- DL manuals
- 3Com
- Network Router
- OfficeConnect Remote 812
- Cli User's Manual
3Com OfficeConnect Remote 812 Cli User's Manual
Summary of OfficeConnect Remote 812
Page 1
Http://www.3com.Com/ ® officeconnect ® remote 812 adsl router cli user’s guide release 2.0 part number 10043337 aa.
Page 2
Ii 3com corporation 5400 bayfront plaza santa clara, california 95052-8145 copyright © 2001 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) with...
Page 3: Table of Contents
Iii table of contents 1 a ccessing the c onfiguration i nterface establishing communications with the officeconnect remote 812 1 -1 local connection 1 -1 ibm-pc compatible computers 1 -1 macintosh computers 1 -1 unix-based computers 1 -2 remote connection 1 -2 2 cli c ommand c onventions and termino...
Page 4
Iv quick setup script instructions 4 -2 quick setup script 4 -2 do you want to continue quick setup? 4 -2 password protection 4 -2 which portions of the network do you want to configure? 4 -2 quick setup identification information 4 -3 quick setup management information 4 -3 telnet information 4 -4 ...
Page 5
V setting up a virtual private network (vpn) tunnel 6 -5 tunnel encryption 6 -5 vpn tunneling overview 6 -6 before you begin 6 -6 initiating a vpn tunnel 6 -6 enabling and disabling a vpn tunnel 6 -7 displaying vpn tunnel information 6 -7 creating a vpn tunnel using 812 default values 6 -7 tunnel co...
Page 6
Vi configuring the dhcp relay 6 -29 monitoring the dhcp relay 6 -29 dns 6 -29 configuring dns 6 -30 dns host entries 6 -30 managing the dns proxy 6 -30 access lists 6 -31 ipx routing 6 -31 enabling ipx routing 6 -32 configuring ipx for the lan 6 -32 configuring ipx for remote site connections 6 -32 ...
Page 7
Vii ip rip packet filtering using cli 6 -50 ipx source and destination network filtering using cli 6 -51 ipx source and destination host filtering using cli 6 -51 ipx source and destination socket number filtering using cli 6 -51 ipx rip packet filtering using cli 6 -52 ipx sap packet filtering usin...
Page 8
Viii b cli c ommand d escription cli commands b -1 add b -1 add access b -1 add auto_filter eth_blk_dst b -1 add auto_filter vc_blk_netbios b -1 add bridge network b -1 add dns host address b -2 add dns server b -2 add filter b -2 add framed_route vc b -3 add framed_route tunnel b -3 add ip defaultr...
Page 10
X enable ip rip b -15 enable ip routing b -15 enable ipx network b -15 enable lan access b -15 enable link_traps interface b -16 enable network service b -16 enable security_option remote_user administration b -16 enable security_option snmp user_access b -16 enable snmp authentication traps b -16 e...
Page 11
Xi list services b -21 list snmp communities or list snmp trap_communities b -21 list syslog b -21 list tcp connections b -22 list tftp clients b -22 list udp listeners b -22 list tunnel b -22 list users b -22 list vc b -22 login_required b -22 password b -22 paused commands b -22 ping b -23 ping b ...
Page 12
Xii set system b -34 set syslog loglevel [level] b -34 set time b -34 set tunnel b -34 set user b -35 set vc b -36 set vc atm b -38 show b -39 show access b -39 show atm status b -39 show adsl statistics b -40 show adsl performance b -40 show adsl transceiver_status b -40 show adsl version b -40 sho...
Page 13
Xiii show memory b -50 show network settings b -50 show network counters b -50 show ppp on vc counters b -51 show ppp on vc settings b -51 show ppp on interface counters b -51 counters for ppp bundle 1 b -51 counters for ppp link 1 - 5 b -51 show ppp on interface settings b -51 settings for ppp bund...
Page 14
Xiv positional help b -57 command completion b -57 output pause b -58 command kill b -58 comments b -58 3c om c orporation l imited w arranty fcc c lass a v erification s tatement fcc c lass b s tatement fcc d eclaration of c onformity.
Page 15: Ccessing
1 a ccessing the c onfiguration i nterface this chapter explains how to attach to the configuration interface locally via the console port or remotely via a telnet session. This chapter also introduces you to the capabilities and conventions associated with management of your officeconnect â remote ...
Page 16
1-2 c hapter 1: a ccessing the c onfiguration i nterface unix-based computers kermit, minicom and tip are typical terminal emulation programs for unix-based computers. Depending on the platform you’re using, you may need to modify a configuration file for vt100 settings. Remote connection if you wan...
Page 17: Cli C
2 cli c ommand c onventions and terminology this chapter describes the command syntax, conventions and terminology used within the command line interface. Reviewing and understanding this chapter is essential for you to understand subsequent chapters. Command structure format commands can be followe...
Page 18
2-2 c hapter 2: cli c ommand c onventions and terminology the type of value you enter must match the type requested. Numbers are either decimal or hexadecimal. Text can be either a string that you create, or it may be a list of options you must choose from. When choosing an option, type the text of ...
