct link between routers. To implement this, use the command in config-router mode: neighbor a.b.c.d a.b.c.d - router's neighbor address. To cancel link between routers: no neighbor a.b.c.
Chapter 4 - Layer 3 Command Set - IP Networking ARIP default-information originate [always] [metric-type (1|2)] [metric <0-16777214>] [route-map WORD] metric-type (1|2) and metric <0-16777214> attributes define the same parameters of the external link for redistribute command. They are also not mandatory. This command also has one optional attribute - always. This attribute makes a router to advertise its default gateway link even if the route is not in the routing table.
Chapter 4 - Layer 3 Command Set - IP Networking ARIP If a resulting action is permit, all actions specified in the record are performed for a resulting object.
Chapter 4 - Layer 3 Command Set - IP Networking ARIP set metric <0-4294967295> set metric-type (type-1|type-2) The next step for the record's behavior, after all conditions are matched by the route, can be configured using one of the following commands: on-match goto <1-65535> on-match next Configuration example: RIP> configure RIP(config)# access-list AnyNetwork permit any RIP(config)# access-list net200 permit 192.168.200.
Chapter 4 - Layer 3 Command Set - IP Networking ARIP Password authentication. Simple password authentication is vulnerable for passive attacks (sniffing) because broadcasting is used and the packet has a password in an explicit form. Cryptographic authentication. Key is used while generation and check of message-digest signatures. Digital signature is built based on MD5 algorithm. As a secret key is never send over the network in a clear form, this gives a protection from passive attacks.
Chapter 4 - Layer 3 Command Set - IP Networking ARIP The update timer is 30 seconds. Every update timer seconds, the RIP process is awakened to send an unsolicited Response message containing the complete routing table to all neighboring RIP routers. The timeout timer is 180 seconds. Upon expiration of the timeout, the route is no longer valid; however, it is retained in the routing table for a short time so that neighbors can be notified that the route has been dropped.
Chapter 4 - Layer 3 Command Set - IP Networking 4.6 ARDA 4.6.1 Getting Started ARDA ARDA is a daemon that does interconnection between RIP and OSPF regarding routing processes. ARDA configuration is performed by "arda" command. 4.6.2 Command Language. Basic Principles ARDA has its own command shell (CS). To enter the shell, execute the following command: #1> arda ARDA> Commands entered in CS are not case-sensitive and can be shortened until ambiguity appears.
Chapter 4 - Layer 3 Command Set - IP Networking ARDA while entering arip we will enter directly into necessary mode "config" (as it is shown in the example). Every mode has its own set of commands.
Chapter 4 - Layer 3 Command Set - IP Networking 4.6.3 ARDA Start/Stop of ARDA Start of ARDA is executed by the following command: ARDA start In order to stop ARDA, execute the following command in "config" mode: stop (daemon|clear) Example: > arda ARDA> configure ARDA(config)# stop daemon If "stop" command is executed with clear parameter, the device will clear its part of the system configuration prior to quitting CS. 4.6.
Chapter 4 - Layer 3 Command Set - IP Networking ARDA Nominate. Identical to Standard but is identified by a name (not number). Moreover, operators are configured in the format of / In order to create or edit an access list in ARDA the following commands are used (in "config" mode): Table 4-6: Standard Access Lists access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.
Chapter 4 - Layer 3 Command Set - IP Networking ARDA Table 4-8: Nominate Access Lists access-list WORD (deny|permit) A.B.C.D/M [exact-match] List identifier command Range The requirement for the exact match of a parameter to the range In this case the list identifier is a character expression. The range is specified in a format of /. For example, if we need to specify the range of IP-addresses from 192.168.12.0 to 192.168.12.255, 192.168.12.0/24 is specified. For 0.0.0.
Chapter 4 - Layer 3 Command Set - IP Networking ARDA ARDA(config)# route 10.1.2.3/24 eth0 5 4.6.6 Interface Management To manage a specific interface in ARDA "interface" command in "configuration" mode: ARDA(config)# interface The following options are available for configuration: Bandwidth - sets bandwidth in Bits per second.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) 4.7 OSPFv2 (Dynamic Routing Protocol Module) 4.7.1 Getting Started OSPF protocol is widely used routing protocol for IP networks. Basic principles that form a current version of protocol are outlined in RFC 2328.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) CS can work in different modes. Current mode is displayed along with command prefix as "OSPF(mode)#". For example, if configure command is entered, CS switches to config mode: OSPF> configure OSPF(config)# The following figure shows the transition scheme between different modes of CS. Figure 4-5: OSPF Transition Every mode has its own set of commands.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) OSPF> config OSPF(config)#? access-list Add an access list entry alias Set symbolic mode clear Reset functions debug Set debugging print level end (CTRL+C). End current mode and change to root mode exit Back to WANFleX command shell (CTRL+D).
