CLI Reference Guide BSGX4e Business Gateway NN47928-107 Software Release 2.1.
BSGX4e 1.2 Business Services Gateway Document Status: Standard Document Version: 01.01 Document Number: NN47928-107 Date: July 2008 Copyright © 2008 Nortel Networks, All Rights Reserved The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty.
CONTENTS 1 About this guide 7 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Command prompt convention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Text font conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ids anomaly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 ids flood activity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 ids flood settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 ids scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
relay sntp settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 relay tftp cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 relay tftp files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 relay tftp settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
system watchdog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Tacplus command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 tacplus client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 User commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 user accounts . . . . . . . . . . . . . . . . . .
1 About this guide This chapter describes the intended audience for the Command Line Interface (CLI) Reference Guide, conventions, how the guide is organized, and how to get help. This guide provides guidelines for configuring and monitoring the Business Service Gateway (BSG) X4e 2.1.1. The guide is designed for network managers, administrators, and technicians who are responsible for the management of networking equipment in enterprise and service provider environments.
Documentation 1 About this guide Text font conventions This guide uses the text font conventions described in the following table. Table 2 Text conventions Font Purpose Note Important Emphasizes information to improve product use. Indicates important information or instructions that must be followed. Indicates how to avoid equipment damage or faulty application. Issues warnings to avoid personal injury. Shows book titles, special terms, or emphasis. Shows strong emphasis.
1 About this guide How to get help How to get help This section explains how to get help for Nortel products and services. Getting help from the Nortel Web site The best way to get technical support for Nortel products is from the Nortel Technical Support Web site: www.nortel.com/support This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products.
How to get help 10 1 About this guide NN47928-107
2 COMMAND INTERFACE OVERVIEW This chapter describes how to use the Command Line Interface (CLI) for the BSGX4e. The CLI provides commands for every function of the device. It also provides online help and an interactive mode for easier command entry.
Command entry 2 Command interface overview Command entry This chapter assumes the BSGX4e has been installed in a working network as described in the Installation Guide and the Initial Configuration Guide. It also assumes that you can log in to the device from a terminal session at your workstation or the console. A command prompt displays after logging in to the BSGX4e from a terminal session. The command prompt consists of a string followed by the > character.
2 Command interface overview Online help Online help To get online help with commands while logged in to the device, use the Help command. General help To list general information about the CLI, perform the following steps. 1. Type help after a command prompt and press the enter key: > help A long list appears. Commands are listed under the following headings: Maintenance Commands: Command Groups (CLI commands): 2.
Online help 2 Command interface overview config display del show element stats clear - Configure an element's parameters Displays the current configuration of an element Delete a particular element Shows the current active information about an - Statistics about a particular element - Clears statistics for an element Parameter: Boolean parameters are set by their name, unset by the 'no' parameter. IP parameters can be ranged, have masks (/24). For example, 192.16.1.20-192.16.1.25 and 192.168.1.
2 Command interface overview NN47928-107 Online help 15
CLI command syntax 2 Command interface overview CLI command syntax The following syntax applies to CLI commands: config [command group] [command sub-group] [PK] [parameter ] For a description of the syntax, see General help on page 13. Enter a command group followed by a ?, to list all subcommand groups.
2 Command interface overview CLI command syntax Boolean parameters are parameters with two states (on/off or yes/no). To specify the on/yes state, you can specify just the parameter name, omitting any value. To specify the off/no state, you can specify the parameter name followed by the no value.
CLI command syntax 2 Command interface overview Country Temp Up time Reset by United States of America (US) Unsupported 0y 5d 20h 43m 37s software reset Command keyword ALL The keyword all is used to perform the command on all entries. The command action can be modification, deletion, clearing of statistics, or display. For example, the following command changes the specified parameter for all QoS Quality Groups. (The command changes the iptos parameter value to 248.
2 Command interface overview Interactive mode Interactive mode Interactive mode allows a command to be entered all on one line or split between two or more lines. With single line entry, the command and all its parameters are typed before you press . In interactive mode, the command is entered on one line, but its parameters can be entered on one or more following lines. Interactive mode is provided for most CLI commands.
Interactive mode 20 2 Command interface overview NN47928-107
3 CONFIGURATION COMMANDS This chapter lists the BSGX4e configuration commands in alphabetical order. Configuration commands have the following syntax: config [command group] [command sub-group] [PK] [parameter ] See General help on page 13 for a description of the syntax.
3 Configuration commands — — — — — — — — — — — — — — — — 22 — mgcp server settings — mgcp ua port — mgcp ua settings Netflow commands — netflow agent — netflow filter PMON commands — pmon agent — pmon trace Protocol commands — protocol arp — protocol ppp Proxy ARP commands — proxy arp QoS (GoS) commands — qos downstream link — qos group — qos link Radius commands — radius client Relay commands — relay dhcp settings — relay dns settings — relay sntp settings — relay tftp cache — relay tftp files
3 Configuration commands — — — — NN47928-107 — switch qos port — switch qos setting — switch qos tos — switch arl — switch mirror — switch port — switch vlan System commands — system dns — system dyndns — system images — system info — system sntp — system startup — system watchdog Tacplus command — tacplus client User commands — user accounts — user groups — user rights Voice Commands — voice acl — voice fxo gain — voice fxo hw impedance — voice fxs gain — voice fxs hw impedance — voice fxs ring patter
Audit status command 3 Configuration commands Audit status command Audit logging logs events that affect system security, such as system configuration changes and invalid log in attempts.
3 Configuration commands Audit status command audit status Use this command to configure audit logging. Audit logging fills a table of 100 entries in FIFO order. Note: In the current version, the audit log is saved on compact flash. Syntax config audit status enabled [yes|no] Parameters enabled yes|no Example > config audit status enabled no Enable/disable audit logging. The default is enabled (yes). The following example accesses a stored audit log. Example > ls /cf0usr/Audit . ..
ARP command 3 Configuration commands ARP command This section describes how to configure ARP: z 26 arp table NN47928-107
3 Configuration commands ARP command arp table ARP is a network layer protocol that automatically maps IP addresses to hardware Media Access Control (MAC) addresses. When a network node sends data to an IP address on its segment, it broadcasts an ARP request to resolve the IP address to an Ethernet MAC address. ARP runs over Ethernet only. ARP maintains the ARP table in the BSGX4e. Each entry in the table maps an IP address to a MAC address.
Calls analyser command 3 Configuration commands Calls analyser command Voice Quality Monitoring (VQM) measures call quality and monitors calls. Video is not monitored. The VQM analyser simulates a jitter buffer to analyze VoIP media streams to deduce information such as packet loss, delay, and jitter. Based on these parameters, VQM calculates R-Factors and Mean Opinion Scores updated in real-time over the duration of calls. The alarm levels and the duration of an alarm are also specified.
3 Configuration commands Calls analyser command call analyzer Use this command to configure voice quality monitoring. Syntax config jb [static|adpative] min max nom rtdelay quality [yes|no] burst [yes|no] delay [yes|no] rquality rburst burstmin delaymax qalertclear balertclear dalertclear Parameters Example NN47928-107 jb static|adaptive Specify a static or adaptive jitter buffer.