Page 19
Command structure 2-3 help is most useful during configuration: query the list of possible parameters by typing ? And, when you find the value you need, type it without losing your place in the argument. Just be sure to leave a space between the keyword and the question mark. Conventions most comman...
Page 21: Onfiguration
3 c onfiguration m ethods the ocr 812 cli offers three setup choices, all of which are described in this section: the automated, quick setup method, the quickvc setup method, and the manual method. Review the capabilities of each below and decide which configuration method best suits your needs, the...
Page 22
3-2 c hapter 3: c onfiguration m ethods manual setup instructions once you become familiar with the cli interface, you might find it more efficient to manage the ocr 812 manually. Manual configuration is most versatile in that you only enter commands that need to effectively change from the current ...
Page 23: Uick
4 q uick s etup this chapter will describe in detail the operations of the quick setup program. It will identify the required information, steps involved, and sample output scripts from the execution of this program. Cli quick setup script introduction the cli quick setup program allows you to quick...
Page 24
4-2 c hapter 4: q uick s etup downgrading the remote 812 software to a previous version downgrading the 812 software to an older version is not recommended (we suggest you upgrade to obtain the latest and most reliable software available). If you do choose to downgrade, we suggest you delete your ex...
Page 25
Cli quick setup script 4-3 quick setup identification information quick setup management information an snmp community names a group of systems that can manage your system via snmp. It is a rudimentary form of security. Along with a community name, you can limit access to a specific management stati...
Page 26
4-4 c hapter 4: q uick s etup telnet information for telnet management of the system, you need to create a user name and password to control access. Quick setup ip information the ocr 812 uses a network name to identify the network for future management commands. The ip mask can be specified either ...
Page 27
Cli quick setup script 4-5 the ocr 812 can act as a dhcp server, providing ip addresses to other stations on the local lan. It is possible to restrict access to the tftp server to a specific system or a list of systems. Quick setup will allow you to enter one system that is allowed or allow access t...
Page 28
4-6 c hapter 4: q uick s etup quick setup bridge information the network name is used by the ocr 812 to identify your bridging setup. The spanning tree algorithm is used to eliminate loops in a network that is linked together with bridges. Would you like to review your current settings before execut...
Page 29
Cli quick setup script 4-7 sample output display as quick setup executes ocr-dsl> set system name "name" ocr-dsl>set system location "vienna" ocr-dsl>set system contact "jc" ocr-dsl>enable command password “password” ocr-dsl>add snmp community public address 0.0.0.0 access rw ocr-dsl>enable security...
Page 31: Uick
5 q uick vc s etup this chapter will describe in detail the operations of the ocr 812 quickvc setup wizard program. It will identify the required information, steps involved, and sample output scripts from the execution of this program. Cli quickvc setup script introduction the cli quickvc setup pro...
Page 32
5-2 c hapter 5: q uick vc s etup the category of service and cell rate parameters only affect data transmitted from the ocr 812 to the remote site (upstream direction). The default value of ubr with a peak cell rate of 0 will attempt to use all available upstream bandwidth when transmitting to the r...
Page 33
Cli quickvc setup script 5-3 the ip configuration for vc “name” is now complete. Ip configuration (network service rfc 1483) port address translation (pat) allows a single wan-side ip address to be ‘shared’ by multiple lan-side devices. If you choose to run pat the wan interface must be numbered. (i...
Page 34
5-4 c hapter 5: q uick vc s etup ipx routing (network service ppp) the ipx configuration for vc “name” is now complete. Ipx routing (network service rfc 1483) the ipx configuration for vc “name” is now complete. Bridging the ocr 812 can be configured to send and receive the routed (ip and ipx) packe...
Page 35
Cli quickvc setup script 5-5 sample identification information this section contains a sample of possible settings. Encapsulation type: ppp atm information: vpi/vci: 0/33 category of service: ubr peak cell rate: 0 ip: enabled local wan ip address: learned remote wan ip address: learned wan interface...
Page 37: Anual
6 m anual s etup this chapter describes how to manually set up the ocr 812 for routing or bridging. Configuration overview the following steps provide an outline to follow when configuring the ocr 812 to route or bridge to remote networks. 1 determine how the ocr 812 will be used (as an ip, ipx rout...
Page 38
6-2 c hapter 6: m anual s etup remote site management each remote site that you want to connect to is accessed through a single atm virtual channel connection. To set up connections over the wan, a vc (remote site) profile must be created and edited. With this profile, you specify atm virtual channe...
Page 39
Remote site management 6-3 for example, if you want to change the ppp authentication password to testpassword for a profile called internet you would do the following: disable vc internet set vc internet send_password testpassword enable vc internet configuring network service information a network ...
Page 40
6-4 c hapter 6: m anual s etup when the network service is set to rfc 1483, the profile’s ip wan addresses can be dynamically learned with the dhcp protocol. To enable dhcp on a remote site profile: 1 set the network service to rfc 1483: set vc dynamic_ip_addressing dhcp_client 2 enable mac encapsul...