Chapter 4 - Layer 3 Command Set - IP Networking help message-digest-key (key) OSPFv2 (Dynamic Routing Protocol Module) Print command list Message digest authentication password mtu <40-65535> network Network type no Negate a command or set its defaults priority Router priority retransmit-interval state Time between retransmitting lost link show Show running system information transmit-delay Link state transmit delay OSPF(config-if)# After quitting CS using "exit" command (or Ctrl+D), CS stay
Chapter 4 - Layer 3 Command Set - IP Networking 4.7.3 OSPFv2 (Dynamic Routing Protocol Module) Start/Stop of OSPF Start of OSPF router is executed by the following command: ospf start In order to stop OSPF, execute the following command in config mode: stop (daemon|clear) Example: >ospf OSPF> configure OSPF(config)# stop daemon If "stop" command is executed with clear parameter, the router will clear its part of the system configuration prior to quitting CS. 4.7.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) Prefixes lists (prefix-list) Access lists consist of a set of operators. Each operator consists of a range of IP-addresses and deny or permit command. The range of addresses is set as . The object to be filtrated has its basic parameter in the same format (IP-address, subnet etc).
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) Correspondingly, for the range which consists of only one address, the key word host is used. For example, the command: OSPF(config)# access-list 1 permit 192.168.12.150 0.0.0.0 is equal to the following command: OSPF(config)# access-list 1 permit host 192.168.12.150 Table 4-10: Extended Access Lists access-list (<100-199>|<2000-2699>) (deny|permit) List identifier command ip A.B.C.D A.B.C.D A.B.C.D A.B.C.D.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) If a sequential number is not specified the router sets it up automatically by adding 5 to the number of the last operator in a list. Thus, the operator will have the biggest number and will be placed in the end of the list. 4.7.6 Link State Advertisement The router can advertise its link states of two types: 1 Internal links.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) In some cases there is a necessity to advertise internal links automatically for the selected network interface. It becomes important when IP-addresses of this interface (aliases) are created and deleted automatically, for example, when CPEs are connecting to the BS via radio. To implement this, use the command in config-router mode: auto-interface IFNAME area (A.B.C.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) Value and type of a metric for external links can be defined in route-map. In this case a type and value of a metric can be defined depending on route parameters (interface, gateway, destination etc). If type and/or value of a metric left undefined the router will consider these external links to have a default metric and type 2.
Chapter 4 - Layer 3 Command Set - IP Networking 1 OSPFv2 (Dynamic Routing Protocol Module) on-match next - viewing is continued from the record which follows a current record 2 on-match goto - viewing is continued from the record which number is more or equal N but is not less than current number. In order to configure a route-map, the following command is used in config mode: route-map WORD (deny|permit) <1-65535> where WORD - route-map identifier.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) The next step for the record's behavior, after all conditions are matched by the route, can be configured using one of the following commands: on-match goto <1-65535> on-match next Configuration example: OSPF> configure OSPF(config)# access-list AnyNetwork permit any OSPF(config)# access-list net200 permit 192.168.200.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) A method for metric configuration described above is used for all links for which interfaces a specific cost is not set. To set an individual cost (metric) for links one can using the following command in config-if mode: cost <1-65535> [A.B.C.
Chapter 4 - Layer 3 Command Set - IP Networking 1 OSPFv2 (Dynamic Routing Protocol Module) cisco - a router will be considered as ABR if it has several configured links to the networks in different areas one of which is a backbone area. Moreover, the link to the backbone area should be active (working).
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) The area can be configured as a stub area using the command in config-router command: area (A.B.C.D|<0-4294967295>) stub [no-summary] no-summary option is specified if it is not necessary to advertise a summary ads of other area's links to this area. 4.7.8.3 Backbone coherence. Virtual links In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e.
