AT-RG 600 Residential Gateway

Software reference manual – release 2-0-0

AT-RG 600 Residential Gateway – Software Reference Manual i

AT-RG600 series Residential Gateway – Software reference manual

Release 2-0-0 Rev. A6

Copyright © 2004 Allied Telesis
All rights reserved. No part of this publication may be reproduced without prior
written permission from Allied Telesis.
Allied Telesis reserves the right to make changes in specifications and other
information contained in this document without prior written notice. The
information provided herein is subject to change without notice. In no event shall
Allied Telesis be liable for any incidental, special, indirect, or consequential
damages whatsoever, including but not limited to lost profits, arising out of or
related to this manual or the information contained herein, even if Allied Telesis has
been advised of, known, or should have known, the possibility of such damages.
All trademarks are the property of their respective owners.
Contents
CHAPTER 0 Preface........................................................................................................xvi
Purpose of this Manual .....................................................................................................xvi
Intended Audience........................................................................................................... xvii
Structure of this Manual.................................................................................................. xviii
Standards and Protocols..................................................................................................... 1
Background Reading .......................................................................................................... 2
Publicly Accessible Documents .......................................................................................... 2
Conventions used in command definitions ......................................................................... 3
CHAPTER 1 System Management.................................................................................. 4
Logging into the CLI............................................................................................................ 4
Serial Connection................................................................................................................ 4
TCP/IP connection.............................................................................................................. 4
Command Line Interface and Console ............................................................................... 5
Webserver........................................................................................................................... 5
File System ......................................................................................................................... 6
Boot code............................................................................................................................ 6
System configuration information........................................................................................ 6
Run-time images................................................................................................................. 6
Access permissions to the CLI............................................................................................ 7
System Command Reference............................................................................................. 8
System CLI commands....................................................................................................... 8
system add user.................................................................................................................. 8
system add login................................................................................................................. 9
system config backup ....................................................................................................... 10
system config restore........................................................................................................ 11
system config save ........................................................................................................... 12
system delete login ........................................................................................................... 12
system delete user............................................................................................................ 12
system info........................................................................................................................ 13
system list errors............................................................................................................... 13
system list openfiles.......................................................................................................... 14
system list users ............................................................................................................... 14
system list logins............................................................................................................... 15
system log......................................................................................................................... 15
system log enable|disable................................................................................................. 16
system log list ................................................................................................................... 17
system name..................................................................................................................... 18
system restart ................................................................................................................... 18
system set login access.................................................................................................... 18
system set login mayconfigure.......................................................................................... 19
system set login maydialin ................................................................................................ 19
system set user access..................................................................................................... 20
system set user mayconfigure .......................................................................................... 20
system set user maydialin................................................................................................. 20
User Command Reference ............................................................................................... 22
User CLI commands ......................................................................................................... 22
user logout ........................................................................................................................ 22
user password................................................................................................................... 22
user change ...................................................................................................................... 22
Web Server Command Reference.................................................................................... 24
Web Server CLI commands.............................................................................................. 24
webserver clear stats........................................................................................................ 24
webserver enable|disable ................................................................................................. 24
webserver set interface..................................................................................................... 25
webserver set managementip........................................................................................... 25
webserver set port ............................................................................................................ 26

ii
AT-RG 600 Residential Gateway – Software Reference Manual iii

webserver set upnpport .................................................................................................... 26