Calls analyser command Related commands 30 3 Configuration commands display calls analyser show calls analyser show calls current show calls history show calls alarms show calls quality stats calls quality NN47928-107
3 Configuration commands DHCP server command DHCP server command DHCP provides configuration parameters to IP hosts. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP Server to a host and a mechanism for allocating network addresses to hosts. DHCP is built on a client/server model, where designated DHCP Server hosts allocate network addresses and deliver configuration parameters to dynamically configured hosts.
DHCP server command 3 Configuration commands dhcps group Use this command to configure a name for a DHCP server (DHCPS) group. This name is necessary for configuring other DHCPS commands. Syntax config dhcps group Parameter name Example > config dhcps group engineering Related commands del dhcps group display dhcps group show dhcps group 32 Enter a name for this DHCP server group.
3 Configuration commands DHCP server command dhcps host The DHCPS host configures the server so that a client with a given MAC always receives the same IP address as well as overrides the options specified for the pool covering the interface on which the request was received. Syntax config dhcps host [new|] macaddress ip optiongroup description Parameters id Enter new for a new host or an exiting ID for reconfiguring.
DHCP server command 3 Configuration commands dhcps option A DHCP option is information that can be sent to a client when assigning a client an IP address. Any given option code name can be configured with different values when assigned to different groups. Each DHCP option has a code, but these codes are not displayed to users. Users deal only with option names. Use this command to configure the DHCP server (DHCPS) option settings.
3 Configuration commands DHCP server command dhcps pool The DHCPS manages a pool of IP addresses and also has information about client configuration parameters, such as the default gateway, the domain name, and DNS servers. A query for information or IP addresses is typically initiated immediately after booting up and must be completed before the client can initiate IP-based communication with other hosts.
DHCP server command 3 Configuration commands *dhcps-pool-eth1#*> *dhcps-pool-eth1#*> *dhcps-pool-eth1#*> *dhcps-pool-eth1#*> *dhcps-pool-eth1#*> *dhcps-pool-eth1#*> *dhcps-pool-eth1#*> *dhcps-pool-eth1#*> Related commands 36 subnet 10.0.1.0 netmask 255.255.255.0 ip 10.0.1.100 - 10.0.1.200 broadcast 10.0.1.255 lease 1 gateway 10.0.1.1 dns1 10.0.1.
3 Configuration commands DHCP server command dhcps vendorclass Use this command to configure the options according to the vendor class identifier sent by a client. The vendor class can be refined by giving an interface; in this case the options are only applied if both the vendor class identifier and interface match the incoming DHCP request.
Firewall connection timeout command 3 Configuration commands Firewall connection timeout command The firewall dynamically opens and closes ports for data traffic. Some TCPbased applications (such as Telnet, FTP, and HTTP) open connections to external servers, which can be left idle for extended periods. Leaving a port open and idle can create a security risk.
3 Configuration commands Firewall connection timeout command firewall TCP Setting a timer for firewall connections limits how long a port can remain idle before it is closed. Separate firewall time-outs can be configured for TCP connections and HTTP connections. Use this command to configure the timeout for these connections. Syntax config firewall tcp defaulttimeout httptimeout Parameters defaulttimeout seconds Enter the default TCP timeout.
Intrusion detection system commands 3 Configuration commands Intrusion detection system commands The Intrusion Detection System (IDS) defense is designed for protection against attacks that are destined for the BSGX4e or the LAN. IDS inspects all inbound and outbound network activity and identifies patterns that can indicate system attacks. Table 3 lists the applicable protocols.
3 Configuration commands Intrusion detection system commands ids anomaly This command enables and disables protection against packet fragments anomalies. Protection can be enabled or disabled for the following anomalies: z z z fragoverlap — The offset of one fragment overlaps the offset of another fragment. For example, if the offset of the first fragment is 0 and its length is 800, the offset of the second fragment is 800. If it is less than 800, the second fragment overlaps the first fragment.
Intrusion detection system commands 3 Configuration commands fragtooshort — Triggers when any IP fragment other than the final fragment is less than 400 bytes, indicating that the fragment is likely to be intentionally crafted. active no|yes Enable/disable attack detection.
3 Configuration commands Intrusion detection system commands ids flood activity Flood attacks result in denial of service. IDS can detect floods targeted at protocols and services. IDS refers to a threshold value to detect a flood attack. The threshold varies depending on the protocol or service being protected. Use this command to configure IDS flood detection.
Intrusion detection system commands 3 Configuration commands unknowntypeflood — This flood activity type refers to floods targeting Ethernet activities other than ARP, STP and CDP. active no|yes Enable/disable attack detection.
3 Configuration commands Intrusion detection system commands ids flood settings This command describes how to change threshold values for IDS flood protection. IDS refers to a threshold value to detect a flood attack. The threshold can be changed for some protocols and services: z z z z Known protocols: ARP, ICMP, UDP, TCP, ESP Any protocol other than the known protocols listed above (unknown_ip_proto).
Intrusion detection system commands 3 Configuration commands ids scan IDS scan protection can be activated for ICMP, UDP, and TCP SYN messages. A threshold value determines the number of messages sent that constitute an attack. When IDS detects a scan attack, it bans traffic for that protocol (ICMP, UDP, or TCP) for the timeout interval. This command activates a scan time or changes the timeout value.
3 Configuration commands Intrusion detection system commands ids spoof IDS spoof detection can be activated for all IP interfaces, including eth0, eth1, the PPP interface, vifX (VLAN), and VPN interfaces. IDS spoof detection defines the IP interfaces as trusted or untrusted interfaces. By default, IDS assumes the trust settings shown in Table 6. IDS assumes that spoof attacks arrive from the WAN and by default assigns untrusted status to WAN interfaces. This activates spoof detection for these interfaces.
Internet key exchange commands 3 Configuration commands Internet key exchange commands The Internet Key Exchange (IKE) protocol provides utility services for IPSec. It defines how pairs of secure gateways negotiate IKE security associations (IKE SAs). The IKE SAs that the BSGX4e negotiates are determined by the configuration of IKE preshared keys and IKE parameters.
3 Configuration commands Internet key exchange commands ike parameters The IKE SA is re-negotiated when its lifetime expires; the shorter the lifetime, the more frequently the IKE SA is re-negotiated. Thus, a shorter lifetime increases security. Use this command to configures the IKE parameters. Syntax config ike parameters lifetime maxlifetime Parameters lifetime seconds Specify the default IKE SA lifetime. This is the initial value used for negotiations with the remote host.
Internet key exchange commands 3 Configuration commands ike preshared An IKE preshared key record specifies the preshared key used to encrypt ISAKMP messages. An IKE preshared key record defines the key (similar to a password) used to authenticate a remote secure gateway. Every IKE SA negotiation refers to a preshared key record to get the key value shared with the peer, that is, the remote secure gateway. Usually, each VPN has its own preshared key record.
3 Configuration commands Interface commands Interface commands This section describes how to configure the interface that connects the BSGX4e to an external network, or WAN. Ethernet WAN interface runs up to 100 Mbps; Ethernet LAN interface runs on 100 Mbps.