Chapter 4 - Layer 3 Command Set - IP Networking 4.7.8.4 OSPFv2 (Dynamic Routing Protocol Module) Link-to-area information filtering Summary information about area's links which is advertised by ABR through backbone to other area (export) can be filtered. Moreover, the information from ABR (that came from other areas) can also be filtered (import). Filters are configured in config-router mode: area (A.B.C.D|<0-4294967295>) export-list NAME area (A.B.C.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) Advertised link (Rs) If non-advertise flag is not specified, C and Rs parameters can be configured. If a destination for one or more links belongs to R, the router will advertise one link with R destination (or Rs, if specified) and with metric that is a maximal metric of the links (or C, if specified). For addresses ranges there are several commands in config-router mode.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) The value of the parameter is specified in seconds. "IP-address" defines IP-address of a specific link, if you need to configure this particular link (optional parameter). If this IP-address is not specified, the parameter will be applied to the network interface. Note that in order to creating adjacency relationship between two routers these parameters should be equal.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) After receiving updated information about links changes, the router initiates its link-state database synchronization with its neighbors, if it's a DR. This process does not start right after new information receipt but after a period of time assuming that some more data may come. This is made in order to avoid network "storms".
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) As a secret key is never send over the network in a clear form, this gives a protection from passive attacks. By default, the device does not have any authentication (null-authentication). Authentication can be configured individually for each interface's link (or for the interface including virtual link) and/or individually for every area to which the router is connected.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) area (A.B.C.D|<0-4294967295>) virtual-link A.B.C.D (authentication|) (message-digest|null) Authentication type can be specified for the whole area to which a network belongs and a link by means of which OSPF packets are received. If authentication is turned on for both interface and the area, the interface authentication type will be used.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) network point-to-point router router-id 195.38.45.107 network 1.1.1.1/32 area 0.0.0.0 network 4.7.8.0/24 area 0.0.0.1 network 192.168.15.1/24 area 0.0.0.1 network 195.38.45.107/26 area 0.0.0.0 area 0.0.0.1 virtual-link 192.168.151.10 end OSPF> 4.7.10.1 Neighbor show neighbor [A.B.C.D] [detail] As a parameter one can specify IP-address of a network interface (link), which state and neighbor is to be shown.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) State - current state/status. This parameter may be of the following value: » Init. This state means that a Hello packet was recently received from a neighbor with whom a 2-way connection is not yet established. » 2-Way. A two-way connection is established between two routers. Starting from here an adjacency relationship is initiated. » ExStart.
Chapter 4 - Layer 3 Command Set - IP Networking show database OSPFv2 (Dynamic Routing Protocol Module) (asbr-summary|exter nal|network|router|s ummary) [A.B.C.D] [adv-router A.B.C.D] Type of link advertisement for review Link destination which advertisements are to be reviewed Router-id which link advertisements are to be reviewed For example, a database has to be viewed for the link which was announced by transit network, and the advertising router was 192.168.45.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) This command is used to print access lists contents. If list identifier is not specified, all lists are printed. For example: OSPF> show access-list IP access list any_network permit any IP access list net200 permit 192.168.200.0/24 Similar commands are used for prefix-lists output: show prefix-list show prefix-list WORD 4.7.10.4 Routing table show route This command prints a routing table.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) directly attached to eth0 N IA 192.168.152.0/24 [2] area: 0.0.0.1 via 192.168.151.10, eth0 N IA 195.38.45.64/26 [2] area: 0.0.0.1 via 192.168.15.1, eth0 ============ OSPF router routing table ============= R 192.168.151.10 [1] area: 0.0.0.1, ABR, ASBR via 192.168.151.10, eth0 R 195.38.45.107 [1] area: 0.0.0.1, ABR via 192.168.15.1, eth0 ============ OSPF external routing table =========== N E2 192.168.200.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) This command prints the information on network interfaces including virtual links states. If interface name is not specified, all interfaces information will be printed. For example: OSPF> show interface VLINK0 is up Internet Address 192.168.151.10/24, Area 0.0.0.0 Router ID 192.168.151.
Chapter 4 - Layer 3 Command Set - IP Networking OSPFv2 (Dynamic Routing Protocol Module) Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:03 Neighbor Count is 0, Adjacent neighbor count is 0 lo0 is up OSPF not enabled on this interface null0 is down OSPF not enabled on this interface Rf5.