Page 41
Setting up a virtual private network (vpn) tunnel 6-5 set vc name atm vci vpi you should have been provided with category of service parameters. Ubr - unspecified bit rate; no limit has been specified for the upstream data flow. Cbr - constant bit rate; a constant rate has been specified for the ups...
Page 42
6-6 c hapter 6: m anual s etup vpn tunneling overview a vpn tunnel is a private virtual circuit that uses public wires to connect two nodes. For example, it is common practice to create vpns that use the internet as the public medium over which private information is sent and received. Tunnelling is...
Page 43
Setting up a virtual private network (vpn) tunnel 6-7 enabling and disabling a vpn tunnel to enable a vpn, enter the enable tunnel command. To disable a vpn, enter the disable tunnel command. Before you attempt to set or change any parameter for a vc, you must first disable the vc using the disable ...
Page 45
Setting up a virtual private network (vpn) tunnel 6-9 for example, to change the send_password settings of a tunnel named zoom to vpn, enter the following command: set tunnel zoom send_password vpn you must disable the tunnel using the disable tunnel command before you can change any parameters. Cre...
Page 47
Setting up a virtual private network (vpn) tunnel 6-11 an administrator may also set up a windows 2000 server as a router with a private ip subnet set to 98.76.54.0/c.To add dhcp services on the windows 2000 server, an administrator can use any ip addresses from 98.76.54.1 to 98.76.54.253 inclusive....
Page 48
6-12 c hapter 6: m anual s etup vpdn-group 1 accept-dialin protocol l2tp virtual-template 25 terminate-from hostname officeconnect local name c7200 no l2tp tunnel authentication source-ip 192.180.3.2 3 in cisco router configuration mode, enter the following commands to configure the private network ...
Page 49
Setting up a virtual private network (vpn) tunnel 6-13 ppp authentication pap 6 ensure rip and ip pool configuration parameters are set to the following values: rip configuration router rip ver 2 network 192.180.3.0 ip pool for l2tp tunnel ip local pool l2tp 192.168.200.3 192.168.200.10 at this poin...
Page 50
6-14 c hapter 6: m anual s etup adding a framed route for a vpn tunnel if you wish to set up a route to a network on the private (lan) side of a remote site, use a framed route. To add a framed route for a vpn tunnel, enter the add framed_route vc command or the add framed_route tunnel command at th...
Page 51
Ip routing 6-15 enabling ip routing when the ocr 812 is to be used for ip routing, ip forwarding must be enabled. This is a global setting for the entire router. To enable ip routing, use the command: enable ip forwarding to disable ip routing, use the command: disable ip forwarding ip forwarding re...
Page 52
6-16 c hapter 6: m anual s etup you can obtain a list of all configured networks using the command list networks. To only list ip networks, use list ip networks. By default, the network is enabled when it is created. You can disable the network using the following command: disable ip network you can...
Page 53
Ip routing 6-17 the ip address associated with the local side of the wan connection can be specified by you, learned from the remote site (if you are using ppp as the network service for the connection), or the interface can be unnumbered. To specify the local ip address use the command: set vc loca...
Page 54
6-18 c hapter 6: m anual s etup if you are using address translation for a remote site connection (nat) you must set ip_routing to listen or none. This is because you have set up a private lan network and therefore do not want to be broadcasting information to other routers. The ocr 812 will not all...
Page 55
Address translation 6-19 ip tools the ocr 812 cli provides a standard set of ip utility programs including ping, telnet and rlogin. Address translation public ip addresses are registered and can be used within a public network (e.G., the internet). Due to the limitation of ip version 4 address space...
Page 56
6-20 c hapter 6: m anual s etup pat allows multiple private ip addresses to use one public ip address by dynamically and statically mapping each private ip source address and private ip source port to one public ip source address and one public ip source port. Super nat should be used to optimize ad...
Page 57
Address translation 6-21 there is no existing dynamic or static port mapping, the packet will be translated using the patdefault address. Configuring pat typically, pat only needs to be enabled or disabled for a remote site connection. Use the following command to configure pat in a vc profile: set ...
Page 58
6-22 c hapter 6: m anual s etup memory. If you do not enter the save all command before a reboot, unsaved changes made since the last save will be lost. Intelligent pat enabled by default, intelligent pat provides a “best guess” as to where an incoming packet should be delivered when: a default pat ...
Page 59
Address translation 6-23 please also note the following: the “best guess” lan workstation will continue to receive all non-addressed packets sent by this remote workstation until and unless a new (different) communication pattern is detected by intelligent pat. When a new communication pattern is de...
Page 60
6-24 c hapter 6: m anual s etup configuring nat static and dynamic mappings if you do not configure static or dynamic mappings for nat (even if they have a default pat address), the following error message displays on the cli console when you enable the vc: when network address translation (nat, rfc...
Page 61
Address translation 6-25 if you choose (optionally) to add static or dynamic mappings for super nat, do not use the public wan port ip address of the officeconnect 812 as one of the super nat static or dynamic public ip addresses. To configure ocr812 to use super nat, perform the following steps: 1 ...
