User manual INTELLINET 516204 - REFERENCE MANUAL

Access Router Command Line Interface Reference Manual Version 1.0 Access Router Command Line Reference Manual May, 2001 Limitation of Liability Information in this document is subject to change without notice. The material contained herein is supplied without representation or warranty of any kind. Therefore assumes no responsibility and shall have no liability of any kind arising from the supply or use of this document or the material contained herein. Page ii Access Router Command Line Interface Reference Manual Table of Contents General Guidelines.......................................................................................................................... 1 "Express Mode" vs. "Advanced Mode" ........................................................................................... 3 Conventions .................................................................................................................................... 4 Command Categories ...................................................................................................................... 5 Command List ................................................................................................................................ 6 * Bridging Commands ........................................................................................................... 6 Compression Commands........................................................................................................ 6 DHCP Commands.................................................................................................................. 6 Diagnostic Commands ........................................................................................................... 7 Dial-in User Commands ......................................................................................................... 7 Filtering Commands............................................................................................................... 7 IP Commands ........................................................................................................................ 7 * IPX Commands................................................................................................................... 8 Port Commands...................................................................................................................... 9 Profile Commands.................................................................................................................. 9 SNMP Commands.................................................................................................................. 9 Statistics Commands .............................................................................................................10 System Commands................................................................................................................10 # VPN-L2TP Tunnel Commands...........................................................................................11 Command Detail ...................................................................................................................12 * Bridging Commands ..........................................................................................................12 enable/disable bridging ....................................................................12 enable/disable learning.................................................................................................12 show bridging ..............................................................................................................12 show learning...............................................................................................................12 show learning ..................................................................................13 Compression Commands.......................................................................................................13 clear compression statistics ................................................................13 disable compression ............................................................................13 enable compression ............................................................................13 show compression statistics ...............................................................13 DHCP Commands.................................................................................................................14 add dhcp entry ....................................................................................14 add dns .....................................................................15 delete dhcp entry ....................................................................................15 Access Router Command Line Interface Reference Manual Page iii delete dns .................................................................................. 15 disable dhcp ................................................................................................................ 15 enable dhcp................................................................................................................. 15 set dhcp.................................................................................................................... 15 set range................................................................................................................... 16 show dhcp................................................................................................................... 16 show dhcp table .......................................................................................................... 16 show range.................................................................................................................. 17 Diagnostic Commands ......................................................................................................... 17 connect profile ................................................................................... 17 disconnect profile .............................................................................. 17 enable/disable trace ..................................................................................................... 17 &ipxping ............................. 17 ping ipAddr [ < n_size>] ............................................................................ 17 set log level <1-10>..................................................................................................... 18 & test modem .......................................................... 18 Dial-in User Commands ....................................................................................................... 18 add user (where "profile name" is a string <= 30 chars) ..................................................................................................................... 18 delete user .......................................................................................... 19 show user [profile name] ............................................................................................. 19 Filtering Commands............................................................................................................. 20 add filter <1-8> ........................................................................................................ 20 add ipx filter <1-8> ............................................................................................... 21 delete filter <1-8> ....................................................................................................... 22 * delete ipx filter <1-8>............................................................................................... 22 set filter default ........................................................................................................ 22 set ipx filter default ............................................................................................... 22 show filter................................................................................................................... 22 show filter <1-8 > ....................................................................................................... 23 * show ipx filter .......................................................................................................... 23 * show ipx filter <1-8 >............................................................................................... 23 IP Commands....................................................................................................................... 23 add ip route .............. 23 add ip route < hop count, 1-15>................... 23 add pat entry .................................................................................... 24 add pat entry default................................................................................................. 24 Page iv Access Router Command Line Interface Reference Manual delete ip default route.................................................................................................. 24 delete ip route .......................................................................... 24 delete ip ......................................................................................... 25 delete pat entry ................................................................................... 25 delete pat entry default ................................................................................................ 25 disable spoofing ............................................................................. 25 enable spoofing .................................................................. 25 ping ipAddr [ < n_size>] ............................................................................ 25 set ip default route ......................................................................... 25 set ip default route ............................................................................. 25 set ip lan .................................................................................. 25 set ip private ............................................................................ 26 set ip rip [Interface Name] ................................ 26 set ip ................................................................................................. 27 set ip < local-ipAddr> .......................... 27 show arp table ............................................................................................................. 27 show icmp statistics..................................................................................................... 27 show ip ....................................................................................................................... 27 show ip ........................................................................................... 28 show ip routing table ................................................................................................... 28 show ip statistics ......................................................................................................... 