SpeedTouch TM 610/610i/610s/610v Business DSL Router Remote Management 600 SERIES
TM SpeedTouch 610 Remote Management Application Note Ed.
Status Change Note Short Title Copyright Application Note Ed. 01 Released PeckelbeenS AppNote_RemoteManagement R4.1 Ed. 01 © 2002 THOMSON multimedia. All rights reserved. Passing on, and copying of this document, use and communication of its contents is not permitted without written authorization from THOMSON multimedia. The content of this document is furnished for informational use only, may be subject to change without notice, and should not be construed as a commitment by THOMSON multimedia.
Contents Application Note Ed. 01 1 Introduction .................................................................... 3 2 SpeedTouchTM610 Remote Access .............................. 5 2.1 The SpeedTouchTM610 Firewall ........................................................................ 6 2.2 Remote SpeedTouchTM610 Web Interface Access ......................................... 8 2.3 Remote SpeedTouchTM610 Telnet Access ....................................................... 9 2.
2 Application Note Ed.
1 Introduction 1 Introduction Overview Abstract Being a key component of your business network, a good operation of the SpeedTouchTM610 is essential to gain maximum performance of your DSL connections. Continuous management and diagnosis of the SpeedTouchTM610 should be performed to ensure a faultless operation of the SpeedTouchTM610, 24 hours a day, 7 days a week. As such, the SpeedTouchTM610 can be perfectly embedded in high quality networks, covered by Service Level Agreements (SLAs).
1 Introduction 4 Application Note Ed.
2 SpeedTouchTM610 Remote Access 2 SpeedTouchTM610 Remote Access Introduction The application note SpeedTouchTM610 Operation and Maintenance described some of the standard access methods the SpeedTouchTM610 provides to allow users to perform configurations and/or - if needed- the required procedures for maintaining and optimizing SpeedTouchTM610 operation and performance.
2 SpeedTouchTM610 Remote Access 2.1 The SpeedTouchTM610 Firewall Introduction All traffic from, to, or via any of the SpeedTouchTM610 interfaces is subjected to its powerful programmable firewall. For a full description of the SpeedTouchTM610 programmable firewall see the application note The SpeedTouchTM610 and Firewalling. In the scope of Remote management however, the following topics provide some essential information to understand the operation of the SpeedTouchTM610 firewall.
2 SpeedTouchTM610 Remote Access Implementation of the default firewall rules In the following an extract is given of the default firewall rules.
2 SpeedTouchTM610 Remote Access 2.2 Remote SpeedTouchTM610 Web Interface Access Appropriate firewall rules To allow remote access to the SpeedTouchTM610 web pages from the WAN, you must add following rules: • To the sink chain: [firewall rule]=> create chain=sink index=2 prot=tcp dstport=www-http action=accept The rule allows incoming traffic from the WAN to the SpeedTouchTM610 web host.
2 SpeedTouchTM610 Remote Access 2.3 Remote SpeedTouchTM610 Telnet Access Appropriate firewall rules To allow remote access to the SpeedTouchTM610 Command Line Interface (CLI) via a Telnet session from the WAN to the SpeedTouchTM610, you must add following rules: • To the sink chain: [firewall rule]=> create chain=sink index=2 prot=tcp dstport=telnet action=accept The rule allows incoming traffic from the WAN to the SpeedTouchTM610 Telnet server.
2 SpeedTouchTM610 Remote Access 2.
2 SpeedTouchTM610 Remote Access 2.5 SpeedTouchTM610 Controlled Access Introduction In sections “2.2 Remote SpeedTouchTM610 Web Interface Access” on page 8, “2.3 Remote SpeedTouchTM610 Telnet Access” on page 9 and “2.4 Remote SpeedTouchTM610 FTP Access” on page 10 the methods for allowing remote management of the SpeedTouchTM610 by a remote host or network on the WAN are described.
2 SpeedTouchTM610 Remote Access In case you use the SpeedTouchTM610 DHCP server for automatic IP configuration for the hosts on your local network, DHCP requests from local hosts will no longer be accepted to arrive at the SpeedTouchTM610 IP host (i.e. its DHCP server), and equally, DHCP replies will no longer be accepted to leave the SpeedTouchTM610 IP host towards the local LAN.