webserver show info ......................................................................................................... 26
webserver show stats ....................................................................................................... 27
Console Access Command Reference ............................................................................. 28
Console access CLI commands ....................................................................................... 28
console enable.................................................................................................................. 28
console process................................................................................................................ 28
Console command - exit ................................................................................................... 29
CHAPTER 2 Switch.......................................................................................................... 30
Introduction ....................................................................................................................... 30
Switch Core Functional Overview ..................................................................................... 30
Address Look-up............................................................................................................... 30
Learning............................................................................................................................ 31
Migration ........................................................................................................................... 31
Aging................................................................................................................................. 31
Forwarding........................................................................................................................ 31
Switching engine............................................................................................................... 32
Rate limiting support ......................................................................................................... 32
Layer 3 routing rate limiting............................................................................................... 32
Class of Service and Differentiated Services.................................................................... 33
802.1p Traffic Priority........................................................................................................ 33
Differentiated Services Code Point (DSCP)...................................................................... 34
Switch Command Reference ............................................................................................ 36
switch CLI commands....................................................................................................... 36
switch disable ageingtimer................................................................................................ 36
switch disable learning...................................................................................................... 37
switch disable port ............................................................................................................ 37
switch enable ageingtimer ................................................................................................ 37
switch enable learning ...................................................................................................... 38
switch enable port............................................................................................................. 38
switch reset....................................................................................................................... 38
switch set ageingtimer ...................................................................................................... 39
switch set port................................................................................................................... 39
switch set priority .............................................................................................................. 41
switch set qos ................................................................................................................... 41
switch set ROUTING-LIMIT .............................................................................................. 41
switch show....................................................................................................................... 42
switch show fdb................................................................................................................. 43
switch show port ............................................................................................................... 44
switch show qos................................................................................................................ 48
CHAPTER 3 VLAN .......................................................................................................... 49
INTRODUCTION .................................................................................................................... 49
VLAN TAGGING .................................................................................................................. 49
VLAN SUPPORT ON AT-RG600 RESIDENTIAL GATEWAY ....................................................... 52
VLAN definition and port tagging ...................................................................................... 52
VLAN versus IP Interface.................................................................................................. 53
VLAN Command Reference ............................................................................................. 56
vlan CLI commands .......................................................................................................... 56
vlan add port ..................................................................................................................... 56
vlan add vid....................................................................................................................... 57
vlan delete......................................................................................................................... 57
vlan show.......................................................................................................................... 58
CHAPTER 4 IP 60
INTRODUCTION .................................................................................................................... 60
THE INTERNET .................................................................................................................... 60
ADDRESSING ...................................................................................................................... 62
Subnets............................................................................................................................. 64
IP SUPPORT ON AT-RG6XX RESIDENTIAL GATEWAY SERIES ................................................. 65
Adding and attaching IP interfaces ................................................................................... 65
IP stack and incoming packets ......................................................................................... 66
Locally received packets................................................................................................... 66
Forwarding packets........................................................................................................... 66
Unconfigured interfaces.................................................................................................... 66
Unnumbered interfaces..................................................................................................... 67
Unconfigured interfaces v unnumbered interfaces ........................................................... 67
Configuring unnumbered interfaces.................................................................................. 67
Creating a route ................................................................................................................ 68
Virtual Interfaces............................................................................................................... 68
Configuring virtual interfaces ............................................................................................ 68
Similarities between virtual interfaces and real interfaces ................................................ 69
Differences between virtual interfaces and real interfaces ............................................... 69
Secondary IP addresses................................................................................................... 70
Configuring secondary IP addresses................................................................................ 70
Functionality of secondary IP addresses .......................................................................... 71
IP Quality of Service ......................................................................................................... 71
Expedited class................................................................................................................. 71
Example of use of Prioritization ........................................................................................ 71
Quality of Service support................................................................................................. 72
Packet Classification......................................................................................................... 72
Configuring Flow Qualifiers............................................................................................... 72
Link bandwidth prioritization.............................................................................................. 73
CPU prioritization.............................................................................................................. 73
TCP/IP Command Reference ........................................................................................... 75
IP Tracing commands....................................................................................................... 75
IP CLI commands ............................................................................................................. 75
ip add defaultroute gateway.............................................................................................. 77
ip add defaultroute interface ............................................................................................. 77
ip add interface ................................................................................................................. 78
ip add route....................................................................................................................... 79
ip attach ............................................................................................................................ 80
ip attachvirtual................................................................................................................... 81
ip clear arpentries ............................................................................................................. 82
ip clear interfaces.............................................................................................................. 82
ip clear riproutes ............................................................................................................... 82
ip clear routes ................................................................................................................... 82
ip delete interface.............................................................................................................. 83
ip delete route ................................................................................................................... 83
ip detach interface............................................................................................................. 84
ip interface add fq codepoint............................................................................................. 84
ip interface add fq protocol................................................................................................ 85
ip interface add fq srcaddr codepoint................................................................................ 86
ip interface add fq srcaddr protocol................................................................................... 87
ip interface add proxyarpentry .......................................................................................... 88
ip interface add proxyarpexclusion ................................................................................... 89
ip interface add secondaryipaddress ................................................................................ 90
ip interface clear fqs.......................................................................................................... 91
ip interface clear proxyarpentries...................................................................................... 92
ip interface clear secondaryipaddresses........................................................................... 92
ip interface delete fq.......................................................................................................... 93
ip interface delete proxyarpentries.................................................................................... 94
ip interface delete proxyarpexclusion................................................................................ 94
ip interface delete secondaryipaddress ............................................................................ 95
ip interface list fqs ............................................................................................................. 96
ip interface list proxyarpentries ......................................................................................... 96
ip interface list secondaryipaddresses.............................................................................. 97
ip list arpentries................................................................................................................. 98