29 show pat ..................................................................................................................... 29 show tcp statistics........................................................................................................ 29 show udp statistics ...................................................................................................... 29 * IPX Commands................................................................................................................. 30 add ipx route < hop count, 1-15> ............ 30 add ipx route < hop count, 1-15>................................................................................................................ 30 add ipx route lan < hop count, 1-15>.. 30 add ipx sap............................................................................................................... 30 delete ipx default route ................................................................................................ 31 delete ipx route ................................................................... 31 delete ipx sap ........................................................................................................... 31 delete ipx ........................................................................................ 31 disable spoofing .............................................. 31 enable spoofing [ipxrip]..................................................................... 31 enable spoofing <1-60> ............................................ 31 Access Router Command Line Interface Reference Manual Page v ipxping ................................ 32 set ipx default route ........................................................................ 32 set ipx default route lan .................................................................... 32 set ipx rip [Interface Name] ......................................................... 32 set ipx ............................................................................................... 32 set ipx ........................................................................... 32 set ipx <802.3/802.2/ethernet_II/snap> .......................... 32 set ipx lan ................................................................................................................... 32 set ipx lan ..................................................................................... 32 set ipx lan <802.2/802.3/Ethernet_II/snap>.................................... 32 show ipx [Interface Name] ......................................................................................... 33 show ipx routing table ................................................................................................. 33 show ipx sap table ....................................................................................................... 33 show ipx statistics ....................................................................................................... 34 Port Commands.................................................................................................................... 34 clear port statistics [port name].................................................................................... 34 enable/disable port .................................................................................. 34 set port ................................................................................................ 34 show port .................................................................................................................... 35 show port ............................................................................................... 35 show port statistics ................................................................................. 35 Profile Commands................................................................................................................ 36 add profile ...................................................................................... 36 clear profile statistics [Profile Name]........................................................................... 37 connect profile ................................................................................... 37 delete profile ..................................................................................... 37 disable profile .................................................................................... 37 disconnect profile < Profile Name> ............................................................................. 37 enable profile ..................................................................................... 37 show profile ................................................................................................................ 37 show profile ...................................................................................... 38 show profile statistics .................................................................................................. 38 show profile statistics ........................................................................ 38 Security Commands ............................................................................................................. 38 set ip private ............................................................................ 38 SNMP Commands................................................................................................................ 38 clear trap manager <1-5>............................................................................................. 38 Page vi Access Router Command Line Interface Reference Manual enable/disable trap ...................................................................................................... 38 set community string read <"password"> ..................................................................... 39 set trap manager <1-5> ................................................................................ 39 show snmp statistics.................................................................................................... 39 show trap manager [1-5].............................................................................................. 39 Statistics Commands ............................................................................................................ 39 clear compression statistics ............................................................... 39 clear port statistics [port name].................................................................................... 39 clear profile statistics [Profile Name]........................................................................... 40 # clear tunnel statistics [tunnel id] ............................................................................... 40 show compression statistics ............................................................... 40 show icmp statistics..................................................................................................... 40 show ip statistics ......................................................................................................... 40 * show ipx statistics .................................................................................................... 40 show port statistics ................................................................................. 40 show profile statistics [Profile Name] .......................................................................... 40 show snmp statistics.................................................................................................... 40 show tcp statistics........................................................................................................ 40 # show tunnel statistics [tunnel id]............................................................................... 40 show udp statistics ...................................................................................................... 40 show statistics ................................................................................ 40 System Commands............................................................................................................... 41 change password ......................................................................................................... 41 clear config ................................................................................................................. 41 disable/enable remote-mgt........................................................................................... 41 disable/enable syslog................................................................................................... 41 disconnect telnet session <1-5> ................................................................................... 42 download config from .............................................................. 42 download firmware ..................................................................................................... 42 help ............................................................................................................................ 42 logout ......................................................................................................................... 42 reset system................................................................................................................. 43 save config.................................................................................................................. 43 set console baud ........................................................................................ 43 set console timeout <1-60>.......................................................................................... 43 set date ................................................................................................... 43 set daylight time ........................................................................................... 43 Access Router Command Line Interface Reference Manual Page vii set internet access time ............................................................................................. 43 set log level <1-10>..................................................................................................... 44 set prompt <"prompt"> ............................................................................................... 44 set system contact <"name">....................................................................................... 44 set system location <"location information">............................................................... 44 set system name <"system name"> .............................................................................. 44 set time ................................................................................................... 45 set timezone <-12 - +12>............................................................................................. 45 show config ................................................................................................................ 45 show connection log.................................................................................................... 45 show interface list ....................................................................................................... 