Interface commands 3 Configuration commands interface ip Use this command to configure the IP settings of the BSGX4e interfaces. The interface ip command also configures the Ethernet settings (speed and mode) for the Ethernet interfaces. Syntax config interface ip [eth0|eth1] ip mtu dhcpclient [no|yes] status [up|down] speed [Auto|10Half|10Full|100Half|100Full] Parameters if eth0|eth1 Specify the interface type.
3 Configuration commands Interface commands interface ppp Use this command to configure the BSGX4e to use a PPP link as its primary WAN interface. To use a PPP link, PPP parameters must be stored as a PPP profile; when activated, the profile directs the activity of the PPP client in the BSGX4e. The PPP client supports a single PPP session (ppp0) and is compliant with RFC 2516 (PPPoE). Note: On the BSGX4e, DHCP service must be disabled for the eth0 interface.
Interface commands Example 3 Configuration commands user string Enter a user name (up to 32 characters) as provided by the ISP. password string Enter a log in password (up to 32 characters) as provided by the ISP. The following example sets up the PPP link as the WAN interface on the BSGX4e. z z z The first command turns off DHCP service on the eth0 interface. The second command configures and activates the PPP profile.
3 Configuration commands Interface commands interface vlan Use this command to configure a virtual interface (vif) for a VLAN to assign it an IP address. A virtual interface and IP address assignment enable the BSGX4e to route IP traffic to and from the VLAN. The firewall must be configured to route traffic through the interface. z Note: One or more ports must be assigned to the VLAN before a virtual interface is configured for the VLAN. Up to sixteen virtual interfaces can be configured.
IP security commands 3 Configuration commands IP security commands IPsec provides data confidentiality, data integrity, and data authentication between peers. The Internet Key Exchange protocol (IKE) defines how pairs of secure gateways negotiate IPSec security associations (IPsec SAs). The IPsec SAs negotiated are determined by the configuration of IPsec policies and IPsec proposals.
3 Configuration commands IP security commands ipsec parameters Use this command to define the IPsec parameters for maximum lifetimes for an IPsec security association (SA) and the Diffie-Hellman group to use for session key exchange. The default provides for automatic negotiation of the DH group. Syntax config ipsec parameters lifetime maxlifetime group [dh1024|dh768|nopfs|auto] Parameters lifetime seconds Define the Default IPsec SA lifetime.
IP security commands 3 Configuration commands ipsec policy An IPsec policy specifies the two secure networks that a VPN tunnel connects and the security parameters used to encrypt and decrypt traffic between the two networks. The configuration of an IPsec policy also allows an IP interface to be configured for the policy. The following are required for an IPSec policy to bring up a successful VPN tunnel: z A preshared key must be defined for the remote secure gateway.
3 Configuration commands IP security commands clear ipsec sa show ipsec sa NN47928-107 59
IP security commands 3 Configuration commands ipsec proposal An IPsec proposal is a set of security parameters used when negotiating an IPsec SA with a remote secure gateway. IPsec proposals are used by the IPsec policies that reference them. The initial BSGX4e configuration provides a predefined IPsec proposal named VPN-A. This predefined IPsec proposal conforms with the recommendations for a standard IPsec cryptographic suite called VPN-A, as described in RFC 4308.
3 Configuration commands Local call routing commands Local call routing commands Local call routing (LCR) mode describes the telephone service that the BSGX4e can provide without the use of a VoIP call server on the WAN. Local call routing is automatically used when VoIP service is interrupted and LAN endpoints cannot receive or place calls using a call server on the WAN. In LCR mode, LAN VoIP phones can place and receive local calls, that is, calls that do not go out to the WAN.
Local call routing commands 3 Configuration commands lcr accounts When the BSGX4e acts as the VoIP server to perform local call routing, it needs to know the telephone numbers of the local endpoints. An LCR account informs the BSGX4e of the telephone number of a local endpoint when the user ID or endpoint ID does not provide that information. For example, when a SIP account is defined by a name string, the LCR account defines the telephone number of that account.
3 Configuration commands Local call routing commands lcr settings Use this command to configure local call routing settings, including if a gateway is used for external calls, the emergency call number, and the numbering plan settings that allow the BSGX4e to determine if the call is local or external.
Local call routing commands 3 Configuration commands > config lcr settings lcbmode int ecpolice 911 coprefix 9 Related commands 64 display lcr settings show lcr settings show lcr accounts show lcr connections NN47928-107
3 Configuration commands Logging commands Logging commands The BSGX4e supports both local module logging and remote module logging (udplog and syslog). Local module logging writes entries to an internal buffer.
Logging commands 3 Configuration commands logging dest If the destination map for a message type is external, a server must be configured. The server destinations are: z UDP: Messages are sent in raw UDP format to a UDP server. z syslog: Messages are sent in Syslog format to a Syslog server. Use this command to configure logging destinations.
3 Configuration commands Logging commands logging map Each type of log message is mapped to its own set of destinations. Use this command to configure the logging map. Note: When the destination is set to file, logs are saved on the compact flash in /cf0usr/log/. They can be read with the command cat. They can be exported using SFTP. Note: Logging the configuration uses system resources and can cause a difference in system speed.
Logging commands 3 Configuration commands Example > config logging map emerg +syslog Related commands display logging map show logging map show logging dest show logging modules 68 NN47928-107
3 Configuration commands Logging commands logging modules Specify which message levels can be included or excluded for a system module. Severity Message Level Level Description Default Destination 0 emerg Emergency operation error Internal buffer. 1 alert Alert operation error Internal buffer. 2 crit Critical operation error Internal buffer. 3 error Low-level operation error Internal buffer. 4 warn Warnings, such as a system attack. Internal buffer.
Media setting command 3 Configuration commands Media setting command Settings for the Media Bridge (MBR) specify how VoIP media connections are established. By default, communication streams are established between each party and the BSGX4e that bridges them to establish the end-to-end communications.
3 Configuration commands Media setting command media settings Use this command to set the parameters for VoIP media streams. If the direct media (dm) setting is enabled, communication streams are directly established between parties in a LAN-to-LAN call. Syntax config media settings dm [yes|no] port audioqos maxconn defaultvideobw Parameters dm yes|no Enable/disable the use of direct media (RTP) connections between two LAN endpoints. The default is no (disabled).
Media gateway controller protocol commands 3 Configuration commands Media gateway controller protocol commands The Media Gateway Control Protocol (MGCP) session controller controls the establishment and termination of VoIP sessions, as requested by endpoint devices. The MGCP gateway, which operates together with the session controller, serves as the VoIP gateway for analog devices. The BSGX4e controls VoIP sessions for its LAN devices, which can be MGCP phones and PC terminals.
3 Configuration commands Media gateway controller protocol commands mgcp sc settings All VoIP traffic is directed through the session controller, allowing it to isolate and control all VoIP devices on the internal network (LAN). Use this command to configure the session controller settings.
Media gateway controller protocol commands 3 Configuration commands mgcp server settings The following command configures a MGCP server profile. Up to 3 servers can be configured to implement a fail-over mode. If one is unreachable, the other ones are tried.
3 Configuration commands Media gateway controller protocol commands mgcp ua port Syntax Use this command to configure the MGCP user agent port on a BSGX4e.