Page 62
6-26 c hapter 6: m anual s etup configuring the 812 for sip phone support the ocr 812 can be configured to use sip phones. Overview a sip phone (session initiation protocol phone) is a network-capable telephone that uses ethernet connectivity to place and receive calls over the internet. Sip phones ...
Page 63
Dhcp 6-27 caller identity (and finds, then connects to, the recipient’s ip address). The ip address of the intended recipient is their (sip) phone number. By creating and storing a caller identity, a proxy server enables party a to call party b (and vice-versa), even if the recipient’s ip address (s...
Page 64
6-28 c hapter 6: m anual s etup configuring the dhcp server the ocr 812’s dhcp server has the following fields that will need to be configured: hostname domain name ip address pool, start and end address ip subnet address mask lease period wins server addresses dns server addresses the hostname is t...
Page 65
Dns 6-29 assigned, the corresponding workstation mac addresses, and remaining time before the lease expires. Show dhcp server counters list dhcp server leases the dhcp server configuration is displayed with the show dhcp server settings command. Configuring the dhcp relay the ocr 812 can relay dhcp ...
Page 66
6-30 c hapter 6: m anual s etup configuring dns to enable dns functionality on the ocr 812, use the command: enable dns to disable dns functionality, use the command: disable dns you can configure three global dns parameters that control the operation of the dns proxy. Number of retries: the number ...
Page 67
Ipx routing 6-31 to display the contents of the dns server table, use the command: list dns servers to delete a domain entry, use the command: delete dns server access lists access lists enable you to restrict which remote subnets are allowed to access the management services of the ocr812. To add a...
Page 68
6-32 c hapter 6: m anual s etup remember to save your configuration using the save all command before rebooting your ocr 812 so that your changes will be written to permanent flash memory. Enabling ipx routing unlike ip, there is no setting on the ocr 812 that enables or disables ipx routing functio...
Page 69
Ipx routing 6-33 to specify that the interface is unnumbered you must enter 00000000 for the parameter. Set vc ipx_address 00000000 configuring ipx static and framed routes a static route is a configured route that will remain in the routing table until deleted. Static routes differ from dynamic rou...
Page 70
6-34 c hapter 6: m anual s etup configuring ipx static and framed services the service table contains ipx server names, the services they provide, their network addresses and node addresses, and their relative distances. Examples of services include file servers and printers. Note the following: a s...
Page 71
Bridging 6-35 delete ipx_service vc name type remember to disable and then re-enable the vc profile for the change to take effect. Configuring ipx rip and sap ipx rip is used to exchange ipx routing information with other ipx routers. Sap is a protocol used by ipx servers and routers to exchange inf...
Page 72
6-36 c hapter 6: m anual s etup the ocr 812 bridge supports the spanning tree protocol (stp). This feature is used when two networks are joined by two bridges forming a looped network. Stp prevents the data packets from circling the two networks. The ocr 812 provides a bridge firewall function which...
Page 73
Bridging 6-37 ip forwarding refers to the routing of ip packets from one interface to another. It does not affect communicating to the ocr 812 itself. Even when ip forwarding is disabled, you can perform non-routing functions such as use a web browser to manage the unit and use ping. To see the curr...
Page 74
6-38 c hapter 6: m anual s etup mac-encapsulated routing because routers base their forwarding decision on network-level addresses, packets that are routed over a wan are transmitted without mac-layer addresses. Additionally, address resolution procedures that can be used to determine the destinatio...
Page 75
System administration 6-39 2 forward unicast packets only: if a protocol is configured for routing, and a packet for that protocol type is received from the lan that is not addressed to the mac address of the ocr 812, it is bridged. Additionally, arp broadcasts for ip addresses other than that of th...
Page 76
6-40 c hapter 6: m anual s etup year (yyy) can be specified as 2 digits or as 4 digits (97 or 1997). For example: set date 01-jan-1998 to manually set the time, use the command set time (which sets the system time, and leaves the date unchanged). Set time command format is hh:mm:ss. The seconds (ss)...
Page 77
System administration 6-41 if more than one ocr 812 is installed in your network, each ocr 812 is assigned a different primary ntp server (the assignment of a primary ntp server to a given ocr 812 is based on the unique mac address of that ocr 812 unit). To specify a secondary ntp server, use the fo...
Page 78
6-42 c hapter 6: m anual s etup to specify a time zone for ntp, use the following command: set timezone the default time zone is gmt. To display ntp time zone settings, use the following command: list timezone to display ntp settings, use the following command: show ntp to display ntp counter values...
Page 79
System administration 6-43 displaying date, time, and system uptime to display current date, current time, and system uptime (time elapsed since power-on), use the command show date. Date and time information displays in the following format: system date: 02-mar-1998 05:17:00 system uptime: 2d 08:37...
Page 80
6-44 c hapter 6: m anual s etup providing tftp access trivial file transfer protocol (tftp) provides a simple way to transfer files from one machine to another. The ocr 812 has a tftp server that allows you to copy files to or from the unit. All you have to do is set up tftp access on the ocr 812 an...
Page 81
System administration 6-45 after logging in to the cli, you can exit the cli with the command: exit cli.