iv
AT-RG 600 Residential Gateway – Software Reference Manual v

ip list connections.............................................................................................................. 98
ip list interfaces ................................................................................................................. 99
ip list riproutes................................................................................................................... 99
ip list routes..................................................................................................................... 100
ip ping ............................................................................................................................. 100
ip set interface dhcp........................................................................................................ 101
ip set interface ipaddress................................................................................................ 101
ip set interface mtu.......................................................................................................... 102
ip set interface netmask.................................................................................................. 103
ip set interface rip accept................................................................................................ 104
ip set interface rip multicast ............................................................................................ 105
ip set interface rip send................................................................................................... 105
ip set interface tcpmssclamp........................................................................................... 106
ip set rip advertisedefault................................................................................................ 107
ip set rip authentication................................................................................................... 108
ip set rip defaultroutecost................................................................................................ 108
ip set rip hostroutes......................................................................................................... 109
ip set rip password.......................................................................................................... 109
ip set rip poison............................................................................................................... 110
ip set route cost............................................................................................................... 110
ip set route destination.................................................................................................... 111
ip set route gateway........................................................................................................ 112
ip set route interface ....................................................................................................... 113
ip show............................................................................................................................ 113
ip show interface............................................................................................................. 114
ip show route................................................................................................................... 115
CHAPTER 5 Transports ................................................................................................ 116
Transports CLI commands.............................................................................................. 117
transports clear ............................................................................................................... 117
transports delete ............................................................................................................. 117
transports list................................................................................................................... 118
transports show............................................................................................................... 118
CHAPTER 6 Ethernet..................................................................................................... 120
Ethernet CLI commands ................................................................................................. 120
ethernet add transport..................................................................................................... 120
ethernet clear transports................................................................................................. 121
ethernet delete transport................................................................................................. 121
ethernet list ports ............................................................................................................ 122
ethernet list transports .................................................................................................... 122
ethernet show transport .................................................................................................. 122
CHAPTER 7 Security & Firewall................................................................................. 124
Introduction ..................................................................................................................... 124
Application Gateway ....................................................................................................... 124
Stateful Inspection .......................................................................................................... 125
Security support on AT-RG6xx Residential Gateway series........................................... 125
Security Interfaces .......................................................................................................... 126
Dynamic Port Opening and Triggers............................................................................... 127
Non-Activity Timeout....................................................................................................... 128
Session Chaining............................................................................................................ 128
Firewall............................................................................................................................ 129
Policy .............................................................................................................................. 130
Portifilter.......................................................................................................................... 130
Validator.......................................................................................................................... 130
Intrusion Detection.......................................................................................................... 131
Security Command Reference........................................................................................ 133
Security CLI commands.................................................................................................. 133
 security add interface...................................................................................................... 133
security add trigger tcp|udp............................................................................................. 134
security add trigger netmeeting....................................................................................... 135
security clear interfaces .................................................................................................. 136
security clear triggers...................................................................................................... 136
security delete interface.................................................................................................. 136
security delete trigger...................................................................................................... 136
security............................................................................................................................ 137
security list interfaces...................................................................................................... 138
security list triggers ......................................................................................................... 138
security set trigger UDPsessionchaining ........................................................................ 138
security set trigger addressreplacement......................................................................... 139
security set trigger binaryaddressreplacement ............................................................... 140
security set trigger endport ............................................................................................. 141
security set trigger maxactinterval .................................................................................. 141
security set trigger multihost ........................................................................................... 142
security set trigger sessionchaining................................................................................ 142
security set trigger startport ............................................................................................ 143
security show interface ................................................................................................... 143
security show trigger....................................................................................................... 143
security status................................................................................................................. 144
Firewall Command Reference ........................................................................................ 146
Firewall CLI commands .................................................................................................. 146
firewall add policy............................................................................................................ 147
firewall add portfilter........................................................................................................ 148
firewall add validator ....................................................................................................... 150
firewall clear policies....................................................................................................... 152
firewall clear portfilters .................................................................................................... 152
firewall delete policy........................................................................................................ 153
firewall delete portfilter.................................................................................................... 153
firewall delete validator ................................................................................................... 154
firewall enable|disable..................................................................................................... 154
firewall enable|disable IDS.............................................................................................. 155
firewall enable|disable blockinglog.................................................................................. 156
firewall enable|disable Intrusionlog ................................................................................. 156
firewall enable|disable sessionlog................................................................................... 156
firewall list policies .......................................................................................................... 157
firewall list portfilters........................................................................................................ 157
firewall list validators ....................................................................................................... 158
firewall set IDS DOSattackblock ..................................................................................... 159
firewall set IDS MaxICMP ............................................................................................... 159
firewall set IDS MaxPING ............................................................................................... 160
firewall set IDS MaxTCPopenhandshake ....................................................................... 160
firewall set IDS SCANattackblock................................................................................... 161
firewall set IDS blacklist .................................................................................................. 162
firewall set IDS victimprotection ...................................................................................... 162
firewall set securitylevel .................................................................................................. 163
firewall show IDS ............................................................................................................ 165
firewall show policy ......................................................................................................... 165
Firewall show portfilter .................................................................................................... 166
firewall show validator..................................................................................................... 167
firewall status .................................................................................................................. 168
CHAPTER 8 Network Address Translation - NAT ................................................. 169
Network Address Translation.......................................................................................... 169
Address conservation ..................................................................................................... 169
Security........................................................................................................................... 170
How does NAT work? ..................................................................................................... 170
What about protocols other than UDP and TCP?........................................................... 172
How can you let sessions into servers on the private LAN? ........................................... 172

vi
AT-RG 600 Residential Gateway – Software Reference Manual vii

NAT support on AT-RG6xx Residential Gateway series ................................................ 173