Chapter 4 - Layer 3 Command Set - IP Networking 4.8 Netstat Command (Network Statistics) Netstat Command (Network Statistics) Display the network statistics Syntax: netstat -r netstat -i Description: Displays the contents of different system data pertained to network parameters. "-r" parameter displays system routing tables: Figure 4-6: Netstat Output Flags for specific routes have the following meaning: U - this routing table element is currently active; H - this route leads to a host.
Chapter 4 - Layer 3 Command Set - IP Networking Netstat Command (Network Statistics) C - when using this route, more specific routes may be created (e.g. using the L flag).
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) 4.9 Ipfw Command (IP Firewall) 4.9.1 General Description IP Firewall is a mechanism of filtering packets crossing an IP network node, according to different criteria. System administrator may define a set of incoming filters (add) and a set of outgoing filters (addout). The incoming filters determine which packets may be accepted by the node.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) Figure 4-8: IPFW There are two classes (sets) of filters - prohibiting (reject) and permitting (accept). Furthermore, a filter may be applied to all inbound packets or only to packets arriving via a specific interface. Each received packet is checked against all filters in the order they are put in the set. The first filter that matches the received packet determines how the packet will be treated.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) For better understanding of how filtering mechanism works, it is necessary to read how filters are defined and how filters are used. Syntax: list show | reset rearrange [N] flush quiet | -quiet del num mov num1 num2 add[out] [NUM] [IFNAME] rules...
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) ipfw addout [num] . . . These two commands are used to add a filter to the incoming and outgoing filter sets, respectively. The add* keyword is followed by a filter definition. The optional num parameter may be used to explicitly specify the number of the new filter in the list. ipfw del num Removes a rule from the appropriate list. The rule to be removed is specified by its number num which can be seen using the ipfw list command.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) The algorithm of applying any specific filter to a packet is as follows: 1 If the value in the proto field of the filter is not all, and the packet's protocol is different from that specified in the filter, then the filter is skipped (not applied) for this packet.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) 13 Otherwise, i.e. if none of the above conditions has caused skipping the filter, then the packet is treated in a way specified by the disp field of the filter. Special filtering rules for ARP packets: ARP packets will always be permitted for those IP addresses and ranges of IP addresses that are mentioned in permitting (accept) filters, even if those filters are created for other types of packets. 4.9.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) Disp field (abbreviated from disposition) sets an action which is going to be held in case of this filter operation. Possible values are accept or reject. If accept value is set the packet will go through the filter. Using reject value means that the packet will be filtered.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) Address information is an IP-address with a mask (optional). IP-address should be set in a traditional numeric format (nn.nn.nn.nn). An optional mask can be set either as mask length in bits or as a numeric value in nnn.nnn.nnn.nnn format. Possible formats for address information are the following: nn.nn.nn.nn nn.nn.nn.nn:xxx.xxx.xxx.xxx nn.nn.nn.nn/NN Using semicolon means that the mask is set in a numeric address format.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) Example: ipfw add reject all from mac 0012345678 to 0/0 ipfw addout reject all from 0/0 to mac 0012345678 ipfw add rf1 reject all from mac $ACL to 0/0 ipfw add reject all from 0/0 to not 1.1.1.0/24 Ports list is set as a simple enumeration of ports separated by space bars. The first element in the list can be a port couple separated by a semicolon.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) The filter is applied to all packet's fragments excluding the first one. Offset field has non-zero value. More fragments field value is of no importance. ip_option The filter is applied to the IP-packets which have any IP-options set (excluding NO-OP option) ip_recroute_option The filter is applied only to those IP-packets which have either record-route or timestampIP options set without any other options.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) Our first example will be a filter prohibiting passage of any packet from some "unreliable" address 1.1.1.1 to the address 2.2.2.2: ipfw add reject all from 1.1.1.1 to 2.2.2.2 As enemies often attack in unite front, let us now bar the way to all packets from the whole hostile network: ipfw add reject all from 1.1.1.0/24 to 2.2.2.2 Here 24 after the slash means the mask length in number of bits.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) ipfw add rf5.0 reject all from innerhost/16 to 0/0 Unlike the filters in the previous examples, this filter will be applied to packets arriving through the rf5.0 interface only. Packets arriving through any other interface will not be discarded (in this example the inner network is supposed to be of the B class).