Page 82
6-46 c hapter 6: m anual s etup to set the idle timeout period, use the command: set command idle_timeout where timeout> specifies the idle timeout period in minutes. By default, there is no idle timeout period. This capability is useful for system administrators or users who wish to restrict access...
Page 83
Officeconnect remote 812 filtering capabilities 6-47 packet filters control inter-network data transmission by accepting or rejecting the passage of specific packets through network interfaces based on packet header information. When data packets are received by a network interface such as an ethern...
Page 84
6-48 c hapter 6: m anual s etup generic filters generic filters are protocol-independent and are specified by byte and offset values in a packet. Packets are filtered by comparing each packet’s offset value and byte information with the values that you define in the filter. The router will accept or...
Page 85
Creating filters using command line interface 6-49 filter file components in cli you define the filtering rules used by the router within filter files. Filter files are text files that are stored in the unit’s flash memory. You can create and modify filter files using an off-line text editor, then t...
Page 86
6-50 c hapter 6: m anual s etup the first match that occurs. If there is no match, by default the packet is accepted. For this reason, you should order your protocol rules so that the rules you expect to be most frequently matched are in the beginning of the section. This reduces the amount of parsi...
Page 87
Creating filters using command line interface 6-51 generic filter rule the syntax for generic filters is slightly different than that for other filters: generic => origin = data>/offset = / length = /mask = /value = origin - the location in the packet to start the offset count. This location can be ...
Page 88
6-52 c hapter 6: m anual s etup ip source and destination network filtering using cli source and destination address filtering is generally used to limit permitted access to trusted hosts and networks only, to explicitly deny access to hosts and networks that are not trusted, or to limit external ac...
Page 89
Creating filters using command line interface 6-53 if the router is listening for, or broadcasting rip messages, you should allow them to pass in the appropriate direction(s). You define ip rip filtering rules in the ip-rip protocol section of the filter file. For example, if you want to filter all ...
Page 90
6-54 c hapter 6: m anual s etup ipx: 1 accept src-socket = 0x001; 999 deny; ipx rip packet filtering using cli routing information protocol (rip) packets are used to identify all attached networks as well as the number of router hops required to reach them. The responses are used to update a router'...
Page 91
Creating filters using command line interface 6-55 3 accept generic=>origin=frame/offset=12/length=2/mask=0xffff/value=0x8136; 4 accept generic=>origin=frame/offset=12/length=2/mask=0xffff/value=0x8137; 999 deny; step by step guide to creating filter files using cli you can create filter files using...
Page 92
For example, from the workstation command line enter: tftp put 12 the router does not recognize a filter file stored in its flash memory until you add it to the managed filter table. To notify the unit about the filter file for the first time, you must issue the cli command add filter to add the fil...
Page 93
Applying filters using cli 6-57 most importantly, the router does not know which interface an outgoing packet came in through. If a potential intruder forges a packet with a false source address (in order to appear as a trusted host or network), there is no way for an output filter to tell if that p...
Page 94
Configuring filters for a vpn tunnel to configure filters for a vpn tunnel, use the following commands: set tunnel input_filter set tunnel output_filter for more information about configuring a vpn tunnel (including information about configuring filters), see setting up a virtual private network (vp...
Page 95
Managing filters using cli 6-59 it may be helpful to use the list files command to see files successfully stored in the flash memory. Removing a filter from an interface using cli to remove a filter that is assigned to an interface, use the following command: set interface input_filter "" set interf...
Page 96
6-60 c hapter 6: m anual s etup.
Page 97: Configuration
A officeconnect remote 812 sample configuration sample configuration overview this section describes a sample configuration that illustrates the following ocr 812 features: address translation internal dhcp server and dns proxy. Multiple remote sites, with different routing and bridging configuratio...
Page 98
A-2 a ppendix a: officeconnect remote 812 sample configuration configuring the sample network the following sections discuss the six steps required to configure our sample network. Global configuration ip lan network dhcp and dns ipx lan network bridge lan network remote sites global configuration g...
Page 99
Configuring the sample network a-3 set dhcp server dns1 192.168.200.254 dns2 0.0.0.0 set dhcp server wins1 0.0.0.0 wins2 0.0.0.0 add dns host ocrdsl-3com.Com addr 192.168.200.254 add dns server mycorp.Com primary 192.168.1.253 add dns server * vc internet enable dns when a dns request is received fr...
Page 100
A-4 a ppendix a: officeconnect remote 812 sample configuration dynamically learn the addresses for two remote dns servers. The login name for this account is “internet-user” and the password is “1a2b3c”. Port address translation will be enabled, allowing all the workstations on our local lan to shar...
Page 101
Configuring the sample network a-5 set vc corp-net ip_routing both set vc corp-net ipx_address 0 ipx_routing all enable vc corp-net.
Page 103: Cli Command Description
B cli command description cli commands add use the add command to define: networks you will connect to hosts you need to access snmp communities users who will dial out, dial in, access the network, or use the cli note that some parameters have default values. Add access the access list defines whic...
Page 104
B-2 a ppendix b: cli c ommand d escription you must use add user to create a network type user for this command, and set user to specify the protocol and other parameters related to bridging. Add dns host address adds the named host to the local host table. When the system needs to resolve an addres...