45 show internet access time ............................................................................................ 45 show syslog................................................................................................................. 46 show system................................................................................................................ 46 show system log.......................................................................................................... 46 show telnet session...................................................................................................... 47 show time ................................................................................................................... 47 upload config to ....................................................................... 47 # VPN-L2TP Tunnel Commands .......................................................................................... 47 add tunnel ........................................................................................ 47 clear tunnel statistics [tunnel name] ............................................................................. 48 delete tunnel ........................................................................................ 48 show tunnel [tunnel name]........................................................................................... 48 show tunnel statistics [tunnel name]............................................................................. 48 Page viii Access Router Command Line Interface Reference Manual GENERAL GUIDELINES When the router is powered up, the user can connect a terminal (or the PC running terminal emulation software) to the auxiliary (console) port to perform configuration and management functions. Alternatively, the Command Line Interface may be accessed via a standard telnet application. When properly connected, setting the console speed to a baud rate of 19200 bits per second, eight data bits, no parity, one stop bit, and pressing a carriage return key, the user will see a system sign-on message followed by a password prompt as follows. Router Manager Console Version: rev_no Please enter your password: ******** A default password "password" has been pre-configured with the system. The user should use it to log into the system until the password is explicitly changed using the change password command. Note that the entered password is casesensitive. This password may also be changed using the browser-based GUI configuration utility. The password entered will be echoed as asterisks (*). After the Carriage Return is entered, if the password string is validated, the command prompt Command> will be displayed, and the user can then issue other commands. Otherwise, the password prompt will be redisplayed. Many commands are single-line commands, and commands are not context sensitive: each command is independent of other commands before or after it. Exceptions to the single line mode are indicated in this manual by the prefix "". These commands invoke an interactive user dialog. The command syntax is straightforward. The following briefly summarizes the guideline for the interface. · · At any time, the user can type a " ?" (preceded by a space) to request contextsensitive help on what the user can enter next. At any time, the user can type control-p (^p, by pressing both the Ctrl key and the p key at the same time) to repeat the previous command, or control n to return to the following (next) command. At startup, typing ^p or ^n will not cause anything to happen - since previous commands do not yet exist. In normal operation typing ^p will cause the previous command to show, and the cursor will sit at the end of the command. At this point, the user can either type a carriage return to accept the command, or type backspaces to edit the command from the end, or ^p to get to its previous command, or ^n to get to its following command (if applicable). Up to 15 previously entered commands can be invoked through ^p's and ^n's. If a keyword is expected when the user types " ?", all valid keywords will be displayed, then the command typed so far will be re-displayed, with the cursor sitting at the end (waiting for the user to continue). If the user had previously typed part of the keyword but did not finish it, and if the characters typed so far uniquely identify the keyword, if the user types a tab (or a space) character, and the system will complete the keyword automatically. If the characters typed so far do not uniquely identify a keyword, nothing will happen. · · If the user is not sure what to type next, he can type " ?", which will cause those keywords that match the characters typed so far to be displayed. If an interactive mode is entered, the system will prompt for each parameter Router Command Line Interface Reference Manual Page 1 required, such as: ... enter Link management protocol (none, none/Annex-D): enter polling interval in seconds (10, 5 - 30): ... The first prompt means there are two choices (none and Annex-D), with none being the default. The second prompt means a number between 5 and 30 is expected, with 10 being the default. If it is the first time a particular parameter is configured, typing a carriage return will cause the default value to be selected. Otherwise, typing a carriage return means no change to the existing value. Some interactive commands will query the user for the type of parameter to be entered. For example, ... enter Day-of-the-week (all, (a)ll/(d)ay-range): d enter dd1-dd2 (Unspecified): mon-sat ... Page ii Access Router Command Line Interface Reference Manual "EXPRESS MODE" VS. "ADVANCED MODE" The Command Line Interface operates in one of two modes: Express Mode or Advanced Mode. In Express Mode, not all parameters may be displayed. Default values are set for parameters not displayed in multi-line commands. In Advanced Mode, users have the option to modify all possible values appropriate to each operation. The user can toggle between Express Mode and Advanced Mode by typing ^E (Control-E) at any time. Normally, the system prompt will be changed by appending ">>" to the configured prompt when in Advanced Mode. Access Router Command Line Interface Reference Manual Page 3 CONVENTIONS Note that the meaning of "port n" may differ depending upon the model being managed. Examples using the terminology are model-specific. The following notations will be used: · · · · lan means the LAN port; <> specifies the arguments of the command, <1-4> means a number between 1 to 4; [ ] indicates a required or optional parameter, or choice of parameters; Interface Name or ifName represents a profile interface, which can be the LAN port (lan), a PPP profile, a PPPoE profile, an ISDN connection profile, or a modem profile. (The interface types available depend upon the router model and the installed firmware and, perhaps, the installed feature key.) Profile Name means a WAN profile, such as a PPP profile, LAN-to-LAN profile, Internet profile, or Single User Dial-in profile, not the LAN port. xxx/yyy means xxx, or yyy; num means any integer number (such as 19200, 9600, ...); MacAddr, or nn-nn-nn-nn-nn-nn means any MAC address in hexadecimal format, where each nn can be 00, 01, ... 09, 0A, 0B, 0C, 0D, 0E, 0F, 10, 11, ... FF; ipAddr, netMask, or xxx.xxx.xxx.xxx means any ip address or network mask, where xxx is a decimal integer between 0 and 255 the term string means a string of characters up to the specified length, which may be enclosed in double quotes (") (required if the string contains embedded blanks · · · · · · Page iv Access Router Command Line Interface Reference Manual COMMAND CATEGORIES From a functional point of view, commands can be grouped into the following functional categories: (1) Bridging (4) Filtering (7) Port (10) SNMP (13) VPN (2) Compression (5) IP (8) Profile (11) Statistics (3) Diagnostics (6) IPX (9) Security (12) System This list may vary depending upon the router model and the installed features. For convenience, the section Command List summarizes all commands using the following categories: § Bridging § Compression § Diagnostics § DHCP § Dial-In § IP § IPX § Port § Profile § Security § SNMP § Statistics § System § VPN-L2TP Users Tunnel This summary is followed by examples in subsequent sections. Examples will be given in the following format: Command Syntax Description: the description of the command is given here. Example: Command> command (with parameters) Output ... Access Router Command Line Interface Reference Manual Page 5 COMMAND LIST Note that commands may apply with a particular Feature. Each command below which is affected, is identified by a symbol which is associated with a Feature as follows: £ k Feature: WAN backup via external modem or ISDN TA £ X Feature: Virtual Private Networking in L2TP mode £ q Feature: IPX/Bridging In addition, those commands which involve an interactive user dialog are prefixed with the symbol, "". * Bridging Commands disable bridging disable learning enable bridging enable learning show bridging show learning show learning Compression Commands clear compression statistics disable compression enable compression show compression statistics DHCP Commands add dhcp entry add dns delete dhcp entry delete dns disable dhcp enable dhcp set dhcp set range show dhcp show dhcp table show range Page vi Access Router Command Line Interface Reference Manual Diagnostic Commands connect profile disable trace disconnect profile enable trace * ipxping ping [integer greater than 0][packet length, greater than or equal to 56] set log level <1-10> & test modem Dial-in User Commands add user delete user show user [profile name] Filtering Commands add filter <1-8> * +add ipx filter <1-8> delete filter <1-8> * delete ipx filter <1-8> set filter default set ipx filter default show filter show filter <1-8> * show ipx filter show ipx filter <1-8> IP Commands add ip route add ip route add pat entry add pat entry default delete ip default route delete ip route delete ip delete pat entry delete pat entry default Access Router Command Line Interface Reference Manual Page 7 disable spoofing enable spoofing ping [integer >=1] [packet length, >=56] set ip default route set ip default route set ip lan set ip private set ip rip set ip rip [Interface Name] set ip set ip show arp table show icmp statistics show ip show ip show ip routing table show ip statistics show pat show tcp statistics show udp statistics * IPX Commands add ipx route add ipx route add ipx route lan add ipx sap delete ipx default route delete ipx route delete ipx sap delete ipx disable spoofing enable spoofing enable spoofing <1-60> ipxping =1> set ipx default route set ipx default route lan set ipx rip [Interface Name] Page viii Access Router Command Line Interface Reference Manual set ipx set ipx set ipx <802.3/802.2/ethernet_II/snap> set ipx lan set ipx lan set ipx lan <802.3/802.2/ethernet_II/snap> show ipx show ipx show ipx routing table show ipx sap table show ipx statistics Port Commands clear port statistics clear port statistics disable port enable port set port show port show port show port statistics Profile Commands add profile clear profile statistics [Profile