Global IP Address Pools................................................................................................. 173
Reserved Mappings........................................................................................................ 174
Application Level Gateways (ALGs) ............................................................................... 174
Interactions of NAT and other security features.............................................................. 174
Firewall filters and reserved mappings. .......................................................................... 174
NAT and Dynamic Port Opening..................................................................................... 175
NAT and secondary IP addresses .................................................................................. 175
NAT Command Reference.............................................................................................. 176
NAT CLI commands........................................................................................................ 176
nat add globalpool........................................................................................................... 176
nat add resvmap globalip................................................................................................ 178
nat add resvmap interface name .................................................................................... 180
nat clear globalpools....................................................................................................... 181
nat clear resvmaps.......................................................................................................... 182
nat delete globalpool....................................................................................................... 182
nat delete resvmap ......................................................................................................... 183
nat disable....................................................................................................................... 183
nat enable ....................................................................................................................... 184
nat iketranslation............................................................................................................. 185
nat list globalpools .......................................................................................................... 186
nat list resvmaps............................................................................................................. 187
nat show globalpool ........................................................................................................ 188
nat show resvmap........................................................................................................... 189
nat status ........................................................................................................................ 189
CHAPTER 9 IGMP snooping and IGMP proxy ....................................................... 191
Multicasting Overview..................................................................................................... 191
Multicasting principles..................................................................................................... 191
Group addresses ............................................................................................................ 191
IGMP............................................................................................................................... 192
Multicast MAC addresses ............................................................................................... 193
IGMP snooping ............................................................................................................... 193
IGMP snooping on AT-VP6x3 product family ................................................................. 194
Multicast Router Port Discovery...................................................................................... 194
Multicast Hosts Port Discovery ....................................................................................... 194
Leaving a Group ............................................................................................................. 195
Timeout interval expiring................................................................................................. 196
IGMP proxy..................................................................................................................... 196
IGMP Snooping Command Reference ........................................................................... 197
IGMP snooping CLI commands...................................................................................... 197
igmp snooping disable .................................................................................................... 197
igmp snooping enable..................................................................................................... 197
igmp snooping set leavetime .......................................................................................... 198
igmp snooping set queryinterval ..................................................................................... 198
igmp snooping set timeout.............................................................................................. 198
igmp snooping show ....................................................................................................... 199
IGMP Proxy Command Reference ................................................................................. 200
IGMP proxy CLI commands............................................................................................ 200
igmp proxy set upstreaminterface................................................................................... 200
igmp proxy show upstreaminterface ............................................................................... 200
igmp proxy show status .................................................................................................. 201
CHAPTER 10 Dynamic Host Configuration Protocol - DHCP................................ 202
Introduction ..................................................................................................................... 202
DHCP support on AT-RG6xx Residential Gateway series ............................................. 203
DHCP server................................................................................................................... 203
Example:......................................................................................................................... 204
DHCP client .................................................................................................................... 206
Lease requirements and requests .................................................................................. 207
Support for AutoIP .......................................................................................................... 207