Page 105
Cli commands b-3 you must correct the filter file in a text editor, use tftp to export the updated file to the system’s flash file system, and use the verify filter command to check the filter’s syntax. Add framed_route vc ip_route [ip_address] metric [number] adds a framed (static) network to the v...
Page 107
Cli commands b-5 add ipx route gateway [ipx_host_address] metric [metric_number] ticks [tick_number] adds an ipx static route (for the lan) to the system’s ipx route table, which defines static routes to remote ipx networks. The command list ipx routes displays currently defined static routes. Add i...
Page 108
B-6 a ppendix b: cli c ommand d escription below is a partial list of the ipx services available: add ipx_route vc ipx_net [ipx_address] metric [hop_count] ticks [tick_number] adds an ipx route for the a user over the wan. Add ipx_service vc ipx_net [ipx_address] hops [number] name [name] node [inte...
Page 109
Cli commands b-7 you must supply the name, internal ipx network number, node number, socket, and type of service for this service. The user must also supply gateway information to indicate the next router hop. Below is a partial list of the ipx services available: add network service status server_t...
Page 111
Cli commands b-9 adds to the list of snmp authorized users. The community name and ip address of snmp requests from managers on the network must match the list, which you can see using list snmp communities. Add snmp trap_community address [ip_address] adds to the list of community name/ip address p...
Page 112
B-10 a ppendix b: cli c ommand d escription add user [name] password [password] {enabled [yes]} adds a telnet user to the local user table. The list users command displays these parameters for all users. Add vc [name] creates a virtual channel (vc) profile. Each profile represents a connection to a ...
Page 113
Cli commands b-11 delete dns host deletes the specified host from the dns local host table. Use list dns hosts to view the dns local host table. After deletion, requests for that host will be processed through a dns server, instead of locally. Use list dns servers to see which servers are defined. D...
Page 115
Cli commands b-13 dial dial generates an outgoing connection to the location specified by the vc name. You can use list vcs to list the defined vc profiles, and their current status. Disable disable access disables the access list feature. When disabled, all hosts are permitted to access the router’...
Page 116
B-14 a ppendix b: cli c ommand d escription disable lan access when the access list is enabled, this command disables access to hosts on the local lan interface. When disabled, all frames received on the lan interface are subject to the access list check. If the corresponding lan subnet is not in th...
Page 117
Cli commands b-15 enable enable access enables the access list feature. When enables, only remote hosts in the access list are permitted access to the router’s management services. Enable bridge network enables bridging over the specified network. You must have previously run add bridge network to a...
Page 118
B-16 a ppendix b: cli c ommand d escription enable link_traps interface this command tells snmp to send linkup and linkdown traps for the specified interface. You can see if the interface is currently enabled for traps using the show interface settings command. Enable network service enables the net...
Page 119
Cli commands b-17 hangup vc causes the connection for the specified vc to drop. You can see which vcs have active connections using list vcs. Also see disable vc, which causes a vc’s session to drop, and prevents new sessions which use that vc from being established. Help help provides information a...
Page 120
B-18 a ppendix b: cli c ommand d escription mgmt - unknown, but filtering information exists rxpkt - number of packets received from this mac station rxoctets - no. Of bytes (octets) received from this mac station fltr - number of packets received from this mac station that were filtered out (discar...
Page 121
Cli commands b-19 list interfaces displays the installed interfaces, along with their operational status, administration status, and interface index. If an interface is down, you can use enable interface to try to bring it up. The command lists: index - number used to identify the interfaces positio...
Page 122
B-20 a ppendix b: cli c ommand d escription prot - local or rip nexthop - address of the gateway used to reach this route metric - number of router hops away this route is from the system if - interface that the route uses list ipx networks displays the ipx networks that you previously defined using...
Page 123
Cli commands b-21 type - static or dynamic network network address - address of the network list processes displays all processes running on the system. Index - a reference number in the process table name - designation of the process (e.G.: domain name system) type - system, application, forwarder ...
Page 124
B-22 a ppendix b: cli c ommand d escription list tcp connections displays information about all tcp connections. Connection status is defined in rfc-793. Local address - ip address of the local host for this connection local port - tcp port number used by the local connection remote address - ip add...
Page 125
Cli commands b-23 ping ping output [output_filename] count [count] interval [interval] timeout [timeout_value] sends an icmp echo request to a remote ip host. A reply from the pinged address indicates success. Quickvc runs the quickvc setup program to easily configure a virtual channel connection (r...
Page 126
B-24 a ppendix b: cli c ommand d escription save save all saves all changes you have made during your session with the cli. It is a good idea to save your changes frequently, just as you should with any type of editor. Set set adsl reset resets the adsl interface. Set adsl wire [pair] overrides the ...
Page 127
Cli commands b-25 set date sets the system date, and leaves the time unchanged. Use show date to see what the current settings are. The format is: dd-mmm-yyyy. The month should be the first three characters of the month name. The year can be either 2 or 4 digits (97 or 1997). Set dhcp mode sets the ...