Media gateway controller protocol commands 3 Configuration commands fax off|CC_ON Enable/disable fax pass-through and either force media to G.711 echo cancellation (CC_ON). The default is off. vad yes|no Enable/disable voice activity detection (silence suppression). Enabling VAD allows the BSGX4e to avoid sending RTP packets, conserving resources. VAD can silence very low sounds, lowering voice quality. up yes|no Enable/disable the MGCP gateway port. The default is yes (enabled).
3 Configuration commands Media gateway controller protocol commands mgcp ua settings The MGCP protocol can be modified for interoperability purposes within the MGCP environment on a BSGX4e. Use this command to configure the MGCP user agent settings. Syntax config mgcp ua settings domainformat [macaddr] maxretxnum Parameters domainformat macaddr Enter the domain type used for MGCP endpoint identification userid@domain. Only MAC addresses are supported.
Netflow commands 3 Configuration commands Netflow commands The BSGX4e implements a Netflow exporter. It monitors incoming traffic and reports it to the Netflow collector. Netflow versions 1, 5, and 9 are supported. The Netflow exporter must be deployed together with a Netflow collector. The exporter and collector must implement the same Netflow version. To classify traffic into the flow to be monitored, the Netflow exporter applies filters to the traffic received on the interfaces.
3 Configuration commands Netflow commands netflow agent Use this command to configure the Netflow agent. Netflow is a Ciscodeveloped system for monitoring network IP traffic from devices that are enabled with the Netflow protocol. This feature is disabled by default. Note that Pmon performs a similar function for all traffic. See PMON commands on page 81 for more information. The BSGX4e uses Netflow on incoming traffic only. The systems consists of an exporter and a collector.
Netflow commands 3 Configuration commands netflow filter Use this command to configure the Netflow filter. By default, all traffic is monitored with a default setting of any for all fields. Syntax config netflow filter sourceport destport scrip dstip tos ipproto [any|udp|tcp|icmp|esp|gre] ethproto [ip|arp|rarp] srcmac dstmac interface Parameters sourceport port Enter the source port to monitor.
3 Configuration commands PMON commands PMON commands This section describes how to configure the protocol monitoring (PMON) tool. The PMON tool monitors traffic coming into the BSGX4e. PMON can record one or more traces of the incoming traffic. Only incoming traffic is monitored. The following statistics are reported by each trace: z Number of packets (received) z Number of bytes (received) z Packet rate z Bit rate PMON creates traces by applying filters to the traffic received on the interfaces.
PMON commands 3 Configuration commands pmon agent This command enables and disables protocol monitoring. Syntax config pmon agent enabled [yes|no] Parameters enabled yes|no Example > config pmon agent enabled yes Related commands del pmon agent show pmon agent display pmon trace show pmon trace 82 Enable and disable protocol monitoring. The default is no.
3 Configuration commands PMON commands pmon trace Use this command to configure monitor traces. All protocol monitoring traces are synchronized. This allows easy comparison of the traffic types received over a given period of time.
Protocol commands 3 Configuration commands Protocol commands This section describes how to configure ARP and PPP protocols to be protected by QoS: 84 z protocol arp z protocol ppp NN47928-107
3 Configuration commands Protocol commands protocol arp Address Resolution Protocol (ARP) is a network layer protocol that automatically maps IP addresses to hardware Media Access Control (MAC) addresses. When a network node sends data to an IP address on its segment, it broadcasts an ARP request to resolve the IP address to an Ethernet MAC address. ARP protocol must be protected to be able to forward traffic, especially the high priority flows including VoIP flows.
Protocol commands 3 Configuration commands protocol ppp Use this command to configure PPP control traffic to be protected by QoS. Protecting PPP control protocol ensures the PPPoE interface goes up and is maintained up over time. Not protecting PPP control protocol can lead to the PPPoE interface going down in case of congestion. When GoS is configured for a PPPoE interface, always protect PPP control protocol. PPP control protocol concerns the LCP phase, NCP phase and PPP keep-alive.
3 Configuration commands Proxy ARP commands Proxy ARP commands Proxy ARP is used in the BSGX4e to connect hosts that belong to different subnets transparently, that is, without those hosts having to know that the communication is across different subnets, eliminating the need to configure default gateways, routes, and so on, on those hosts.
Proxy ARP commands 3 Configuration commands proxy arp Proxy ARP enables the BSGX4e to transparently connect hosts that belong to different networks without having to configure default gateways, routes, or other network parameters. When a host on a network accessible to the WAN port of the BSGX4e sends an ARP request through the BSGX4e to a host on its LAN switch, it responds to the request by supplying its own MAC address (the MAC of the WAN port). The sending host caches the MAC address of the BSGX4e.
3 Configuration commands QoS (GoS) commands QoS (GoS) commands Attention: Downstream QoS is not yet supported.
QoS (GoS) commands 3 Configuration commands qos downstream link Downstream QoS manages WAN link bandwidth to provide quality protection for specified incoming data streams. This is intended primarily to ensure adequate bandwidth for incoming VoIP streams. It designates an (upstream) QoS quality group to protect the corresponding downstream traffic. The bandwidth and prioritizing functions that the quality group provides does not, however, apply to Downstream QoS.
3 Configuration commands QoS (GoS) commands qos group Use this command to configure a quality group. A quality group is the definition of a Guarantee of Service (GoS) treatment, including bandwidth, policing, and GoS class. Note: z z The GoS link must be configured before the quality groups that reference that link. Ten percent of link capacity is always reserved for Best Effort traffic. Thus, no more than 90% of the link rate can be explicitly committed to other quality groups.
QoS (GoS) commands 3 Configuration commands You can configure a quality group explicitly defined as best effort (BE). The defined BE quality group replaces the hidden, default BE group. Unlike the default BE group, a defined BE quality group does appear in the quality group list. Downstream QoS functions differently than the upstream QoS described in the preceding sections.
3 Configuration commands cos value|no QoS (GoS) commands Enter a CoS value to be written into each packet assigned to this quality group (decimal, 0-7). Specify no if no CoS value is to be written. If supported by the upstream router, the CoS value can notify the router if VLAN traffic is to be prioritized (as defined by the IEEE 802.1p standard). downstreamgos yes|no Enable/disable downstream QoS for this group. This feature reserves incoming bandwidth for non-TCP traffic (such as VoIP).
QoS (GoS) commands 3 Configuration commands qos link Use this command to configure a GoS link. A GoS link specifies the outgoing interface whose traffic is to be managed and the size of the bandwidth to be managed, that is, the maximum speed of that link. The GoS link is configured on the physical WAN interface, eth0 on the BSGX4e. It cannot be configured on a virtual interface (vif, vpn or ppp).
3 Configuration commands Radius commands Radius commands This section describes how to configure the RADIUS authentication when you log into BSGX4e 2.1.
Radius commands 3 Configuration commands radius client External authentication of passwords can be configured, providing additional security for user log ins to the BSGX4e. When a password is externally authenticated, the radius client in the BSGX4e sends the log in password to an external server for authentication. When external authentication is used for a user account, the external server defines the password required for log in using the account.