Additional DHCP client modes........................................................................................ 208
Propagating DNS server information .............................................................................. 208
Automatically setting up a DHCP server......................................................................... 208
Example.......................................................................................................................... 209
DHCP Relay.................................................................................................................... 210
DHCP Server Command Reference ............................................................................... 211
DHCP server CLI commands.......................................................................................... 211
dhcpserver add fixedhost................................................................................................ 212
dhcpserver add subnet ................................................................................................... 213
dhcpserver clear fixedhost .............................................................................................. 213
dhcpserver clear subnets................................................................................................ 214
dhcpserver delete fixedhost ............................................................................................ 214
dhcpserver delete subnet................................................................................................ 214
dhcpserver enable|disable .............................................................................................. 215
dhcpserver list fixedhost ................................................................................................. 215
dhcpserver list options .................................................................................................... 216
dhcpserver list subnets ................................................................................................... 218
dhcpserver set allowunknownclients............................................................................... 218
dhcpserver set bootp ...................................................................................................... 219
dhcpserver set defaultleasetime ..................................................................................... 219
dhcpserver set fixedhost ipaddress ................................................................................ 220
dhcpserver set fixedhost macaddress ............................................................................ 220
dhcpserver set fixedhost maxleasetime.......................................................................... 221
dhcpserver set maxleasetime ......................................................................................... 221
dhcpserver set subnet defaultleasetime ......................................................................... 222
dhcpserver set subnet hostisdefaultgateway.................................................................. 222
dhcpserver set subnet hostisdnsserver .......................................................................... 223
dhcpserver set subnet maxleasetime ............................................................................. 223
dhcpserver set subnet subnet......................................................................................... 224
dhcpserver show............................................................................................................. 225
dhcpserver show subnet................................................................................................. 225
dhcpserver subnet add iprange ...................................................................................... 226
dhcpserver subnet add option......................................................................................... 226
dhcpserver subnet clear ipranges................................................................................... 227
dhcpserver subnet clear options..................................................................................... 228
dhcpserver subnet delete iprange................................................................................... 228
dhcpserver subnet delete option..................................................................................... 229
dhcpserver subnet list ipranges ...................................................................................... 229
dhcpserver subnet list options ........................................................................................ 230
dhcpserver update .......................................................................................................... 230
DHCP Client Command Reference ................................................................................ 232
DHCP client CLI commands ........................................................................................... 232
dhcpclient add interfaceconfig ........................................................................................ 233
dhcpclient clear interfaceconfigs..................................................................................... 233
dhcpclient delete interfaceconfig..................................................................................... 234
dhcpclient interfaceconfig add requested option............................................................. 234
dhcpclient interfaceconfig add required option ............................................................... 235
dhcpclient interfaceconfig add sent option...................................................................... 236
dhcpclient interfaceconfig clear requested options......................................................... 236
dhcpclient interfaceconfig clear sent options .................................................................. 237
dhcpclient interfaceconfig delete requested option......................................................... 238
dhcpclient interfaceconfig delete sent option .................................................................. 239
dhcpclient interfaceconfig list requested options ............................................................ 239
dhcpclient interfaceconfig list sent options...................................................................... 240
dhcpclient list interfaceconfigs ........................................................................................ 241
dhcpclient set backoff ..................................................................................................... 242
dhcpclient set interfaceconfig autoip............................................................................... 242
dhcpclient set interfaceconfig clientid ............................................................................. 243
dhcpclient set interfaceconfig defaultroute...................................................................... 244