Page 128
B-26 a ppendix b: cli c ommand d escription set dhcp server dns1 dns2 domain end_address hostname lease mask router start_address wins1 wins2 defines the characteristics of the dhcp server and defines the pool of addresses that this facility should administer. Set dns cache_size number_retries timeo...
Page 129
Cli commands b-27 set facility loglevel [level] sets the severity reporting level for a facility. The hosts that will receive the error log entries are defined using add syslog loglevel. Use list facilities to see what the current loglevel is for each facility. The levels: critical - a serious syste...
Page 130
B-28 a ppendix b: cli c ommand d escription sets the broadcast algorithm, the maximum size used for reassembling fragmenting packets, the rip authentication string, rip policies, and the routing protocol for the specified interface. The only required parameter for this command is . All other paramet...
Page 131
Cli commands b-29 set ip routing autonomous_system_number [number] table_maximum_size [number] metric_maximum_entries [number] rip_flags [metrics, send_request] router_id [router_id] sets parameters for ip routing to the specified ip router address, which is the gateway to an autonomous system. Para...
Page 133
Cli commands b-31 set ipx system priority [priority level] default_gateway [ipx_host_add] initial_pool_address [ipx_addr] pool_members [number] sets parameters for dynamic ipx networks. Set network service server_type [server_type] socket [socket_number] data [“string”] close_active_connections [tru...
Page 136
B-34 a ppendix b: cli c ommand d escription set system name [“name”] location [“location”] contact [“contact info”] transmit_authentication_name [name] specifies system contact information, which is displayed using show system. The user name is the remote account name. Location, name and contact nam...
Page 137
Cli commands b-35 set user message [“message”] password [password] session_timeout [seconds] tcp_port [tcp_port] terminal_type modifies user parameters. Send_password the send_password must match the authentication password on the vpn server. You must change the default send_password using the set t...
Page 139
Cli commands b-37 parameter description vc profile name. Address_ selection determines how the ip address will be assigned for remote ip network connections. Negotiate - learn the remote ip address. Specified - uses ip address set in remote_ip_address value bridging enables/disables bridging across ...
Page 141
Cli commands b-39 sets atm parameters for vcs. Show show commands display details about system entities. Show access displays the current status of the access list feature. Administration status - indicates status of the access list feature. Options are enabled or disabled. Lan access - indicates wh...
Page 142
B-40 a ppendix b: cli c ommand d escription show adsl statistics statistics for both near end and far end adsl/atm link. Counters include corrected frames, crc errors, and hec errors for the fast and interleaved path. Show adsl performance fields: number of link down events total time since system r...
Page 143
Cli commands b-41 show bridge settings displays the settings for all bridge networks. Use set bridge to modify these values. Base aging time - time to age out a known mac address, default 300 spanning tree forward delay - delay after coming up before learning, default is 15 spanning tree priority - ...
Page 144
B-42 a ppendix b: cli c ommand d escription history depth: 10 current prompt: ocr-dsl> local prompt: ocr-dsl> show configuration displays a variety of system information including: system identification, authentication remote, remote accounting, interfaces, ip forwarding, ipx default gateway, bridge...
Page 145
Cli commands b-43 show dhcp relay displays the current configuration and counters for both the primary and secondary dhcp relay server. Ip address - ip address of the dhcp server. Max hops - maximum hops to get to this server. Status - enabled or disabled. Request sent to server - number of requests...
Page 146
B-44 a ppendix b: cli c ommand d escription dns #1 -ip address of the primary dns server that the dhcp server will utilize when resolving names. Dns #2 -ip address of the secondary dns server that the dhcp server will utilize when resolving names. Wins #1 -ip address of the primary wins server that ...
Page 147
Cli commands b-45 br-eth - call - ethernet bridge call filter rules ip - ip data filter rules ip-call - ip call filter rules ip-rip - ip rip advertisement filter rules show icmp counters shows the input and output counters for icmp. Two types of icmp messages - error and query messages - are sent to...
Page 148
B-46 a ppendix b: cli c ommand d escription echos - sum of icmp echo (request) messages sent echo replies - sum of these messages sent timestamps - sum of these messages sent timestamp replies - sum of these messages sent address masks - sum of these messages sent address mask replies - sum of these...
Page 149
Cli commands b-47 show ip counters displays system wide ip network statistics. Input counters total input datagrams - sum of ip datagrams received bad headers - number of datagrams with bad headers bad addresses - number of datagrams with bad addresses forwarded packets - number of packets forwarded...
Page 150
B-48 a ppendix b: cli c ommand d escription broadcast algorithm - broadcast algorithm used for this network max reassembly size - maximum packet size allowed to be reassembled from fragments ip routing protocol - routing protocol used ip rip routing policies - routing policies used by rip ip rip aut...
Page 151
Cli commands b-49 rip in packets - sum of rip packets received sap out packets - sum of sap packets transmitted sap in packets - sum of sap packets received show ipx network settings displays parameter settings for the specified ipx network. You can modify most of these values using the set ipx netw...