3 Configuration commands Radius commands Enter the binding IP address for the client. It is the IP address of the interface that the server references (typically, the IP address of the WAN interface.) Specify this value only if DHCP is not in use. interface eth0|eth1|none Select the physical interface through which RADIUS communicates if the auto parameter is yes. This is typically the WAN interface. To clear the parameter, specify none.
Relay commands 3 Configuration commands Relay commands This section describes how to configure the following relay commands: 98 z relay dhcp settings z relay dns settings z relay sntp settings z relay tftp cache z relay tftp files z relay tftp settings NN47928-107
3 Configuration commands Relay commands relay dhcp settings The DHCP relay function relays DHCP messages between clients located on the LAN and a single server located on the WAN. From the viewpoint of the clients on the LAN, the BSGX4e appears to be the server. From the viewpoint of the server on the WAN, the BSGX4e appears to be the client. Before enabling DHCP relay, the following tasks must be performed: z z z Disable the DHCP server on the LAN interface. See dhcps pool on page 35.
Relay commands 3 Configuration commands relay dns settings The DNS relay function relays DNS messages between clients located on LAN and a DNS server located on the WAN. The DNS relay function sets up the BSGX4e as a proxy for clients on the LAN that must make DNS requests (such as those required for Web browsing and email). From the viewpoint of the clients on the LAN, the BSGX4e appears to be the server. From the viewpoint of the server on the WAN, the BSGX4e appears to be the client.
3 Configuration commands source user|auto Example Relay commands Enter the source of the DNS relay configuration. The default is auto. For user, use the latest user-provided configuration, that is, the DNS servers last specified by the dns1 and dns2 parameters. For auto, use the DNS server configuration provided for the DNS client (see system dns on page 156). If the server configuration for the DNS client is null, use the user-provided configuration for the DNS relay (dns1 and dns2).
Relay commands 3 Configuration commands relay sntp settings The SNTP relay function relays the SNTP messages between clients located on the LAN and a server located on the WAN. From the viewpoint of the clients on the LAN, the BSGX4e appears to be the server. From the viewpoint of the server on the WAN, the BSGX4e appears to be the client. Note: Configure devices on the LAN, either through DHCP (option 42) or manually, to use the BSGX4e 2.1.1 as the SNTP server.
3 Configuration commands Relay commands client configuration is null if it requested its server from DHCP, but it did not receive one and/or it requested the user-provided server, but no SNTP server had been specified. gmt +|-offset Example Enter the GMT time zone offset in hours. The default is 0. Specify this offset only if the client devices cannot provide their offset. If the appropriate offset is supplied by the clients, set this parameter to 0.
Relay commands 3 Configuration commands relay tftp cache The TFTP cache feature allows copies of frequently requested files to be temporarily stored on the BSGX4e in memory. If a file requested by a LAN device is found in the cache, it can be immediately sent to the client. Use this command to configure TFTP cache.
3 Configuration commands Relay commands relay tftp files Use this command to configure a file to be stored in the TFTP file cache. Syntax config relay tftp files name Parameters index|new Specify new or an existing index number. name string Specify the name of the file to cache. Example > config relay tftp files 1 name SIPDefault.
Relay commands 3 Configuration commands relay tftp settings TFTP relay function relays the TFTP messages between clients located on the LAN and a single server located on the WAN. From the viewpoint of the clients on the LAN, the BSGX4e appears to be the server. From the viewpoint of the server on the WAN, the BSGX4e appears to be the client. The BSGX4e maintains a cache filled with the successful downloaded files.
3 Configuration commands RIP command RIP command This section describes how to enable dynamic routing using RIP (Routing Information Protocol). The BSGX4e supports RIP versions 1 and 2.
RIP command 3 Configuration commands rip daemon Use this command to configure the RIP daemon to start then listen for RIP messages on the WAN interface and uses that information to store routes in a table. For RIP to be effective, all routers in the network must support RIP version 1 or version 2. RIP version 2 is recommended.
3 Configuration commands Route commands Route commands This section describes how to configure BSGX4e static IP routes: z NN47928-107 route table 109
Route commands 3 Configuration commands route table This command adds a static IP route to the routing table in the BSGX4e. Each route in the table specifies the following: z The destination. Each packet contains a destination IP address. If the destination address is within the destination address range specified for the route, the route is applied to the packet. A default route does not specify a destination address range; instead, it applies to any packet to which no other route applies.
3 Configuration commands Security commands Security commands This section describes how to configure the BSGX4e security features: Firewall, NAT and ALG.
Security commands 3 Configuration commands security alg The Application Layer Gateway (ALG) enables the transfer of FTP, PPTP, and TFTP traffic through the firewall policies and NAT. This is done by creating dynamic holes in the firewall and changing IP addresses in application protocol headers. FTP is commonly used to transfer files over the Internet. TFTP (Trivial File Transfer Protocol) is a simple version of the FTP protocol used to transfer files over the Internet.
3 Configuration commands Security commands security nat interface Network Address Translation (NAT) provides security by hiding the internal addresses of the private network from the Internet: addresses and/or ports are translated from private IP addresses to public IP addresses, and vice versa. The BSGX4e processes both standard and reverse NAT: z z Standard NAT translates the source IP address of the LAN to the public WAN IP address.
Security commands 3 Configuration commands security nat policy When translating addresses, Network Address Translation (NAT) references policies that map addresses and ports. These policies enable static NAT, port forwarding, and address forwarding. Use this command to configure a NAT policy. Syntax config security nat policy [new |] type [static|rport|raddr] address port Parameters id Enter a policy ID number. Specify new when creating a new policy.
3 Configuration commands Security commands Security NAT public A public IP address must be configured for static NAT and also for address forwarding. This command adds public IP addresses to NAT. Up to 16 addresses can be configured. NAT addresses can be configured outside the subnet of the WAN. Syntax config security nat public
interface Parameters address Enter the public IP address. This can be a single IP address or a range of address using the xx.xx.xx.xx—xx.xx.xx.xx format.Security commands 3 Configuration commands security policy This command defines firewall security policies to accept desired incoming traffic. The firewall is closed by default. Firewall security is based on policies. A policy is created to accept or deny a traffic flow based on the current rule sequence. Security policies are also used to classify traffic for Network Address Translation (NAT) and for layer 3 Quality of Service (QoS) treatment (Guarantee of Service [GoS]). See security alg on page 112.
3 Configuration commands Security commands (acceptance or rejection) is determined by the first policy that the packet matches. Therefore, the sequential order of firewall policies is important. action allow|end Example Indicate whether a packet matching the policy is accepted or rejected. The following example configures a security policy that allows all TCP traffic from the eth1 interface, destined for port 9000, and going out the eth0 interface.
Service commands 3 Configuration commands Service commands This section describes how to configure BSGX4e access types.
3 Configuration commands Service commands service ssh The SSH server enables secure remote access to the BSGX4e over an insecure network, such as the Internet. SSH version 2 is supported. SSH use requires the following: z z The workstation on the WAN or LAN must provide an SSH client, for example PuTTY, and SSH secure shell. The SSH server in the unit must be enabled and the firewall must allow SSH access.