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) Figure 4-9: IP Spoofing All subnets of an inner network, including a host address innerhost, are owned by the one network (or a network group). Let's imagine that outer network has no hosts which are within the range set up for the inner network. Therefore, all the packets that are accepted via rf5.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) communications between your network and the external world pass through the rf5.0 interface): ipfw add rf5.0 accept tcp from 0/0 to 0/0 900:5000 ipfw add rf5.0 reject tcp from 0/0 to 0/0 The first of these filters accepts packets from external sources to ports from 900 to 5000 on the inner network hosts (normally assigned to internal clients). The second filter rejects all the rest. Unfortunately, this is not enough.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) A domain name server (DNS) is an example of a server using the UDP protocol (at port number 53). Assuming that your communications with the outer world all pass through the rf5.0 interface, the following filter set will provide for proper interaction between your internal DNS server and external DNS servers while rejecting any other UDP traffic: ipfw add accept udp from 0/0 53 to 0/0 53 ipfw add rf5.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) A filter verifying TCP or UDP port numbers never checks IP fragments except the first one in a sequence. If your filter accepts incoming IP fragments, a malefactor may use a "denial of service" attack, by flooding you with fragments having different source addresses, thus causing memory overflow on your device.
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall) IP Firewall registers all rejected packets, writing appropriate message in the system log. Registering all accepted packets may be additionally requested by putting a log keyword: ipfw add accept log icmp from 0/0 to 0/0 The above command will register all incoming ICMP packets. CAUTION A large number of logged packets may cause system log overflow (if you have redirected log messages to a remote workstation).
Chapter 4 - Layer 3 Command Set - IP Networking 4.10 Loadm Command (Load Meter) Loadm Command (Load Meter) This is a tool to perform the channel load monitoring Syntax: loadm [-B] [-l] [-m][-w delay] interface Description: This command allows estimating the load of a system interfaces specified by interface parameter. By default, the information is displayed in one line and is updated every second; the load is measured in Kbit/s.
Chapter 4 - Layer 3 Command Set - IP Networking Loadm Command (Load Meter) Figure 4-10: Loadm Output Alvarion BreezeNET B130/B300 GigE 189 Operational User Manual
Chapter 4 - Layer 3 Command Set - IP Networking 4.
Chapter 4 - Layer 3 Command Set - IP Networking Bpf Command (Berkeley Packet Filter) bpf rf5.0 10.11.12.13 8000 Enables packet capturing regime, sending all packets from the rf5.0 interface to a workstation at the address 10.11.12.13. bpf rf5.0 Disables packet capturing regime at the rf5.0 interface.
Chapter 4 - Layer 3 Command Set - IP Networking 4.12 Snmpd Command (SNMP Daemon) Snmpd Command (SNMP Daemon) SNMP protocol version 1 and 3 daemon Syntax: snmpd user NAME (add|set) [pass PASSWORD] [sec[urity] (noAuthNoPriv|authNoPriv)] [acc[essRights] (readOnly|readWrite)] [cla[ss] (guest|admin)] snmpd user NAME del[ete] snmpd comm[unity] NAME snmpd (v1disable|v1enable) snmpd (start|stop) Description: This command enables/disables the SNMP (Simple Network Management Protocol) Version 1 and 3 daemon.
Chapter 4 - Layer 3 Command Set - IP Networking Snmpd Command (SNMP Daemon) The present implementation supports MIB II (Management Information Base, Version II) and MIB Enterprise and is very easy to configure.
Chapter 4 - Layer 3 Command Set - IP Networking 4.13 Td Command (Telnet Daemon) Td Command (Telnet Daemon) Telnet daemon management. Syntax: td enable | disable RemoteHOST td start | stop | flush Description: Telnet daemon makes it possible to remotely configure and manage a device, and more generally to execute any operation system commands in the same way as it is done on a local operator workstation. Telnet daemon starts automatically when the device is switched on.
Chapter 4 - Layer 3 Command Set - IP Networking 4.14 Nat Command (Network Address Translation) Nat Command (Network Address Translation) Network address translation according to RFC1631.
Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation) x.x.x.x | 0.0.0.0 -acl $NAME [public_addr|dhcp IFNAME] [enable|disable|delete] enables/disables or deletes a list of local networks and public address or dhcp on the specified interface.
Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation) 4.14.1 General Description NAT allows solving to the certain extent the problem IPv4 address space exhausting. It means that several computers in the given LAN may connect to Internet via the same public IP address. NAT-module receives outgoing IP-packets, modifies sender's IP address to the public IP address and forwards it to Internet.
Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation) ISP's backbone networks via radio interface and ISP's backbone is built using private internets. So what is the physical interface to assign the public IP? It may be assigned using alias name to any physical interfaces or to virtual interface null0. ifconfig null0 123.1.1.1/32 up More than that, sometimes one can avoid public IP assignment to physical interfaces at all.
Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation) In order to delete a record for the private network from the configuration, use "-" sign instead of a public address. For example: nat local_acl $NAT nat alias_address 123.1.1.1 This command is obsolete. Use local_acl command. nat maxlinks NUM This command set the maximum number of supported connections. 1000 by default.
Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation) nat verbose yes|no Enables diagnostic mode and prints modified packets into system log. nat Proxy only yes|no If enabled then NAT-module only forwards packet according to proxy_rule commands. Usual NAT not performed. nat stat Shows NAT statistics. Packet redirection NAT disadvantage is that local hosts are not accessible from Internet. Local hosts can establish outgoing connections but cannot serve incoming.
Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation) If you are using several pairs of public address-private network, it is recommended to specify the exact public address. Parameters remote_addr and remote_port_range may be specified for more exact definition of incoming packets (packets only from specified source and port will be allowed). If remote_port_range is not specified then its range should coincide with range of public_port_range. nat redirect_port tcp 192.
Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation) nat redirect_address 192.168.1.2 192.1.1.1 nat redirect_address 192.168.1.3 192.1.1.2 In this case all traffic incoming to 192.1.1.1 will be redirected to the LAN address 192.168.1.2, and traffic incoming to 192.1.1.2 will be redirected to 192.168.1.3. Address redirection makes sense when there are several IP-addresses on the same host. In this case NAT can assign to every LAN client its own external IP-address.
Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation) local_addr - LAN host address, its outgoing connections will be processed. If address not specified then any port connections will be processed. local_port - a port outgoing messages from which will be processed. If the port is not specified, the all connections from all ports are processed. nat proxy_rule parameter value [parameter value]… Redirection of outgoing packets.
Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation) In given example all outgoing LAN TCP packets destined for port 80 will be redirected to provider proxy server. nat del rule_number Deletes the rule numbered by rule_number.
Chapter 4 - Layer 3 Command Set - IP Networking 4.15 Trapd Command (SNMP Trapd Support) Trapd Command (SNMP Trapd Support) SNMP trapd support module Syntax: trapd [-]dstaddr x.x.x.x[:PORT] trapd [[-]agent x.x.x.
Chapter 4 - Layer 3 Command Set - IP Networking Trapd Command (SNMP Trapd Support) X.X.X.X" command defines gateway for traps. Trapd gateway automatic setting by auto parameter is also possible. Example: trapd dstaddr 192.168.1.
Chapter 4 - Layer 3 Command Set - IP Networking 4.16 DHCP Server DHCP Server 4.16.1 DHCP Server Command Language Commands used for configuration/review of current DHCP server state are entered using console or Telnet. Prefix command for WANFleX command interpreter is dhcpd.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server scope delete exclude scope delete option scope delete reservation scope interface scope option scope reservation delete option scope reservation option scope set range scope
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server administrator with super-user rights. Other commands can be executed by any user. Trace|notrace options enables|disables writing DHCPD service information to system log. Show xml shows DHCPD configuration in XML format. In above command list parameters are put into <>. If parameter value contains spaces, this parameter must be put into quotes. Example: #2>dhcpd scope MSOFT add classid "MSFT 5.0" or #2>dhcpd add scope "Micro Soft" eth0 9.1.1.
Chapter 4 - Layer 3 Command Set - IP Networking 4.16.1.2 DHCP Server Address Scope Scope is a range of IP-addresses within which a server can assign addresses to its clients. Scopes are located in a configuration database of a server and are identified by names configured by server administrator when this scope was created. Scope is created by the following command: Syntax: dhcpd add scope here SCOPE_NAME - scope name.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server OK In the example, we created a scope with MSOFT as a name and for suitable interface eth0. #2> dhcpd add scope new * 10.12.12.30 10.12.12.50 WRN: Scope created, but not attached. Here a scope with new name was created to be attached to any suitable interface. A scope was successfully created but could not find a suitable interface to be attached to. In order to change a range of addresses of existing scope one can use the following command.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server 192.168.177.10-192.168.177.19 Scope detached OK Thus, we detached OTHER scope. In order to attach it again we need the following command: #2> dhcpd scope OTHER interface eth0 (or *) [eth0] <192.168.177.12> (OTHER): 192.168.177.10-192.168.177.19 Scope attached OK One can set up excludes into scope range of addresses. Excludes are range of addresses which belong to the scope but are not given to DHCP server clients.