Name] connect profile delete profile disable profile disconnect profile enable profile show profile show profile show profile statistics show profile statistics SNMP Commands clear trap manager <1-5> disable trap Access Router Command Line Interface Reference Manual Page 9 enable trap set community string read set trap manager <1-5> show snmp statistics show trap manager [1-5] Statistics Commands clear compression statistics [Interface Name] clear port statistics [port name] clear profile statistics [Profile Name] # clear tunnel statistics [tunnel id] show compression statistics show icmp statistics show ip statistics * show ipx statistics show port statistics show profile statistics [Profile Name] show snmp statistics show tcp statistics # show tunnel statistics [tunnel id] show udp statistics show statistics System Commands change password clear config disable/enable remote-mgt disable/enable syslog disconnect telnet session <1-5> download config from download firmware help logout reset system save config set console baud set console timeout Page x Access Router Command Line Interface Reference Manual set date set daylight time set internet access time set log level <1-10> set prompt set system contact set system location set system name set time set timezone <-12:00 - +12:00> show config show connection log show interface list show internet access time show syslog show system show system log show telnet session show time upload config to # VPN-L2TP Tunnel Commands add tunnel clear tunnel statistics [tunnel name] delete tunnel show tunnel [tunnel name] show tunnel statistics [tunnel name] Access Router Command Line Interface Reference Manual Page 11 Command Detail * Bridging Commands Although routing is preferred over bridging for transmitting data across wide area connections, occasionally bridging is required. For example, when the data packets to be transmitted are neither IP nor IPX (such as NetBEUI, SNA or AppleTalk), or when the other end of the WAN connection only supports bridging. Bridging uses an intelligent learning algorithm to build up a MAC-address-tointerface mapping, which it then uses to make forwarding decisions for each packet it receives, whether the packet should be forward to the LAN side or to one of the WAN connections. enable/disable bridging Description: This command enables or disables bridging over the specified interface. If the interface already has IP/IPX routing enabled, then routing will take precedence. For example, if both bridging and IP routing are enabled over interface profile1, IP data will be routed, and all non-IP data will be bridged. Example: Command> enable bridging profile1 enable/disable learning Description: This command enables or disables address learning for all bridging ports. The default mode is enabled. When learning is enabled, MAC addresses will be learned and maintained in the address table. However, an entry will be "aged out" (removed) if the same address is not re-learned within a fixed time period, When learning is disabled, all addresses learned so far will no longer be aged out. show bridging Description: This command displays the bridging configuration over all interfaces. Example: IfName IP IPX Other -----------------------------------------------------------Melbourne disabled disabled enabled isp1 enabled disabled disabled lan enabled enabled enabled show learning Description: This command displays MAC addresses learned from all bridgingenabled interfaces. Example: Command> show learning lan: MAC Address --------------------------12-22-33-3D-D5-00 Page xii Access Router Command Line Interface Reference Manual 00-60-54-16-67-01 00-96-33-58-BD-DE Total MAC addresses: 3 newyork: MAC Address --------------------------00-40-33-3D-D5-DB 00-60-20-16-00-01 00-40-33-58-07-DE Total MAC addresses: 3 show learning Description: This command displays MAC addresses learned from a specified interface. Example: Command> show learning lan MAC Address --------------------------00-40-33-3D-D5-DB 00-60-20-16-00-01 00-40-33-58-07-DE Total MAC addresses: 3 Compression Commands Compression can be enabled over serial interfaces running the PPP protocol in order to allow more efficient use of the WAN bandwidth. Currently, STAC based compression is supported. Note that these commands cannot manage the operation of modem-based compression (MNP5/V.42). Modem initialization strings manage this type of compression. clear compression statistics Description: The statistics counters associated with compression over the specified interface are reset. disable compression Description: This command disables compression over the specified interface. enable compression Description: This command enables compression over the specified interface. show compression statistics Description: This command displays compression related statistics for the specified interface. Access Router Command Line Interface Reference Manual Page 13 DHCP Commands The Dynamic Host Control Protocol (DHCP) is a client/server protocol1 that defines an efficient and convenient means of dynamically assigning IP addresses and other networking parameters for a period of time upon request. In a router environment, this means either the dynamic assignment of "private" IP addresses to PCs co-residing on the LAN segment with the router or a static assignment of these addresses according to the station identification (the MAC address) of the requesting client. Since the routers are, by default, configured with a private IP address for its LAN connection, the DHCP server is automatically enabled. (The DHCP function is disabled if the router discovers another DHCP server at initialization time, or if the user has explicitly disabled this function.) DHCP clients residing in LANresident machines, such as those running Windows 95/98, may then request a lease for an IP address from a DHCP server. As the term implies, the assignment of the address is temporary. The default lease period in a router's DHCP server is ten hours. The DHCP client is responsible for the renewal of the lease. Both static and dynamic DHCP assignments are supported. The range of IP addresses in the dynamic pool from which the server selects an address to satisfy a request depends upon the currently configured private address and network mask of the router. The router's default IP private address is 192.168.168.230 with a network mask of 255.255.255.0. This private address may be changed to any private address and network mask as specified in the following table: Class Network Address Network Prefix Default Network Mask Maximum Number of Host Addresses 16,777,214 65534 Lowest/Highest Address A B 10.0.0.0 172.xx.0.0 31 xx 16 8 bits 12 bits 255.0.0.0 255.255.0.0 10.0.0.1/10.255.255.254 172.xx.0.1/172.xx.255.254 31 xx 16 C 192.168.xx.0 255 xx 0 16 bits 255.255.255.0 254 192.168.xx.1/192.168.xx.254 255 xx 0 Once configured, the DHCP server will assign private addresses from within the defined private address range with the highest available address being assigned first. This address range may be modified using the "set range" command. Statically assigned addresses must be within this range as well. Up to 20 static DHCP assignments may be configured and saved. If the Default Network Mask is modified, the DHCP address range is likewise modified, with the highest configurable address being assigned first, by default (also modifiable via the "set range" command). add dhcp entry Description: This command adds or edits a static DHCP assignment entry. An entry added to the Static DHCP Assignment Table causes a DHCP client to be assigned the same IP address whenever a DHCP client request is received from a machine with the specified MAC address. Example: 1 The Internet Engineering Task Force (IETF) defines DHCP in RFC-2131 and RFC-2132. Page xiv Access Router Command Line Interface Reference Manual Command> add dhcp entry daniel enter IP address (Unspecified): 192.168.168.134 enter MAC address (Unspecified): 00-40-05-35-db-4f Note that the format of the MAC address uses embedded dashes add dns Description: This command allows the specific assignment of Domain Name Server (DNS) IP addresses that will be subsequently assigned to requesting DHCP clients. Note that these addresses also can be automatically obtained via protocol negotiation when connecting to a remote IP network, e.g., a connection to an ISP. Both a primary DNS server address and a secondary DNS server address may be assigned using separate commands. delete dhcp entry Description: This command deletes the specified entry from the Static DHCP Assignment Table. delete dns Description: The specified Domain Name Server IP address will no longer be assigned by the DHCP server to requesting clients. Note that a subsequent connection to an ISP may once again cause these values to be assigned to requesting clients. disable dhcp Description: This command disables the Dynamic Host Control Protocol server functions within the router. The router will no longer respond to lease requests. Existing leaseholders will not be able to renew their leases after the lease term expires, unless another DHCP server resides within the network. enable dhcp Description: This command enables the Dynamic Host Control Protocol server functionality within the router. When enabled, the router will service a client request for IP address and net mask assignment, as well as assignments of default gateway, DNS server addresses, WINS server addresses and NetBIOS Node Type. The pool of addresses from which the router selects is defined in the table above. The default is 192.168.168.230, unless re-configured with the "set ip private ... " command (or its HTTP equivalent). The term of the lease is 10 hours. The factory default is enabled. set dhcp Description: This command configures the global parameters to be supplied to all requesting DHCP clients. Note that the DHCP service can also be enabled or disabled from this command. Example: Command> set dhcp enable DHCP (Yes, Yes/No): yes configure WINS server (No, Yes/No): yes enter primary WINS server address (Unspecified): 63.221.98.5 enter secondary WINS server address (Unspecified): 63.221.98.7 enter NetBIOS node type (none, none/b/p/m/h): h Access Router Command Line Interface Reference Manual Page 15 Command> set range Description: This command sets the bounds for dynamic assignment of IP addresses to both DHCP clients and dial in users. A dialog ensues wherein the user is asked first to enter the upper bound address, and then the lower bound address. The default upper bound is the highest address in the configured private IP subnet. For example, if the configured private IP subnet is 192.168.168.0/255.255.255.0, then the default upper bound for dynamic assignment is 192.168.168.254. The default lower bound is the high address less 253, which, in our example, is 192.168.168.1. Any address lower than the lower bound is not assigned automatically by the router to requesting DHCP clients or dial-in users and may be used for manual configuration of a LAN device (unless used by another router elsewhere on the LAN). The administrator may alter these addresses to any address that is valid within the configured private IP subnet. The upper bound address must be greater than the lower bound address. Note that dial in users will be assigned addresses in