Page 152
B-50 a ppendix b: cli c ommand d escription show ipx sap settings counters displays information about sap for ipx. Show ipx settings displays settings for dynamic ipx networks. You can modify these values using the set ipx system command. Default gateway - default ipx router address max open sockets...
Page 153
Cli commands b-51 show ppp on vc counters this shows counters for the point-to-point protocol on the virtual circuit. Show ppp on vc settings this shows the settings for the point-to-point protocol on the virtual circuit. Show ppp on interface counters displays statistics for ppp running on the spec...
Page 154
B-52 a ppendix b: cli c ommand d escription settings for ppp bundle 1 operational status - opened or not opened number active links - number of links active on this ppp bundle user profile - user whose parameters were used in creating links local mmru - mru the remote entity uses when sending packet...
Page 155
Cli commands b-53 remote to local acc compression - indicates whether the remote ppp entity will use address and control compression when sending packets to the local ppp entity. Default: enabled. Settings for ppp link 1 - 5 authentication operational status - not opened or opened local to remote co...
Page 156
B-54 a ppendix b: cli c ommand d escription total set mib objects - sum of mib objects altered successfully as the result of receiving valid snmp set-request pdus get request pdus - sum of snmp get-request pdus accepted and processed get next request pdus - sum of snmp get-next pdus accepted and pro...
Page 157
Cli commands b-55 show telnet displays the status of the telnet escape feature (enabled or disabled). It is set using the disable and enable telnet escape commands. Show tcp counters displays system-wide tcp statistics. Tcp counters active opens - number of times tcp connections have made a direct t...
Page 158
Show user settings displays the parameters defined for the specified telnet user. You can use list users to see which users are defined. Show vc settings displays the parameters defined for the specified vc. You can use list vc to see which virtual channels are defined. Telnet telnet commands are av...
Page 159
Cli exit commands b-57 set_escape allows changing the telnet escape character from ^] to something else. Control characters are specified using the carat character followed by another character. For example, to set the telnet escape character to control - x, type set_escape ^x. Status displays the i...
Page 160
B-58 a ppendix b: cli c ommand d escription output pause the output will pause when there is more than 24 lines of output. Type ‘more’ (or press cr) to continue, or ‘quit’ to stop. Command kill to discontinue the current command action, and flush any commands which have been typed ahead, use ^c (con...
Page 161: Index
I index a add command 2 -2 address filtering, source and destination 6 -44 address translation configuring nat 6 -23 configuring pat 6 -21 configuring super nat 6 -24 monitoring nat 6 -24 monitoring pat 6 -23 monitoring super nat 6 -25 network address translation (nat) 6 -23 overview 6 -19 adsl rese...
Page 162
Ii d data filtering, input and output 6 -44 data filters 6 -45 defaults 4 -2, 4 -7 dhcp configuration set dhcp mode b -25 set dhcp relay server1 b -25 set dhcp relay server2 b -25 set dhcp server b -26 overview 6 -27 relay 6 -29 server 6 -28 statistics show dhcp server counters b -43 show dhcp serve...
Page 163
Iii i input and output filters contrasted 6 -54 input data filters 6 -45 input filters 6 -54 interface 1 -1, 2 -3 interface filters 6 -54 interfaces disable interface b -13 disable link_traps interface b -14 enable interface b -15 list active interfaces b -17 list interfaces b -19 list lan interface...
Page 164
Iv ip routing framed routes 6 -18 static routes 6 -18 ip source and destination network filtering using cli 6 -50 ip source and destination port filtering using cli 6 -50 ipx configuration add ipx network b -4 delete ipx network b -11 disable ipx network b -13 enable ipx network b -15 set ipx networ...
Page 165
V n network address translation (nat) 6 -23 network service, configuring 6 -3 network user 2 -2, 2 -3, 4 -4, 4 -5, 4 -6 o output data filters 6 -45 output filters 6 -54 p package, what’s included 1 -1 packet filters 6 -44 password 2 -2, 2 -3 password b -22 password protection 6 -43 password protecti...
Page 166
Vi s sample configuration a -1 scripts cli do (run cli script) b -14 security cli access disable security_option remote_user administration b -14 enable security_option remote_user administration b -16 dial-in disable user b -14 enable user b -16 telnet disable telnet escape b -14 enable telnet esca...
Page 167
Vii t telnet access 6 -42 tftp access 6 -42 u unconfigured state (booting 812 in) 4 -1 unconfigured state (restoring 812 to) 4 -1 users delete user b -12 show user settings b -56 show vc settings b -56 v vc delete vc b -12 set vc b -36 vc/remote site filters 6 -55 virtual channel (vc) 2 -3, 5 -1 vir...
Page 169
3com corporation l imited w arranty h ardware 3com warrants its hardware products to be free from defects in workmanship and materials, under normal use and service, for the following lengths of time from the date of purchase from 3com or its authorized reseller: if a product does not operate as war...
Page 170
Fcc c lass b s tatement this device complies with part 15 of the fcc rules. Operation is subject to the following two conditions: 1 this device may not cause harmful interference, and 2 this device must accept any interference received, including interference that may cause undesired operation. Warn...