Chapter 4 - Layer 3 Command Set - IP Networking 4.16.1.3 DHCP Server Clients class filter (CLASSID) Scope of addresses has clients class filter. If a client in its request submits its class, a server is able to give an IP-address only from those scopes which are connected to client's interface and which have client's class specified in their class filter. Class filter is a set of client vendor class id from which it is allowed to give a lease for IP-addresses from the scope.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server INTERFACE - network interface name which information is required. If * is specified instead of interface name, all interfaces' information is printed. Command output is a structured list: Example: #2> dhcpd show interface * >INTERFACES [eth0] UP 9.1.1.100/255.255.255.0 (PHONES) 9.1.1.151 - 9.1.1.200 192.168.177.12/255.255.255.0 (OTHER) 192.168.177.10 - 192.168.177.19 (MSOFT) 192.168.177.20 - 192.168.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server [eth0] UP 9.1.1.100/255.255.255.0 (PHONES) 9.1.1.151 - 9.1.1.200 192.168.177.12/255.255.255.0 (OTHER) 192.168.177.10 - 192.168.177.19 (MSOFT) 192.168.177.20 - 192.168.177.22 [vlan0] DOWN 192.168.178.1/255.255.255.0 OK In this example, the DHCP server has two interfaces: eth0 and vlan0. vlan0 interfaces was turned down by WANFleX command: ifconfig vlan0 down.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server OK Now eth0 interface is locked and it had all his scopes detached. Interface can be unlocked: Syntax: dhcpd unlock interface Example: #2> dhcpd unlock interface eth0 [eth0] <192.168.177.12> (MSOFT): 192.168.177.20-192.168.177.22 Scope attached [eth0] <192.168.177.12> (OTHER): 192.168.177.10-192.168.177.19 Scope attached [eth0] <9.1.1.100> (PHONES): 9.1.1.151-9.1.1.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server dhcpd scope add reservation where SCOPE_NAME - name of the scope to which reservation is added, CLIENT_ID - client identifier, CLIENT_IP - IP-address which will be given to this client. Scope reservations are saved in configuration database of the server and are identified by scope name and client's identifier. Example: #2>dhcpd scope PHONES add reservation ID:01:00:04:35:00:22:23 9.1.1.
Chapter 4 - Layer 3 Command Set - IP Networking 4 DHCP Server Interface. Sent to the client which received a lease from one of the scopes which is attached to the interface (and the value of the requested option was not in scope's reservation, in the scope itself and in interface's reservation). 5 Server. Sent to clients which received a lease from one of the scopes (if the value of the option was not in all divisions listed above)? Meaning of the division - default value.
Chapter 4 - Layer 3 Command Set - IP Networking 1 DHCP Server Scope reservation division Syntax: dhcpd scope reservation option where SCOPE_NAME - scope name for which reservation one need to define an option value. CLIENT_ID - reservation client identifier. If this option with the same name was defined, the value will be changed to the one specified in this command.
Chapter 4 - Layer 3 Command Set - IP Networking 3 DHCP Server Scope divisions Syntax: dhcpd scope option 4 Interface divisions Syntax: dhcpd interface option 5 Server divisions Syntax: dhcpd option Of course, there is a set of commands which delete all of these options from the divisions: Syntax: dhcpd scope reservation delete option dhcpd scope
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server Moreover, there is a set of service options which although are included into a summary table, they do not act as configuration parameters but act as service parameters.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server #2> dhcpd interface * show client * >INTERFACES CLIENTS --------- [eth0] --------(IPHONES) ID:01:00:04:35:00:22:24 " IP_PHONE" 'Unknown node' 192.168.0.101 since 25/04/2005 11:32:57 SUPPLIED OPTIONS: #1 . . . 255.255.255.0 . . DF Subnet Mask #2 . . supplied> . . #3 #7 . . . . supplied> . S . . . . . Time Offset . Router . . Log Server
Chapter 4 - Layer 3 Command Set - IP Networking 4.16.1.7 DHCP Server Address Time Any IP-address lease is limited by the time specified in Address Time option. If a client which was given a lease does not extend it within Address Time period, the server will cancel the lease. The value of this time may be defined by the client but it should not exceed its maximal value. The maximal time of a lease is set up in Address Time of one of the divisions to which this client is applied.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server [eth0] >BOUND_HISTORY 1 (MSOFT) ID:01:00:0F:EA:05:29:C6 BOUND=192.168.177.21 until 02/01/2003 13:25:37 OK The information about expired leases is saved in the database during 24 hours. After 24 hours the record is automatically deleted from the database, and the IP-address becomes a free address (after being ). The server will use addresses for other clients if all the scopes (which suit new clients) ran out of free addresses.