Service commands 3 Configuration commands service telnet Telnet allows access to the BSGX4e over a remote terminal session. Telnet access requires the following: z z The workstation on the WAN or LAN must provide a Telnet client, for example Tera Term Pro, Windows telnet client, and Linux telnet client. The Telnet server in the unit must be enabled and the firewall must allow Telnet access.
3 Configuration commands Service commands service web The Web server enables remote administration of the BSGX4e using the Web User Interface. The Web server supports access over HTTP and HTTPS (HTTP over SSL). For more information, see SSL commands on page 138. Web server use requires the following: z z The workstation on the WAN or LAN must provide a Web browser (Microsoft® Internet Explorer® or Mozilla® Firefox®).
Shell terminal command 3 Configuration commands Shell terminal command This section describes how to configure shell terminal settings: z 122 shell terminal NN47928-107
3 Configuration commands Shell terminal command shell terminal Use this command to configure the shell terminal settings. Syntax config shell terminal prompt timeout Parameters width size Enter the number of characters in a terminal line. The default is 80 characters. prompt Enter a string to define the command prompt. timeout Enter the number of minutes before the terminal logs out.
SIP commands 3 Configuration commands SIP commands The following section describes how to configure Session Initiation Protocol (SIP) commands. The SIP session controller controls the establishment and termination of VoIP sessions, as requested by endpoint devices. The integrated SIP gateway, which operates together with the session controller, serves as a VoIP gateway for analog devices. The SIP server determines how the session controller accesses SIP proxy servers to provide VoIP service.
3 Configuration commands SIP commands sip gateway settings Use this command to configure a SIP FxO gateway on the LAN side of the BSGX4e to provide the ability to call over the PSTN. An optional domain name can also be provided. Note: Before the gateway is configured, the SIP session controller must be configured, and the gateway settings for the Local Call Routing must be configured. See sip sc settings on page 126 and lcr settings on page 63 more information.
SIP commands 3 Configuration commands sip sc settings The SIP session controller (SC) relays SIP messages between SIP endpoints and SIP servers, controls how VoIP media traffic is established, controls which LAN endpoints can place and receive calls and reports the quality of calls.
3 Configuration commands SIP commands Enable/disable unknown content types to be relayed. The default is yes. contpass yes|no switchtype BROADSOFT|NORTEL_CS2K|SIEMENS|SYLANTRO|OTHER BSGX4e interoperates with various softswitches that offer multi-line (forking) capabilities. These switches require special handling by the session controller. Selecting a vendor here instructs the session controller to format call ID codes to operate with the switch multi-line feature.
SIP commands 3 Configuration commands sip server settings Use this command to configure a server profile, which determines how the session controller accesses SIP proxy servers to provide VoIP services. One of the session controller settings specifies the call server profile that the session controller is to use. A server profile can explicitly specify up to three SIP proxy servers or it can specify no. If no proxy server is specified, the session controller uses DNS to find its proxy servers.
3 Configuration commands SIP commands ibserver1 ip address|range Enter an optional additional inbound servers (IP address or range). ibserver2 ip address|range Enter an optional additional inbound servers (IP address or range). ibserver3 ip address|range Enter an optional additional inbound servers (IP address or range). Example retries number Enter the number of retries before a SIP proxy server is blacklisted. The default is 4 retries. (Specifying 0 disables call server failover.
SIP commands 3 Configuration commands sip ua port The SIP user agent (UA) allows an analog device to use VoIP connections to place and receive calls on a BSGX4e. The analog device must be connected to the BSGX4e port as described in the installation guide. The device can be a single analog device such as a telephone or fax machine or a gateway device which connects to multiple analog devices. Use this command to configure the SIP user agent port.
3 Configuration commands SIP commands rfc2833 off|on Enable/disable RFC 2833 for DTMF. RFC2833 provides out of band DTMF event reports. Distortion from compression and decompression can prevent recognition of pure DTMF tones. Out-of-band DTMF sends the information by separate RTP packets. The default is yes. payload type If RFC2833 is enabled, the RTP dynamic payload type can be specified (96-127). The default is 101. mls Off|RFC3264|RFC2976 Enable/disable multi-line support.
SIP commands 3 Configuration commands SIP UA settings Use this command to configure the SIP protocol settings on a BSGX4e that apply to the SIP user agent. The SIP settings for the gateway do not apply to the SIP session controller. The SIP protocol can be modified for interoperability purposes within the SIP environment.
3 Configuration commands SIP commands Enter the maximum interval of time in seconds that User Agent can ring without being answered. If the no answer timer expires, the call is rejected with an assigned reason of either ring-timeout or call-forwarding on no answer (if that feature is enabled). The default is 60 seconds. endofdial yes|no Enable/disable the hash (#) character at the end of the dialed digit string; if enabled (yes), the # character is stripped from the digit string. The default is yes.
SNMP commands 3 Configuration commands SNMP commands The following section describes how to configure SNMP commands. Use the following commands to configure SNMP on the BSGX4e.
3 Configuration commands SNMP commands snmp agent Use this command to configure an SNMP agent. The SNMP agent MIBs are described in IETF RFC 1213. The SNMP agent replies only to SNMP version 2c requests. Apart from the system group, all MIBs are in read-only mode in this version. Note: The BSGX4e cannot be configured through SNMP. The port used by the SNMP agent must be opened in the Firewall, allowing SNMP clients to reach it.
SNMP commands 3 Configuration commands snmp community Use this command to configure SNMP communities including the IP address and access rights. Syntax config snmp community ip access [read|read-write] Parameters community community-name Enter the name for the community. ip ip address Enter the IP address of the management station. access read|read-write Enter the access rights for this community string. Example > config snmp community public ip 192.168.134.
3 Configuration commands SNMP commands snmp traps Use this command to configure SNMP traps. The following traps are supported: z ColdStart: indicates the BSGX4e has restarted. z WarmStart: indicates the SNMP agent has restarted. z LinkUp: indicates an interface has come up. z LinkDown: indicates an interface has gone down. z AuthenticationFail: indicates SNMP authentication has failed (such as when the wrong community name is used).
SSL commands 3 Configuration commands SSL commands This section describes how to configure the Secure Socket Layer (SSL). Use the following commands to enable SSL to secure remote access to the BSGX4e over an insecure network.
3 Configuration commands SSL commands ssl certificate The SSL certificate allows a system administrator to configure an X509 certificate used by the SSL server. There are two methods to generate the X509 certificate: either it is generated from a self signed SSL CSR or the SSL CSR is signed by an external certificate authority and a certificate is imported. A single X509 certificate can be generated. When self-signed, the certificate is derived from the current CSR record and key record.
SSL commands 3 Configuration commands ssl csr The SSL Certificate Signing Request (CSR) allows a system administrator to generate an X509 certificate, which can be self-signed by the SSL module or signed by an external certificate authority (CA). A single X509 CSR can be generated. Generating a CSR requires an SSL key. To see the status of the SSL key, enter show ssl key. Note: If the SSL CSR is deleted, new SSL connections cannot be created.
3 Configuration commands SSL commands Uploading csr.pem to /cf0sys/ssl/csr.pem 3. Check that the CSR file is in the current directory: sftp> ls rsakey.dat sftp> exit csr.pem 4. The following imported CSR can be used to generate the SSL certificate as described in the ssl certificate on page 139: > config ssl certificate x509 import /cf0sys/ssl/csr.