pairs. The router will check before assignment of any dynamic address to ensure that it is not in use elsewhere in the network. If the router's private IP network is modified, the range values that are in conflict with the new IP network settings will revert to the above mentioned defaults until manually altered by the administrator. Example: Command> set range enter upper bound address (192.168.168.254): enter lower bound address (192.168.168.1): show dhcp Description: This command displays the current status of the Dynamic Host Control Protocol server. Example: Command> show dhcp Admin Status: Network address: Default gateway: Primary DNS: Primary WINS: Node Type Enable 192.168.168.0 192.168.168.230 199.191.129.139 63.221.98.5 h-node Default Lease: 10 hours Netmask: 255.255.255.0 Secondary DNS: 199.191.144.75 Secondary WINS:63.221.98.7 IP-Address Mac-Addr Lease-Expires Entry Type ------------------------------------------------------------------192.168.168.134 00400535db4f 06-15-99 14:24:5 Static 192.168.168.254 222222222222 06-15-99 16:43:7 Dynamic show dhcp table Description: This command displays the entries currently configured in the Static DHCP Assignment Table Example: Command> show dhcp table Static DHCP Assignments Name IP-Address Mac-Address ---------------------------------------------------------------daniel 192.168.168.134 00-40-05-35-DB-4F Page xvi Access Router Command Line Interface Reference Manual show range Description: This command displays the upper and lower bound addresses currently being used for the dynamic assignment of private IP addresses to DHCP clients and dial in users. (See "set range", above) Example: Command> show range IP address assignment range: 192.168.168.1 ­ 192.168.168.254 Diagnostic Commands connect profile Description: For switched profiles, this command activates the profile as if a trigger occurred. This command has no effect on leased line profiles. disconnect profile Description: For active switched profiles, this command terminates the connection as if an idle timeout occurred. This command has no effect on leased line profiles. enable/disable trace Description: This command enables or disables the debug trace messages. When enabled, all log messages entered into the system log will appear in the console session from which this command is issued. *ipxping Description: This command performs an IPX Ping (a diagnostic message to be echoed by the receiving device) to a remote IPX node, which is on the remote IPX network remote-Network#, with MAC address remote-MacAddr. The ping is performed repeat-count times. ping ipAddr [ < n_size>] Description: This command allows the user to ping an IP device (send a diagnostic message to be echoed by the receiving device). If n_times and n_size are optionally specified, the ping will be performed n_times times, and each time with size equal to n_size. Otherwise, ping will only be executed once with the packet size equal to 56 bytes. The maximum value of n_times is 100: any value larger than this will be set to 100. The maximum value of n_size is 1932: any value larger than this will be set to 1932. Example: Command> ping 10.0.0.2 100 1000 Repeating times = 100, data length = 1000 Ping packets -- total: 100 sent: 100 received: 100 Command> ping 10.0.0.2 Repeating times = 1, data length = 56 Ping packets -- total: 1 sent: 1 received: 1 Access Router Command Line Interface Reference Manual Page 17 set log level <1-10> Description: For a description of this command, see "set log level <1-10>" under System Commands. & test modem Description: This command causes a modem call to the specified telephone number. The call is cleared immediately after a connection is established. Example: Command> test modem m 123456 Dial-in User Commands Dial-in user profiles are used by stand-alone remote workstations connecting via a switched connection through a modem or an ISDN line. A user workstation effectively becomes a LAN node for the duration of its connection. Its ARP information is proxied by the router. When a switched call is answered, the local profile database is searched for a match with the received name. If an appropriate profile is not found, the call is rejected. If a profile is found, the information in the entry is used to authenticate and configure the connection. add user (where "profile name" is a string <= 30 chars) Description: This command configures an entry in the local profile database. The users added with this command might be single workstations dialing in through a modem or terminal adapter, or they may be connected using an VPN connection through the Internet. The following examples illustrate the dialog that ensues and the items of information that the router needs for these profiles: Example 1: Add the following Single Workstation dialing into a router through external modem (or ISDN TA) using the CLI Express Mode (you can toggle between Express Mode and Advanced Mode by using the Ctrl-E key combination) Command> add user u1 Add new user profile "u1" ... #allowable interfaces (Modem, Modem/VPN-L2TP): user name (Unspecified): user1 user password (Unspecified): *** password confirm (***): *** The Express method of configuring a dial-in user will use the following defaults: · · · · · · · · Callback: No IP Enabled IP RIP Disabled IPX Enabled IPX RIP/SAP Enabled No Compression Default Idle Timeout (model-dependent) Dynamic Caller IP Address and IPX Network Number assignment Access Router Command Line Interface Reference Manual Page xviii Example 2: Add the following Single Workstation dialing into the router using the CLI Advanced Mode Command>>> add user u2 Add new user profile "u2" ... #allowable interfaces (Modem, Modem/VPN-L2TP): user name (Unspecified): user2 user password (Unspecified): *** password confirm (***): *** enable call back (No, yes/no): y call back number (Unspecified): 5554444 compression (No, no/stac): idle timeout (120, 0[none]-3600): enable IP (Yes, yes/no): use dynamic IP address assignment? (Yes, yes/no): no enter dialer IP address (unspecified): 121.0.0.1 enter router IP address (unspecified): 121.0.0.2 enable IPX (Yes, yes/no): use dynamic IPX network number assignment? (Yes, yes/no): no enter IPX network number (unspecified): 11223344 bridging (No, yes/no): delete user Description: Deletes a dial-in user entry from the local user database. show user [profile name] Description: Displays the current local profile database. Example 1. Without the user name parameter the output appears as follows: Command> show user profile name: user name: enable IP: enable IPX: profile name: user name: enable IP: enable IPX: profile Name: enable IP: u2 user2 Yes Yes u1 user1 Yes Yes rho (VPN-L2TP) Yes dial in from: IP RIP: IPX RIP/SAP: Workstation Disable Enable dial in from: IP RIP: IPX RIP/SAP: Workstation Disable Enable 2. When a specific user is named, the output appears as follows: Command> show user u1 profile name: u1 user name: user1 port type: Modem caller ID: None auth method: Either encryption: No enable IP: Yes IP address: Dynamic enable IPX: Yes IPX Number: Dynamic bridging: No dial in from: multilink: callback #: compression: idle timeout: IP RIP: IPX RIP/SAP: Workstation No None No 300 Disable Enable Access Router Command Line Interface Reference Manual Page 19 Filtering Commands add filter <1-8> Description: This command adds or modifies the nth IP filter rule in the system Packet Filtering allows each IP packet exiting a router interface to be examined for a match with a configured set of rules. If all of the conditions in any rule do not match the contents of the packet, then the packet is either forwarded or discarded, depending upon the filter default for that interface. Otherwise, the exception action is taken, i.e., the packet is discarded or forwarded, the opposite of the default action. The default action for an interface is set by the set filter default command described below. The total number of rules system-wide in this version of the firmware is limited to eight. Each of these rules may be assigned to one specific interface. The conditions that may be specified are: Conditions IP Protocol 1. 2. 3. 4. 5. Source IP Address 1. 2. 3. 4. Destination IP Address 1. 2. 3. 4. Source TCP/UDP Port 1. 2. 3. Destination TCP/UDP Port 1. 2. 3. Any protocol TCP UDP ICMP IGMP Any value (wildcard) Values Individual IP Address (xxx.xxx.xxx.xxx) Range of consecutive IP Addresses (xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy) A Network of IP Addresses (and its associated subnet mask). (xxx.xxx.xxx.xxx/mmm.mmm.mmm.mmm) Any value (wildcard) Individual IP Address (xxx.xxx.xxx.xxx) Range of consecutive IP Addresses (xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy) A Network of IP Addresses (and its associated subnet mask). (xxx.xxx.xxx.xxx/mmm.mmm.mmm.mmm) Any value (wildcard) A TCP or UDP Port Number A consecutive range of TCP/UDP Port Numbers Any value (wildcard) A TCP or UDP Port Number A consecutive range of TCP/UDP Port Numbers Filters are added by number. Note: Incorrect or mistyped filtering entries may cause undesired or unpredictable behavior. It is strongly recommended that this feature be used with the utmost care and planning. For a more detailed description of Filtering, please refer to the User Guide for your particular model. Example: Command> add filter 1 enter filter name (Unspecified): enter interface (Unspecified): enter IP protocol (any, (a)ny/TCP/UDP/ICMP/IGMP): enter Source IP Address (any, (a)ny/(s)ingle/(r)ange/(n)etwork): Page xx Access Router Command Line Interface Reference Manual /* if "s" or "single" specified */ enter single ip_addr (Unspecified): /* endif "single" */ /*if "r" or "range" specified */ enter ip_addr1-ip_addr2 (Unspecified): /* endif "range" */ /* if "n" or "network" specified */ enter ip_net_addr/netmask (Unspecified): /* endif "network" */ enter Destination IP Address (any, a)ny/(s)ingle/(r)ange/(n)etwork): enter Source TCP/UDP Port(any, (a)ny/(s)ingle/(r)ange): enter Destination TCP/UDP Port(any, (a)ny/(s)ingle/(r)ange): * +add ipx filter <1-8> Description: This command adds or modifies the nth IPX filter rule in the system IPX Packet Filtering allows each IPX packet exiting an interface to be examined for a match with a configured set of rules. If all of the conditions in any rule do not match the contents of the packet, then the packet is either forwarded or discarded, depending upon the IPX filter default for that interface. Otherwise, the exception action is taken, i.e., the packet is discarded or forwarded, the opposite of the IPX default action. The IPX default action for an interface is set by the set ipx filter default command described below. The total number of IPX rules system-wide in this version of the firmware is limited to eight. Each of these rules may be assigned to one specific interface. The conditions that may be specified are: Conditions IPX Packet Type Source Network Number Source Node Number Source Socket Number Destination Network Number Destination Node Number Destination Socket Number Values The IPX packet type value of the packet you wish to filter. This value is two hex-digits. The eight hex-digit source network number of the packet to be filtered. The twelve hex-digit value for the source node number of the packet you wish to filter. The source socket number of the packets