3 SpeedTouchTM610 Syslog 3 SpeedTouchTM610 Syslog Introduction Syslog is a basic, uncomplicated, yet powerful method to administer a network device as the SpeedTouchTM610. By sending syslog messages, the SpeedTouchTM610 is able to inform network managers about the general state of the device and to record events which can be retrieved for later analysis and diagnosis. This section describes how to use the SpeedTouchTM610 Syslog server.
3 SpeedTouchTM610 Syslog 3.1 The SpeedTouchTM610 Syslog Daemon What is Syslog Syslog is a message generating tool that can be implemented in any network device. The intention of the tool is to send messages over the network indicating status, actions, possible problems, etc. from the device.
3 SpeedTouchTM610 Syslog Syslog priority facilities Application Note Ed. 01 Following priority facilities are possible for a syslog message generated by the SpeedTouchTM610.
3 SpeedTouchTM610 Syslog Syslog message bodies The SpeedTouchTM610 syslog daemon is internally responsible for collecting and administering messages generated by one or more of its subsystems.
3 SpeedTouchTM610 Syslog 3.2 Syslog via the Web Pages The SpeedTouchTM610 Syslog web page The SpeedTouchTM610 Syslog web page allows users to view all or a selection of syslog messages the SpeedTouchTM610 generated. Simply browse to the SpeedTouchTM610 web pages at http://10.0.0.
3 SpeedTouchTM610 Syslog 3.3 Syslog via the CLI The Syslog CLI command group The SpeedTouchTM610 CLI syslog command group basically provides the same possibilities as provided on the SpeedTouchTM610 syslog web page: =>syslog help Following commands are available : config ruleadd ruledelete flush list : : : : : Set/Display configuration Add a new rule to the syslog configuration. Delete a rule in the syslog configuration Flushes syslog rules.
3 SpeedTouchTM610 Syslog 3.4 Remote Syslog Notification Introduction As described before the SpeedTouchTM610 can be configured to send all or a selection of generated syslog messages to a host on the local or a remote network IP address. This section describes how to configure the SpeedTouchTM610 syslog daemon for sending messages to a particular host.
3 SpeedTouchTM610 Syslog 20 Application Note Ed.
4 The SpeedTouchTM610 SNMP 4 The SpeedTouchTM610 SNMP Introduction Simple Network Management Protocol (SNMP) is a widely spread method for managing networks. Based on a client /server concept, the SNMP server (the SNMP manager) gets or sets the values of objects defined in a Management Information Base (MIB) kept by the SNMP client (the SNMP agent). In addition the SNMP agent is also able to autonomously initiate an action by sending a trap to the SNMP manager.
4 The SpeedTouchTM610 SNMP 4.1 SpeedTouchTM610 SNMP configuration SNMP Configuration There are a few settleable options covering the SNMP functionality. If no traps, spontaneous messages sent from the SpeedTouchTM610 to a manager, are required then all of the default options will be sufficient to access information in the SpeedTouchTM610 from the LAN. All SNMP settings must be changed or viewed using the CLI.
4 The SpeedTouchTM610 SNMP SNMP and the default SpeedTouchTM610 Firewall Towards the local network, no restrictions apply on behalf of the firewall rules.
4 The SpeedTouchTM610 SNMP 4.2 SpeedTouchTM610 MIBs Introduction As mentioned in “ Management Information Base” on page 21 both the SpeedTouchTM610 SNMP agent and the SNMP manager rely on Management Information Base (MIB) files containing all relevant SNMP objects. In the following, all MIBs important for the SpeedTouchTM610 are described. Additionally some of the most important and/or interesting SNMP counters are shortly highlighted.
4 The SpeedTouchTM610 SNMP ADSL and SHDSL MIBs SpeedTouchTM610 specific MIBs Application Note Ed. 01 Following two MIBs are specific per SpeedTouchTM610 variant (ADSL or SHDSL variants). You should only load the appropriate one, although loading both will not harm functionality. To retrieve maximum SNMP information it is imperative to use the MIB provided on the CD-rom, and not the one supported (if so) by the SNMP manager.
4 The SpeedTouchTM610 SNMP Example of MIB browsing Using a MIB manager (sometimes equally referred to as MIB browser) network administrators are able to walk through MIB objects in order to view current of historical values of the managed device, and get or set specific values of MIB objects. Many implementations of SNMP managers are available from the Internet. For the convenience of the user most of them provide GUI-driven MIB browsing and graphical tools for intuitive comprehension of MIB values.
© 2002 THOMSON multimedia. All rights reserved. Application Note Ed. 01 www.speedtouch.