SSL commands 3 Configuration commands ssl key The SSL key allows the system administrator to manage a private RSA key, which is needed by the SSL server to encrypt data. The first time the BSGX4e is started, a randomly-seeded, 1024-bit RSA key is generated and saved. Normally, a new private key does not need to be generated unless it is suspected that the security of the private key had been compromised. The RSA key is stored in the file /cf0sys/ssl/rsakey.dat.
3 Configuration commands Switch commands Switch commands This section describes how to configure the LAN switch: NN47928-107 z switch qos ieee z switch qos port z switch qos setting z switch qos tos z switch arl z switch mirror z switch port z switch vlan 143
Switch commands 3 Configuration commands qos The LAN switch in the BSGX4e provides a layer 2 Quality of Service (QoS) feature. This feature enables prioritization of network traffic, which is essential for the protection of time-sensitive traffic such as VoIP phone calls. Because it has multiple LAN ports to send traffic to the WAN and only one WAN interface to send that traffic, the BSGX4e must prioritize the traffic it routes.
3 Configuration commands Switch commands Table 7 NN47928-107 Default Priority Queues Priority Queue Port Number IEEE 802.
Switch commands 3 Configuration commands switch qos ieee This command maps IEEE 802.1p values to priority queues. This command is valid only if 8021p is selected as the layer 2 QoS type. See switch qos setting on page 148 for more information on selecting a layer 2 QoS type. Syntax config switch qos ieee priority [lowestq|lowq|highq|highestq] Parameters ieee value Enter the IEEE 802.1p tag value to map to the priority queue. Valid range is 0-7.
3 Configuration commands Switch commands switch qos port This command maps port numbers to priority queues. This command is valid only if port is selected as the layer 2 QoS type. See switch qos setting on page 148 for more information on selecting a layer 2 QoS type. Syntax config switch qos port priority [lowestq|lowq|highq|highestq] Parameters port value Enter the specific port number to map to a priority queue. Valid range is 1-4. Entering range of ports is not valid.
Switch commands 3 Configuration commands switch qos setting Use this command to configure layer 2 QoS settings. Syntax config switch qos setting type [port|TOSDiff|8021p] scheduling [wfq|fixed] Parameters type port|TOSDiff|8021p Enter the criterion that layer 2 QoS uses to classify traffic. The default is port. scheduling wfq|fixed Enter the method of QoS scheduling. The default is wfq.
3 Configuration commands Switch commands switch qos tos This command maps IP ToS/DiffServ values to priority queues. This command is valid only if tosdiff is selected as the layer 2 QoS type. See switch qos setting on page 148 for more information on selecting a layer 2 QoS type. Syntax config switch qos tos priority [lowestq|lowq|highq|highestq] Parameters tosdiff value Enter the port number to map to the highest priority queue. Valid range is 0-63.
Switch commands 3 Configuration commands switch arl Address Resolution Logic (ARL) maps MAC addresses to specific LAN ports. This enables switching packets between ports based on the destination MAC address in the packet. ARL provides these features: z Dynamic Entries A MAC address learning process automatically builds the ARL table as a forwarding database. The entries it creates are dynamic entries, that is, entries that are flushed regularly from the table.
3 Configuration commands Example Switch commands The following example increases the aging interval for the ARL table to 320 seconds: > config switch arl age 320 Related commands NN47928-107 clear switch arl show switch arl 151
Switch commands 3 Configuration commands switch mirror Use this command to configure port mirroring. Port mirroring duplicates traffic from one or several source ports to a destination port. The following port traffic can be mirrored: z Outgoing traffic only z Both incoming and outgoing traffic. Port mirroring is intended for troubleshooting only. After its use is complete, remove the port mirroring configuration immediately so that unit performance is not degraded.
3 Configuration commands Switch commands switch port Use this command to configure the BSGX4e LAN ports. There is an uplink port (port 0 or MII) and 4 LAN ports. Network traffic from the switch is sent through port 0 to the host for routing. The uplink port cannot be configured. It always operates at 100 Mbps, full duplex mode, flow control disabled.
Switch commands 3 Configuration commands switch vlan This command assigns ports as members of a Virtual LAN (VLAN). The ports can be any of the LAN switch ports. The ports can be the WAN port or any of the LAN switch ports. Switching is confined to the members of VLANs. Packets can be transmitted tagged with the VLAN ID for VLAN trunking or untagged as follow: z z Tagged ports transmit tagged packets. A port can belong to multiple VLANs as tagged. Untagged ports transmit untagged packets.
3 Configuration commands System commands System commands This section describes how to configure the following system parameters: NN47928-107 z system dns z system dyndns z system images z system info z system sntp z system startup z system watchdog 155
System commands 3 Configuration commands system dns The Domain Name Service (DNS) client in the unit sends requests to a DNS server on the WAN. A DNS request is used to get an IP address required by the BSGX4e, such as the IP address of a server that was specified by a fullyqualified domain name (FQDN). Two DNS servers can be configured: one as the primary server; the other as a secondary, backup server.
3 Configuration commands System commands system dyndns Attention: Dynamic DNS is not yet supported. The dynamic DNS service allows a remote host on the Internet to stay connected to the BSGX4e when it is configured with DHCP or PPP on the WAN interface. When the BSGX4e is configured with a dynamic IP address on its WAN port, remote hosts can not stay connected as the BSGX4e’s address changes. Dynamic DNS allows the domain name data held in a name server to be updated in real time.
System commands 3 Configuration commands Example config system dyndns service dyndns@dyndns.org enabled yes user test password **** hostname test.dyndns.
3 Configuration commands System commands system images This configures the default boot application. Syntax config system images [1|2] default [yes|no] Parameters slot 1|2 Designate the slot number to which the application image is assigned. default yes|no Designate yes to assign this slot as the default. No indicates this slot is not the default.
System commands 3 Configuration commands system info Use this command to configure the name and country code of the BSGX4e. Selecting a country code makes the appropriate configuration changes to the FxS telephony interfaces, for voice tone configurations (see voice tones on page 183) and to the session controller, for emergency call numbers configuration (see lcr settings on page 63). NOTE: After changing the country code, save the change and reboot the system to implement the change.
3 Configuration commands System commands system sntp Use this command to configure the SNTP client. Syntax config system sntp enabled [yes|no] source [user|dhcp|auto] server[1|2|3|4] gmtoffset [+/-] sync Parameters enabled yes|no Enable/disable the SNTP client. The default is enabled. source user|dhcp|auto Sets the configuration of the user, the DHCP or allows the client to choose the source. The SNTP client can get SNTP server configuration automatically.
System commands Example 3 Configuration commands The following example changes the configuration source to auto. Assuming the DHCP server provides an NTP server configuration, the show command lists the DHCP-provided configuration currently in use. The display command lists the previously-saved, user-provided configuration that is available. > config system sntp source auto > save > show system sntp SNTP: Enabled on Source auto (dhcp) Server 1 172.29.167.101 Server 2 172.29.0.1 Server 3 172.29.221.