that you wish to filter. This is a four-digit hex value. A range may also be specified. The destination network number of the packets to be filtered. This is a eight hex-digit hex value. The twelve hex-digit value for the destination node number of the packet you wish to filter. The destination socket number of the packets that you wish to filter. This is an eight-digit hex value. A range may also be specified. IPX Filters are added by number. Note: Incorrect or mistyped filtering entries may cause undesired or unpredictable behavior. It is strongly recommended that this feature be used with the utmost care and planning. For a more detailed description of Filtering, please refer to the User Guide for your particular model. Example: Command> add ipx filter 1 enter ipx filter name (Unspecified): enter interface (Unspecified): enter IPX Packet Type (any, (a)ny/(s)ingle): enter Source IPX Network Number (any, (a)ny/(s)ingle/(r)ange): /* if "s" or "single" specified */ enter single ipx_net_number (Unspecified): /* endif "single" */ enter Source IPX Node Number (any, (a)ny/(s)ingle): Access Router Command Line Interface Reference Manual Page 21 enter Source IPX Socket Number (any, (a)ny/(s)ingle/(r)ange): enter Destination IPX Network Number (any, (a)ny/(s)ingle/(r)ange): /* if "s" or "single" specified */ enter single ipx_net_number (Unspecified): /* endif "single" */ enter Destination IPX Node Number (any, (a)ny/(s)ingle): enter Destination IPX Socket Number (any, (a)ny/(s)ingle/(r)ange): delete filter <1-8> Description: This command deletes the specified rule. Example: Command> delete filter 1 £ qelete ipx filter <1-8> d Description: This command deletes the specified IPX rule. Example: Command> delete ipx filter 1 set filter default Example: Command> set filter default enter interface (Unspecified): isp enter default action (forward, forward/discard) : forward Description: This command sets the default action to be taken when an IP packet does not match any rule on the specified interface. See the description for the add filter command above. * +set ipx filter default Description: This command sets the default action for packets to be taken when an IPX packet does not match any rule on the specified interface. See the description for the add ipx filter command above. Example: Command> set ipx filter default enter interface (Unspecified): isp enter ipx default action (forward, forward/discard) : forward show filter Description: This command displays the entire configured rule set. Example: Command> show filter Interface Name : abc Default action is Filter 1: Filter Name: Interface Name: Src. IP: Dest. IP: Filter 2: Filter Name: Interface Name: Src. IP: Dest. IP: forward, and current exception rules are : Rule1 ppp2 212.54.104.1 any Src. Port: Dest. Port: 136 any Rule2 lan 204.122.6.240/255.255.255.240 Src. Port: any Dest. Port: any any Page xxii Access Router Command Line Interface Reference Manual show filter <1-8 > Description: This command displays the definition of the nth rule. Example: Command> show filter 1 Filter 1: Filter Name: Rule1 Interface Name: ppp2 Src. IP: 212.54.104.1 Dest. IP: any Src. Port: Dest. Port: 136 any * show ipx filter Description: This command displays the entire configured IPX rule set. Example: Command> show ipx filter Interface Name : abc IPX Default action is forward, and current exception rules are : Filter 1: Filter Name: Rule1 Interface Name: ppp2 IPX Packet Type: 04 Source IPX Net Number: 12345678 Source IPX Node Number: any Source IPX Socket Number: any Destination IPX Net Number: any Destination IPX Node Number:any Destination Socket Number: any Filter 2: Filter Name: Rule2 Interface Name: lan IPX Packet Type: 14 Source IPX Net Number: 87654321 Source IPX Node Number: any Source IPX Socket Number: any Destination IPX Net Number: any Destination Port Number: any Destination Socket Number: any * show ipx filter <1-8 > Description: This command displays the definition of the nth IPX filter rule. Example: Command> show ipx filter 1 Filter Name: Rule1 Interface Name: ppp2 IPX Packet Type: 4 Source IPX Net Number: Source Port Number: Source Socket Number: Destination IPX Net Number: Destination Port Number: Destination Socket Number: 12345678 any any any any any IP Commands add ip route add ip route < hop count, 1-15> Access Router Command Line Interface Reference Manual Page 23 Description: This command adds a static route to the IP routing table. The first example means that to send a packet to the destination IP address 204.71.220.153, the packet should be forwarded to 204.23.0.1 first, and the target is 4 hops away. The second example means that to send a packet to the destination IP address 204.71.220.153, the packet should be sent out over the frame relay profile dlci2 first, and the target is 4 hops away. Example: Command> add ip route 204.71.220.153 255.255.255.0 204.23.0.1 Command> add ip route 204.71.220.153 255.255.255.0 dlci2 4 4 add pat entry add pat entry default Description: Each IP packet received from the Internet interface is examined. If the destination address is the public address of the interface, the Network Address Translation Table is searched for a match. If the address is found, the destination address is replaced with the associated private address and port number. The packet is then forwarded to the IP routing process. If no match is found and a Default Private Receiver is defined, the packet is forwarded to this machine. If no match is found and a Default Private Receiver is not defined, the packet is discarded. Static entries may be created in this table by these commands. Note that static entries are mapped according to port number and therefore multiple protocols using the same port number will be routed to the mapped entry. Example 1: IP packets received with the public IP address of the router and a destination port number of 123 will be translated to port 234 with a destination private IP address of 10.0.1.120. Here, it is assumed that the private IP network is 10.0.1.0 with a subnet mask of 255.255.255.0. Command> add pat entry 123 Enter Private IP Address (unspecified): 10.0.1.120 Enter Private Port Number (unspecified): 234 Example 2: IP packets received with a destination port number not found in the Address Translation Table will be translated to a destination private IP address of 192.168.168.121. Here, it is assumed that the private IP network is 192.168.168.0 with a subnet mask of 255.255.255.0. Command> add pat entry default Enter Private IP Address (unspecified): 192.168.168.121 delete ip default route Description: This command deletes the default route from the IP routing table. Packets normally sent to the default router will then be discarded. delete ip route Example: Command> delete ip route 204.71.220.153 255.255.255.0 Description: This command deletes the static route for 204.71.220.153 from the IP routing table. Page xxiv Access Router Command Line Interface Reference Manual delete ip Description: This command deletes the IP protocol configuration from the specified interface. The corresponding IP routing table entry for this IP address is also deleted. delete pat entry Description: This command deletes the specified port mapping from the Network Address Translation Table. delete pat entry default Description: This command deletes the default port mapping from the Network Address Translation Table. disable spoofing enable spoofing Description: These commands enable/disable spoofing over switched connection profiles. Since dial-up connection charges are based on the connection time, a technique called IP spoofing is often used to limit or prevent unnecessary connection time. This is done by (1) allowing control packets to be sent only when the connection is already up transmitting user data, or (2) allowing control packets to be spoofed (faked) so that they don't add load to the WAN traffic. IP RIP broadcasts are sent only when the connection is up. Example: Command> enable spoofing isdn1 iprip Command> disable spoofing modem2 iprip ping ipAddr [ < n_size>] Description: See description under Diagnostics. set ip default route set ip default route Description: This command is used to set the IP default route. The default route will be used when an IP packet's destination IP address cannot be found in the IP routing table. If the default route is not defined, such a packet is discarded. Example: Command> set ip default route 204.71.220.153 Command> set ip default route isp3 set ip lan Description: This command assigns a "public" IP address to the LAN port of the router. As a consequence, the LAN port maps to two IP addresses (one public and one private), and is therefore on two networks. Example: Command> set ip lan 204.71.220.153 255.255.255.0 Access Router Command Line Interface Reference Manual Page 25 set ip private Description: This command is used to modify the "private" IP address on the router's LAN interface. The IP network corresponding to the "set ip private" command becomes the private network. Private addresses are not legal for use on the Internet and therefore, devices in this network are no longer accessible from public devices on the Internet side. All devices within this "private" network are represented by one single IP address: the IP address received from an Internet Service Provider at connect time. Note that 192.168.168.230 is the default private address used for routers, and the private network address is 192.168.168.0, and therefore all private devices (by default) should have IP addresses within the range of 192.168.168.1 to 192.168.168.254. Private IP addresses may be any Class A, B or C address as described in the "DHCP" section of this manual. Note that the router may also communicate with devices in a "public" IP network, as defined in the command "set ip lan ". When you modify the private IP network, related routes in the IP Routing Table and all entries in the Static DHCP table and the Network Address Translation table which conflict with the new address space will be deleted. You will receive a warning message asking if you would like this to be done. Example: Command> set ip private 10.0.1.168 255.255.255.0 set ip rip [Interface Name] Description: This command sets the IP RIP state to the disabled mode, passive mode or active mode. When in the passive mode, the router will receive RIP broadcast data from other routers (but not transmit); when in active mode, it will receive RIP broadcast data from other routers, and also broadcast the routing table and routing table updates as necessary. When "Interface Name" is omitted, the command applies to the entire system. The default mode is Active. One common way of configuring routers for a central site and a remote (relatively small) site network is as follows: assume the local site is a small branch network, which is connected to a central site, through which many other networks can be reached. Instead of allowing both routers to turn on RIP, a better way is to turn on RIP for the branch, but set the central site to be in the passive mode only. Thus, the central site will not send its routing table to the branch router, but the branch site will send the routing table and updates to the central site. Additionally, on the branch router, the user should set the default route to the WAN connection that leads