viii
AT-RG 600 Residential Gateway – Software Reference Manual ix

dhcpclient set interfaceconfig dhcpinform....................................................................... 245

dhcpclient set interfaceconfig dhcpserverpoolsize.......................................................... 245
dhcpclient set interfaceconfig dhcpserverinterface......................................................... 246
dhcpclient set interfaceconfig givednstoclient................................................................. 247
dhcpclient set interfaceconfig givednstorelay ................................................................. 248
dhcpclient set interfaceconfig interface........................................................................... 249
dhcpclient set interfaceconfig noclientid ......................................................................... 249
dhcpclient set interfaceconfig requestedleasetime ......................................................... 250
dhcpclient set interfaceconfig server............................................................................... 251
dhcpclient set reboot....................................................................................................... 251
dhcpclient set retry.......................................................................................................... 252
dhcpclient show .............................................................................................................. 252
dhcpclient update............................................................................................................ 253
DHCP Relay Command Reference ................................................................................ 254
DHCP relay CLI commands............................................................................................ 254
dhcprelay add server ...................................................................................................... 254
dhcprelay clear servers................................................................................................... 254
dhcprelay delete server................................................................................................... 255
dhcprelay enable|disable ................................................................................................ 255
dhcprelay list servers ...................................................................................................... 256
dhcprelay show............................................................................................................... 256
dhcprelay update ............................................................................................................ 256
CHAPTER 11 Domain Name System -DNS................................................................ 257
Introduction ..................................................................................................................... 257
DNS Relay ...................................................................................................................... 258
DNS Client ...................................................................................................................... 258
DNS Relay Command Reference................................................................................... 259
DNS Relay CLI commands............................................................................................. 259
dnsrelay add server ........................................................................................................ 259
dnsrelay clear cache....................................................................................................... 259
dnsrelay clear landatabase............................................................................................. 260
dnsrelay clear servers..................................................................................................... 260
dnsrelay delete server..................................................................................................... 260
dnsrelay list servers ........................................................................................................ 261
dnsrelay set landatabasefile ........................................................................................... 261
dnsrelay show lanaddress .............................................................................................. 262
dnsrelay show landomainname ...................................................................................... 262
dnsrelay show landatabasefilename............................................................................... 262
DNS Client Command Reference................................................................................... 263
DNS Client CLI commands............................................................................................. 263
dnsclient add searchdomain ........................................................................................... 263
dnsclient add server........................................................................................................ 263
dnsclient clear searchdomains........................................................................................ 264
dnsclient clear servers .................................................................................................... 264
dnsclient delete searchdomain ....................................................................................... 264
dnsclient delete server.................................................................................................... 265
dnsclient list searchdomains........................................................................................... 265
dnsclient list servers........................................................................................................ 265
CHAPTER 12 SNTP ......................................................................................................... 267
SNTP Features ............................................................................................................... 267
Time Zones and Daylight Savings (Summer Time) Conversion..................................... 268
SNTP Command Reference ........................................................................................... 269
SNTP CLI commands ..................................................................................................... 269
sntpclient set clock.......................................................................................................... 269
sntpclient set mode......................................................................................................... 269
sntpclient set poll-interval................................................................................................ 270
sntpclient set retries........................................................................................................ 271
sntpclient set server........................................................................................................ 271