Chapter 4 - Layer 3 Command Set - IP Networking 3 Client's class identifier 4 Host name DHCP Server To view the list, use the following command: Syntax: dhcpd show unleases Where: SUBSTR - a substring for a partial list view. When executing a command the server will print only those records which fields contain the substring (one of the fields). Substring is case-sensitive. If * is specified as a substring the full list is printed.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server is connected to another network, the direct dialog cannot take place. However, the device which logically connects two networks with DHCP client and DHCP server can have a special software running - DHCP Relay Agent (DRA). DRA retranslates DHCP packets (including broadcast packets) from DHCP clients to DHCP server and back. Data exchange between DRA and DHCP server is performed using unicast packets only.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server (MSOFT) 192.168.177.20 - 192.168.177.50 192.168.15.55/255.255.255.0 for ID:01:00:05:90:02:1F:C8
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Server OK You can delete a subnet from virtual interface's list using the following command: Syntax: dhcpd virtual interface delete subnet Example: #1> dhcpd virtual interface 192.168.177.81 delete subnet 192.168.188.1 255.255.255.0 [v.192.168.177.81] <192.168.188.1> (VIRTUAL_TEST): 192.168.188.20-192.168.188.50 Scope detached [v.192.168.177.81] Subnet dropped 192.168.188.1/255.255.255.
Chapter 4 - Layer 3 Command Set - IP Networking 4.17 DHCP Relay. dhcpr Command DHCP Relay. dhcpr Command 4.17.1 General Description For DHCP protocol regular work, the server and the hosts that get the service should be allocated within one network segment - no routers should be placed in between. If the network consists of several segments, each segment should have its own DHCP server as routers block broadcast packets.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Relay. dhcpr Command dhcpr 125.12.100.13 dhcpr delete 125.12.100.12 4.17.2.3 Interface blocking By default, DHCP Relay accepts client's requests from all network interfaces. If one of the interfaces needs to be blocked not to forward requests from it, a special command should be used. Syntax: dhcpr (lock|unlock) INTERFACE INTERFACE - a name of one or several (separated by spaces) interfaces. Example: dhcr lock eth0 4.17.2.
Chapter 4 - Layer 3 Command Set - IP Networking 4.18 DHCP Client. dhcpc Command DHCP Client. dhcpc Command 4.18.1 General Description DHCP client is used for automatic retrieving of different parameters from DHCP server for one or several unit's network interfaces. Among the parameters are IP-address, network mask, default gateway etc. DHCP client management is implemented via dhcpc command.
Chapter 4 - Layer 3 Command Set - IP Networking DHCP Client. dhcpc Command -t (on|off) - This option turns on/off sending debug information to the system log. The option is not attached to any specific interface. 4.18.3 Commands start - starts DHCP client on a specified interface stop - stops DHCP client on a specified interface delete - stops DHCP client on a specified interface and clears all the options. dump - shows current status of DHCP client. 4.18.
Chapter 4 - Layer 3 Command Set - IP Networking 4.19 DNS Client DNS Client DNS client module allows using DNS services on a device. To start and mange DNS client use "dnsclient" command: dnsclient [options] [command] where commands are: start stop where options are: -domain={name} -server={address} Start/stop commands starts/stops DNS service. Available options: -domain={name} - sets local domain name -server={address} - sets IP address (in dot notation) of a name server.
Chapter 4 - Layer 3 Command Set - IP Networking 4.20 Nslookup Nslookup This command allows knowing host name by its IP-address and vice versa. Command syntax: nslookup {name|ip} Where name/ip parameter defines name or IP-address of the host.