to the central site. Now, from the central site's point of view, since it still sees all networks at the branch site, it has no problem routing any packet to the remote site. On the other hand, from the remote site's perspective, whenever a packet is to be routed, the remote site router will apply the standard routing algorithm to the packet and, if no route can be found, the packet will just be passed on to the central site for resolution. The idea is that the central site has the complete routing table, and thus "should" know how to route the packet. With that assumption, the branch router is relieved of the burden of having to receive routing table updates from the central site (which, in case of a large network, could be a huge routing table containing hundreds or thousands of routing entries). RIP, version 1 (or RIP1) transmits its routing table without subnet or next hop information, while RIP, version 2 (or RIP2) includes this information. These two versions are not compatible and RIP2 should only be specified when Page xxvi Access Router Command Line Interface Reference Manual communicating to other RIP2 routers. set ip set ip < local-ipAddr> Description: This command enables IP routing over the connection specified by Profile Name. Additionally, a WAN connection that supports IP routing, may, either be assigned zero or two IP addresses. If none are assigned, the connection is termed unnumbered, a popular feature available in newer routers (since the connection does not consume IP addresses). Numbered connections are assigned two addresses, one at each end of the connection (complete with the network mask). Examples: Command> set ip ppp2.23 204.71.220.153 255.255.255.0 204.71.220.151 1. This example assigns IP addresses to the two sides of the PPP connection ppp2. 204.71.220.153 is for the local side of ppp2, while 204.71.220.151 is for the remote side; both use the same network mask, 255.255.255.0. This command activates IP routing over the connection profile isdnprofile1. When a connection is set up using profile isdnprofile1, unnumbered IP routing will be turned on. (Refer to the section "Profile Commands") Command> set ip isdnprofile1 2. show arp table Description: This command displays the ARP (Address Resolution Protocol) cache table, which contains up to 16 most recent MAC-to-IP-address mappings that have not been aged out. Example: Command> show arp table 110.0.0.1 110.0.0.2 at 00:60:20:00:00:15 permanent at 00:40:33:3D:D5:DB show icmp statistics Description: This command displays statistical information associated with the Internet Control Message Protocol (ICMP). Received Transmitted -----------------------------------------------------------Dest Unreachable: 0 0 Time Exceeded: 0 0 IP Header Error: 0 0 Source Quench: 0 0 Redirect: 0 0 Echo Request: 0 0 Echo Reply: 0 0 Timestamp Request: 0 0 Timestamp Reply: 0 0 Address Mask Request: 0 0 Address Mask Reply: 0 0 Calls to icmp error: 0 Messages Reflected: 0 show ip Access Router Command Line Interface Reference Manual Page 27 Description: This command displays all interfaces on which IP routing has been enabled. Example: Admin. Oper. Destination/ IfName State State IP Address Netmask Broadcast Addr ------------------------------------------------------------------ppp2 Enabled Up 20.0.0.1 255.0.0.0 20.0.0.2 lan Enabled Up 110.0.0.1 255.0.0.0 110.255.255.255 dlci16 Enabled Up 10.0.0.1 255.0.0.0 10.0.0.2 dlci17 Enabled Up (Unnumbered) show ip Description: This command displays the IP configuration over the specified interface. Example: Command> show ip lan Interface: lan ----------------------------------------------------------------IP Address: 192.168.168.230 Netmask: 255.255.255.0 Dest. IP Address: 192.168.168.255 Opr./Admin. State: Up RIP State: Active Ver.1 IP Multicast: Disabled show ip routing table Description: This command displays the IP routing table. Each entry in the routing table corresponds to a network or a host, and contains necessary information that is required for routing data packets to that network or host. For example, entry 7 means that to send a packet to 110.0.0.1, the packet should be sent to the next hop router (gateway), whose IP address is 40.0.0.5. The destination is, according to the table, 5 hops away (where a "hop" is a traversal of a link from one router to another). Any entry whose Interface Name is lo means the corresponding destination network is locally attached to one of the serial interfaces. Also, if the Gateway field is empty, it means either the destination IP network is directly attached to the router (i.e., the destination is on the same LAN the router is connected to), or the destination is reachable through an unnumbered serial interface. The meanings of the flags are: S G C Example: Destination Netmask Gateway Hop IfName Flags ------------------------------------------------------------------40.0.0.0 0 lan 192.168.168.0 255.255.255.0 0 lan C 10.0.0.1 0 lo H 10.0.0.2 0 dlci16 H 20.0.0.1 0 lo H 20.0.0.2 0 ppp2 H 110.0.0.0 255.0.0.0 40.0.0.5 5 lan GS 120.0.0.0 255.0.0.0 40.0.0.5 1 lan GS Host Static Route Gateway Cloned Entry Page xxviii Access Router Command Line Interface Reference Manual show ip statistics Description: This csommand displays IP routing related statistics. Received Transmitted ----------------------------------------------------------------Packets received 17418 Datagrams generated Locally 123 Packets Forwarded 15768 Datagrams Delivered to Upper Layer 3241 Raw Packets Sent 1650 Redirects Sent: 0 Packet drops: IP Header Errors Unknown Protocols Not Forwardable: DONT-FRAGMENT Bit ON: No Buffers: No Route: fragmentation: Total Fragments Datagrams Reassembled Datagrams Fragmented for Output Fragments Dropped after Timeout Fragments Dropped (Duplicates/No Space) 0 0 0 0 0 0 0 0 0 0 0 0 show pat Description: This command displays the static configuration entries in the Network Address Translation Table. Example: Command> show pat Public Port Private IP Private Port Number Address Number -------------------------------------------------------Default 192.168.168.121 123 192.168.168.120 234 26 192.168.168.120 26 Command> show tcp statistics Received Sent ----------------------------------------------------Total Packets 0 0 show udp statistics Received Delivered ---------------------------------------------------------Total datagrams 19368 5424 Datagrams with checksum error 0 Datagrams with incorrect length 0 Datagrams dropped due to buffer full 1133 Datagrams with dest. port unreachable 0 Access Router Command Line Interface Reference Manual Page 29 * IPX Commands add ipx route < hop count, 1-15> add ipx route < hop count, 1-15> add ipx route lan < hop count, 1-15> Description: These commands add static routes to the IPX routing table. In the first example the network number of the destination IPX network is 10882244, and it's reachable through the LAN port. The Mac address of the next hop router (gateway) is 00-60-20-fe-3b-30 (therefore the IPX address of the next hop router is the network number for the LAN port concatenated with 00-60-20-fe-3b-30), and it's 4 hops away. If the destination network can only be reached through a LAN, then you need to specify the MAC address of the gateway on the LAN. If the destination can be reached through a serial interface, since, by definition, the next hop router will be the remote router on the other end of the serial interface, the identification of the profile alone would be sufficient (the MAC address is therefore not necessary). This is illustrated in the second examples. If the destination network can be reached through a EWAN profile with Ethernet encapsulated, then you need to specify the MAC address of the gateway . This is illustrated on the third examples. Example: Command> add ipx route 10882244 lan 00-60-20-fe-3b-30 4 Command> add ipx route 10882245 dlci23 4 Command> add ipx route 10882246 ewanlan 12-34-56-78-90-12 4 add ipx sap Description: This command allows the user to add a static SAP table entry into the SAP table. Note that entries are hexadecimal numbers. In order to connect to a remote preferred NetWare file server through the network, the following has to be done: (1) define a connection profile that contains the IPX address of this server as the remote network address (this will create a corresponding static entry in the IPX routing table), and (2) add a static SAP table entry in the SAP table for the server in the above example. When the user boots up the PC, it will search for the preferred server by broadcasting a message requesting "the preferred file server". Because of the static SAP entry configuration, the router will respond with the corresponding IPX address for the server. Having this address, the PC can now directly issue a login request to the server. Upon receiving the connection request, the router will consult the routing table. Since the server's IPX address is the same as the remote network number of the connection profile for the remote server, it will set up a connection to the remote site accordingly. Example: Page xxx Access Router Command Line Interface Reference Manual Command> add ipx sap enter server name (maximum 48 bytes): Engineering enter IPX network number: 51423 enter IPX node number: 11-22-33-44-55-66 enter IPX socket number: 451 enter IPX service type (1 - FFFF): 4 enter hops to reach the server: 2 delete ipx default route Description: This command deletes the default IPX route entry from the IPX routing table. delete ipx route Description: This command deletes the routing entry for the specified IPX network from the IPX routing table. Example: Command> delete ipx route 10882244 delete ipx sap Description: This command deletes the corresponding specified SAP entry from the IPX SAP table. Example: Command> delete IPX sap enter enter enter enter IPX IPX IPX IPX network number: 1234 node number: 00-80-00-00-00-00 socket number: 34 service type (1 - FFFF): 123 delete ipx Description: This command deletes IPX related configuration on the specified interface. disable spoofing enable spoofing [ipxrip] enable spoofing <1-60> Description: This command disables/enables spoofing over the specified interface. When enabling/disabling spoofing for ipxwatchdog, an argument in minutes is required. When the router disconnects from a remote site, the router will respond to IPX watchdog requests for the amount of time specified here. This only applies to switched connection profiles. The first command disables IPX RIP and SAP spoofing. The second command enables spoofing for IPX Watchdog, with a spoofing timer of five minutes. Example: Command> disable spoofing isdnprofile1 ipxrip Command> enable spoofing modemprofile2 ipxwatchdog 5 Access Router Command Line Interface Reference Manual Page 31 ipxping Description: This command performs an IPX ping to a remote IPX node, which is on the remote IPX network remote-Network#, with MAC address remoteMacAddr. The ping operation is performed repeat-count times. set ipx default route set ipx default route lan Description: This command is used to set the IPX Default Route. The default route will be used to route an IPX packet whose destination information cannot be found in the IPX routing tables. A LAN-resident device requires the entry of its MAC address. set ipx rip [Interface Name] Description: This command enables or disables