 sntpclient set timeout ...................................................................................................... 272
sntpclient set timezone ................................................................................................... 272
sntpclient show association ............................................................................................ 274
sntp show status ............................................................................................................. 275
sntpclient sync ................................................................................................................ 275
CHAPTER 13 PPPoE ........................................................................................................ 276
PPPoE support on the AT-RG6xx Residential Gateway series...................................... 277
Adding and attaching PPPoE connections ..................................................................... 278
Negotiation of PPPoE connections................................................................................. 278
PPPoE Command Reference ......................................................................................... 280
PPPoE CLI commands ................................................................................................... 280
pppoe add transport........................................................................................................ 280
pppoe clear transports .................................................................................................... 282
pppoe delete transport.................................................................................................... 282
pppoe list transports........................................................................................................ 282
pppoe set transport accessconcentrator......................................................................... 283
pppoe set transport autoconnect .................................................................................... 284
pppoe set transport autoconnect FILTER ADD .............................................................. 284
pppoe set transport autoconnect FILTER delete ............................................................ 285
pppoe set transport ENABLED/DISABLED .................................................................... 286
pppoe set transport givedns client .................................................................................. 286
pppoe set transport givedns relay................................................................................... 287
pppoe set transport lcpechoevery................................................................................... 288
pppoe set transport lcpmaxconf...................................................................................... 289
pppoe set transport lcpmaxfail........................................................................................ 289
pppoe set transport lcpmaxterm ..................................................................................... 290
pppoe set transport STATIC_IP/DYNAMIC_IP............................................................... 291
pppoe set transport password......................................................................................... 291
pppoe set transport servicename.................................................................................... 292
pppoe set transport username........................................................................................ 293
pppoe set transport welogin............................................................................................ 294
pppoe show transport ..................................................................................................... 295
CHAPTER 14 VoIP Analogue and Digital access ports ............................................ 298
Introduction ..................................................................................................................... 298
Analog Ports ................................................................................................................... 299
Digital Ports..................................................................................................................... 299
ISDN BRI Physical Layer ................................................................................................ 300
ISDN Layer 2 - LAPD...................................................................................................... 301
ISDN Layer 3 - Call Control ............................................................................................ 301
Common ......................................................................................................................... 301
Port configuration............................................................................................................ 302
Digit Map......................................................................................................................... 302
Dial Mask ........................................................................................................................ 304
Voice Coder/Decoder...................................................................................................... 304
Voice Quality Management............................................................................................. 306
Volume Gain Control....................................................................................................... 307
G.168 Line Echo Cancellation (8 ms – 32 ms tail length)............................................... 307
Voice Activity Detection (VAD) / Comfort Noise Generation (CNG) ............................... 307
Telecom Tones Management ......................................................................................... 308
Country-specific Telecom Tones .................................................................................... 309
Port enable/disable ......................................................................................................... 310
VoIP EP Command Reference ....................................................................................... 311
voip ep CLI commands ................................................................................................... 311
voip ep create ................................................................................................................. 312
voip ep delete.................................................................................................................. 313
voip ep disable................................................................................................................ 314
voip ep enable................................................................................................................. 314
voip ep list....................................................................................................................... 315