3 Configuration commands System commands system startup Use this command to configure the BSGX4e to run a command automatically after each restart. Syntax config system startup command “” Parameters: index Designate the number of the command index. The first command has the index of 0. command “command name” Designate a command to run after each restart. Enclose the command in double-quotes.
System commands 3 Configuration commands system watchdog Use this command to configure the watchdog timer. The watchdog reset timer allows the BSGX4e to automatically restart after a software failure. Such a failure can disrupt normal traffic flow through the BSGX4e. The automatic reset allows restoring the BSGX4e to normal operation. Note: It is recommended that the initial watchdog configuration remain unchanged. The initial configuration enables the reset timer and sets its value to 7 seconds.
3 Configuration commands Tacplus command Tacplus command This section describes how to configure the TACACS+ client of the BSGX4e.
Tacplus command 3 Configuration commands tacplus client This command provides additional security when logging in to the BSGX4e. When a log in is externally authenticated, a client in the device sends the log in information to an external server for authentication. Note: When external authentication is used for a user account, the external server defines the password required for log in using the account.
3 Configuration commands NN47928-107 Tacplus command 167
User commands 3 Configuration commands User commands This section describes how to configure user accounts, groups and rights.
3 Configuration commands User commands user accounts This command defines user access to a BSGX4e. There are two types of users, administrators (admins) and regular users (users). Administrators are granted all access modes and all access rights; regular users are granted only Web and CLI access. Regular user rights are restricted. A maximum of 20 user accounts can be defined for the BSGX4e.
User commands Example 3 Configuration commands This example assumes that the user is given read and write access to the unit, but only while connected directly to its console port or to the Web interface. Remote access is disallowed. The name of user is user1, the access methods are web + cli, the group membership is admins and the password is test123.
3 Configuration commands User commands user groups This command defines user access to a BSGX4e as managed by user accounts, and user rights settings. There are two user groups, one for administrators (admins) and one for all other users (users). The admins user group is granted all access modes. The users user group is granted only Web and CLI access.
User commands 3 Configuration commands user rights There are three rights settings — one for the Administrators (admins) user group and the other two for the users user group. All rights are granted to admins; the two rights settings for the users user group grant read-only access to some objects and read and write access to other objects. The available access rights are read, write, and execute. Read allows the viewing of data; write allows the writing of data; execute is not currently used.
3 Configuration commands Voice Commands Voice Commands This section describes how to configure the following voice features: NN47928-107 z voice acl z voice fxo gain z voice fxo hw impedance z voice fxs gain z voice fxs hw impedance z voice fxs ring pattern z voice jitterbuffer z voice np z voice tones 173
Voice Commands 3 Configuration commands voice acl The Access Control List (ACL) is a list of policy entries that determine which LAN endpoints are allowed to place and receive calls for both SIP and MGCP devices. By default, the ACL includes a policy that allows all LAN endpoints to place and receive calls. To deny an endpoint call access, a policy denying access must be added to the ACL. When an endpoint attempts to place or receive a call, authentication is performed.
3 Configuration commands Voice Commands voice fxo gain This command sets the DSP gain values for the FXO port(s). Syntax config voice fxo gain tx rx Parameters tx value Enter the transmit (tx) gain (digital to analog conversion) in decibels. Specify a minus (-) before a negative value. The default is -0 dB. rx value Enter the receive (rx) gain (analog to digital conversion) in decibels. Specify a minus (-) before a negative value. The default is 0 dB.
Voice Commands 3 Configuration commands voice fxo hw impedance This command sets a line impedance value for the FXO port(s). Syntax config voice fxo hw impedance [automatic 600|900|270+750_150nF|220+820_120nF|370+620_310nF|320+1150_23 0nF|370+820_110nF|275+780_115nF|120+820_110nF|350+1000_210nF| 200+680_100nF|600_2.16uF|900_1uF|900_2.16uF|600_1uF] acim hyb1-8 Parameters impedance automatic|600|900|600_1uF|900_2.
3 Configuration commands Voice Commands voice fxs gain This command sets the DSP gain values for the FXS port on a BSGX4e. Syntax config voice fxs gain tx rx Parameters tx value Enter the transmit (tx) gain (digital to analog conversion) in decibels. Specify a minus (-) before a negative value. The default is -6 dB. rx value Enter the receive (rx) gain (analog to digital conversion) in decibels. Specify a minus (-) before a negative value. The default is -6 dB.
Voice Commands 3 Configuration commands voice fxs hw impedance This command sets a line impedance value for the FXS port on a BSGX4e. Syntax config voice fxs hw impedance [automatic|600|900|600_1uF|900_2.16uF|270+750_150nF|220+820_1 20nF|220+820_115nF|200+680_100nF] Parameters impedance automatic|600|900|600_1uF|900_2.16uF|270+750_150nF| 220+820_120nF|220+820_115nF|200+680_100nF Enter the impedance. It overrides the settings of the line. The default is automatic.
3 Configuration commands Voice Commands voice fxs ring pattern This command modifies ring cadences for the FxS port based on eight patterns. The ring pattern is defined by series of cadences, in pairs, over a certain length of time. Each pair is configured in milliseconds with a ringon and ring-off value. A single ring cadence can have up to four different sets of on/off periods, constituting the full pattern. Each pattern repeats until the phone goes off-hook or the call is cancelled.
Voice Commands 3 Configuration commands voice jitterbuffer Use this command to configure voice playout jitter buffer setting for the SIP or MGCP gateway (User Agent). Syntax config voice jitterbuffer mode [fixed|adaptive] maximum nominal minimum Parameters mode fixed|adaptive Enter the jitter buffer type. The default is adaptive. maximum ms Enter the maximum delay introduced by the jitter buffer, in milliseconds. This value is used only if the mode is adaptive.
3 Configuration commands Voice Commands voice np When an analog device, such as a phone, is connected to the FxS port on the BSGX4e, a numbering plan can be needed to make full use of the features of the device. The SIP integrated gateway uses a numbering plan to interpret any string entered. The plan is a series of entries, each defining how a specific string is to be interpreted.
Voice Commands 3 Configuration commands CFWNA Clear Forward No Answer. Applicable only if type parameter is set to service. BXFER Blind Transfer. Transfers a call and disconnects your line. Applicable only if type parameter is set to service. length number Enter the expected length of the phone numbers. Applicable only if type parameter is set to number. stripcount digits Enter the number of digits to strip from the beginning of the numbers. Applicable only if type parameter is set to number.
3 Configuration commands Voice Commands voice tones Use this command to configure tone types for the FxS port. Each tone type is assigned cadence, frequency, and level values.
Voice Commands 3 Configuration commands > config voice tones congestion on1 150 off1 150 on2 0 off2 0 freq1 425 level1 -10 freq2 0 level2 0 > config voice tones callwait1 on1 200 off1 5000 on2 0 off2 0 freq1 425 level1 -10 freq2 0 level2 0 > config voice tones callwait2 on1 100 off1 1000 on2 0 off2 0 freq1 425 level1 -10 freq2 0 level2 0 > config voice tones reorder on1 250 off1 250 on2 0 off2 0 freq1 425 level1 -10 freq2 0 level2 0 > config voice tones stutter on1 400 off1 40 on2 0 off2 0 freq1 425 level