the IPX RIP/SAP protocol for the specified interface. When it's disabled, all learned entries in the routing table will be removed. If interface name is omitted, then the command applies to the entire system. The default mode is enabled. set ipx set ipx set ipx <802.3/802.2/ethernet_II/snap> Description: This command enables the IPX protocol over the specified WAN profile. If a network number is specified, it will be assigned to the profile. Otherwise, the WAN interface will be unnumbered. If the EWAN profile is a configured with Ethernet encapsulation, the behavior is similar to the LAN but the network number must be explicitly configured. Example: Command> set ipx profile1 00223344 set ipx lan set ipx lan set ipx lan <802.2/802.3/Ethernet_II/snap> Description: This command assigns a local IPX network number to the attached LAN. Valid frame types include 802.2, 802.3, Ethernet II, and SNAP. While the router will still receive packets with any frame type, any routed packet sent out from the LAN port will be converted to the specified frame type. If the frame type is omitted, the system uses the existing frame type configuration, which defaults to 802.2. If the Network Number and Frame Type are not present in the command, the router will attempt to automatically detect these parameters from responses to queries to any locally attached IPX RIP-enabled devices. Note that automatic detection is attempted when the router is initialized. Page xxxii Access Router Command Line Interface Reference Manual Example: Command> set ipx lan 10882244 802.2 show ipx [Interface Name] Description: This command displays all interfaces where IPX routing has been enabled. If the interface name Interface Name is specified, then more information related to this interface, such as RIP/SAP state and spoofing, are also displayed. Example: Command> show ipx Admin. Oper. Net IfName State State Number MAC Address ------------------------------------------------------------ppp2 Enabled Up (Unnumbered) lan Enabled Up 111 00-60-20-00-00-15 Command> show ipx lan Interface: lan ------------------------------------------------IPX Net Number: 22233111 Opr./Admin. State: Up RIP/SAP State: Active Spoofing RIP/SAP: Disabled Spoofing Watchdog: Disabled show ipx routing table Description: This command displays the IPX routing table. The IPX network number on the LAN is 111 (since the hop count is 0). There is an IPX router on the LAN whose MAC address is 00-40-33-3D-D5-DB. A static route to a network whose network number is 327BAA48 and is 1 hop away. And there is an IPX network number 222 that can be reached through ppp2 and is 1 hop away. Example: Net Gateway Gateway Number Hops Ifname Mac-Addr Flags --------------------------------------------------------------222 1 ppp2 327BAA48 1 lan 00-40-33-3D-D5-DB S 111 0 lan 333 2 ppp2 562B7EFC 1 lan 00-40-33-3D-D5-DB show ipx sap table Description: This command displays the SAP (Service Advertising Protocol) table that keeps track of all servers in the network. The "S" in the Flags field means that this entry is a static SAP entry. There is a server type associated with each server. The following is a list of wellknown server types: Unknown Print Queue File Server Job Server Print Server Archive Server 0000h 0003h 0004h 0005h 0007h 0009h Access Router Command Line Interface Reference Manual Page 33 Remote Bridge Server Advertising Print Server Reserved Up to Example: 0024h 0047h 8000h Server Name Address Type Hops Ifname Flags ----------------------------------------------------------------------Router1 327BAA48:000000000001:4006 2781 1 lan Router2 327BAA48:000000000001:0005 26B 1 lan S SERVER 327BAA48:000000000001:0451 4 1 lan show ipx statistics Description: This command displays IPX routing related traffic and error statistics. Example: Received Transmitted -------------------------------------------------------------Total Packets Received 2362626 2457383847 Packets Forwarded 2236776 Packets Delivered to Upper Layer 5850 Total Packets Requesting Output Packets Sent Out 0 Rip Packets: 0 0 Sap Packets: 0 0 Type-20 Packets received: 0 0 Packets drops: Bad Hop Count 0 Bad Header 0 No Route: 0 Port Commands Port related commands allow configuration of a port, the protocol running on the port, and the corresponding protocol parameters. In addition, commands are available for clearing statistical counters, enabling/disabling ports, and displaying port configuration and statistics. There are two modes of operation when setting a port: (1) the advanced mode, which causes detailed prompts to be displayed, allowing the user to configure all parameters, (2) the express mode, which assumes default values for most parameters, and therefore causes a minimal number of prompts to show. The system will come up in the express mode. Typing a ctrl-e (^e, i.e., pressing both the e and control keys together) will cause the mode to be toggled. clear port statistics [port name] Description: This command clears port statistics. If a port is not specified, the statistics counters on all ports are cleared. enable/disable port Description: This command enables or disables a port. set port The set port command is used to initialize or modify the characteristics of a hardware port on your router. Hardware ports are identified by port name and are model-specific. The name "ewan" stands for the Ethernet-based WAN port which Page xxxiv Access Router Command Line Interface Reference Manual is connected to broadband modem. If the model support the "WAN Backup" function, the "modem" is used to denote the COM port which can be connected to external analog modem or external ISDN TA. PORT TYPE: EWAN Description: This command is used to enable the ewan port. Example: Command> set port ewan & PORT TYPE: MODEM Description: For a modem port, this command specifies the speed at which the router communicates with the modem. This speed depends upon the capabilities of the external device. It is recommended that the selection auto be used. Additionally, a modem initialization string may be entered here. Please consult the documentation from the modem manufacturer. Example: Command> set enter speed enter modem enter pulse port modem (Auto-115200, auto/19200/38400/57600/115200): initialization string (Unspecified): dialing (No, Yes/No): show port Description: This command displays the configuration information for all ports. Example: Command> show port Port Name : modem Admin Status: No call Port speed: auto-115200 Port Name : ewan Admin State : Enabled Port Type : Dial: Init String: MODEM Tone Unspecified Port Type : EWAN Data Link Type: Ethernet show port Description: This command displays the configuration of a WAN interface port. Example: Command> show port ewan Port Name: ewan Port Type: Admin State: Enabled Data Link Type: Ethernet Speed: MAC Address: 90-00-12-34-56-79 Command> show port modem Port Name: modem Admin State : Enabled Admin Status: No call Port speed: auto-115200 EWAN 10 Mb Port Type: MODEM Init String: unspecified show port statistics Example: Command> show port statistics modem Received: Transmitted: ---------------------------------------------------------------Total Packets: 14 8 Total Bytes: 230 347 Total Errors: 0 0 Access Router Command Line Interface Reference Manual Page 35 Profile Commands This section details the commands used to create and manipulate static profiles. Static profiles are created for connections communicating with a remote router. Examples of this type are Internet connections and Remote LAN connections. Unlike user profiles (see "Dial-in User Commands"), which are created dynamically, static profiles are maintained permanently and created at system initialization time from configuration information stored in Flash ROM. The creation of a static profile may cause a static routing entry to be added to one or more of the routing tables, if routing is defined over that profile. A static route is associated with the profile, not any particular telephone number. Existing profiles are edited also using the "add profile" command. In this case, the defaults shown are the existing configured values. add profile Example ­ Internet Access through EWAN port via Ethernet Encapsulated Command>>> add profile wilson The system is currently in Advanced Mode, press Ctrl-E to switch to Express Mode. enter interface type (EWAN, EWAN/Modem/VPN-L2TP): enter access type: 1> internet access only 2> remote office dial in/out (1): 1 enter encapsulation type (Ethernet, Ethernet/PPPoE): need to clone the mac address (No, Yes/No): Profile wilson is configured successfully. Configuring Network Protocol over wilson .. enable IP routing (Yes, yes/no): obtain IP addresses automatically (Yes, Yes/No): enter host name [system name] (Router): Example ­ Internet Access through EWAN port via PPPoE Command>>> add profile ewanisp The system is currently in Advanced Mode, press Ctrl-E to switch to Express Mode. Add new connection profile "ewanisp" ... enter interface type (EWAN, EWAN/Modem/VPN-L2TP): enter access type: 1> internet access only 2> remote office dial in/out (1): enter encapsulation type (Ethernet, Ethernet/PPPoE): p enter Service name (Unspecified): enter Access Concentrator name (Unspecified): enter MRU (1492, 512-1492): enter ISP account name (Unspecified): 84005840@hinet.net enter ISP account password (Unspecified): ******** enable TCP/IP VJ compression (No, yes/no): enter idle timeout seconds (120, 0-3600): enable compression (No, yes/no): Profile ewanisp is configured successfully. Configuring Network Protocol over ewanisp ... enable IP routing (Yes, yes/no): Set this profile as IP default route (Yes, yes/no): Example ­ Remote Office access through MODEM port Command> add profile l2l The system is currently in Express Mode, press Ctrl-E to switch to Advanced Mode. Page xxxvi Access Router Command Line Interface Reference Manual Edit existing conection profile "l2l" ... Interface type: Modem enter access type: 1> internet access only 2> remote office dial in/out (2): enter action mode (Both, dial only/answer only/both): enter remote directory number (12345): enable callback (No, yes/no): enter my account name (l2l): enter my account password (***): enter remote account name (l2l): enter remote account password (***): enable compression (No, yes/no): Profile l2l is configured successfully. Configuring Network Protocol over l2l ... enable IP routing (Yes, yes/no): Set this profile as IP default route (No, yes/no): enter remote network IP address (192.168.167.0): enter remote network IP netmask (255.255.255.0): clear profile statistics [Profile Name] The statistics fields in the specified static profile are reset to initial values when the Profile Name parameter is provided in command line. If no Profile Name is specified, all profile statistics are cleared. connect profile For switched profiles, this command activates the profile as if a trigger occurred. This command has no effect on leased line profiles. delete profile The specified profile is removed from the system. disable profile The administrative state of the specified profile is set to "disabled". A profile cannot be used unless it is enabled. disconnect profile < Profile Name> For active switched profiles, this command terminates the connection as if an idle timeout occurred. This command has no effect on leased line profiles.