x
AT-RG 600 Residential Gateway – Software Reference Manual xi

voip ep set cfwd .............................................................................................................. 315

voip ep set cng................................................................................................................ 317
voip ep set codecs .......................................................................................................... 318
voip ep set country.......................................................................................................... 318
voip ep set dialmask ....................................................................................................... 319
voip ep set dialmODE ..................................................................................................... 320
voip ep set digitmap........................................................................................................ 321
voip ep set idt-critical ...................................................................................................... 321
voip ep set idt-partial....................................................................................................... 322
voip ep set jitterdelay ...................................................................................................... 323
voip ep set lec................................................................................................................. 323
voip ep set offhook-time.................................................................................................. 324
voip ep set onhook-time.................................................................................................. 325
voip ep set rxgain............................................................................................................ 325
voip ep set txgain............................................................................................................ 326
voip ep set vad................................................................................................................ 326
voip ep show................................................................................................................... 327
VoIP Lifeline Command Reference................................................................................. 329
voip lifeline CLI commands............................................................................................. 329
voip LIFELINE DISABLE................................................................................................. 329
voip LIFELINE ENABLE.................................................................................................. 329
voip LIFELINE show ....................................................................................................... 330
CHAPTER 15 VoIP SIP ................................................................................................... 331
Introduction ..................................................................................................................... 331
SIP Protocol.................................................................................................................... 331
Protocol Components ..................................................................................................... 332
SIP Messages................................................................................................................. 334
AT-RG613, AT-RG623 and AT-RG656 Call Processes ................................................. 335
Calls Involving Another Terminal .................................................................................... 335
Calls Involving a Terminal and a SIP Endpoint............................................................... 336
VoIP SIP Servers, Users & Forwarding Database.......................................................... 337
Introduction ..................................................................................................................... 337
SIP Servers..................................................................................................................... 338
Users............................................................................................................................... 339
Forwarding Database (FDB)........................................................................................... 341
VoIP SIP Command Reference ...................................................................................... 344
VoIP sip protocol CLI commands.................................................................................... 344
voip sip protocol disable.................................................................................................. 344
voip sip protocol enable .................................................................................................. 345
voip sip protocol restart................................................................................................... 345
voip sip protocol set defaultport ...................................................................................... 345
voip sip protocol set EXTENSION .................................................................................. 346
voip sip protocol set NAT................................................................................................ 347
voip sip protocol set NETINTERFACE............................................................................ 347
voip sip protocol set roundtriptime .................................................................................. 348
voip sip protocol set SESSIONEXPIRE.......................................................................... 348
voip sip protocol show..................................................................................................... 348
VoIP SIP Locationserver Command Reference.............................................................. 350
voip sip locationserver CLI commands ........................................................................... 350
voip sip locationserver create ......................................................................................... 350
voip sip locationserver delete.......................................................................................... 351
voip sip LOCATIONSERVER list .................................................................................... 351
voip sip locationserver SET MASTER ............................................................................ 352
VoIP SIP Proxyserver Command Reference.................................................................. 353
voip sip proxyserver CLI commands............................................................................... 353
voip sip proxyserver create............................................................................................. 353
voip sip PROXYSERVER delete..................................................................................... 354
voip sip PROXYSERVER list .......................................................................................... 354
voip sip PROXYSERVER SET MASTER ....................................................................... 355
 VoIP SIP User Command Reference.............................................................................. 356
voip sip user CLI commands........................................................................................... 356
voip sip user add............................................................................................................. 356
voip sip user create......................................................................................................... 357
voip sip user delete......................................................................................................... 358
voip sip user list .............................................................................................................. 359
voip sip user remove....................................................................................................... 360
voip sip user show .......................................................................................................... 360
VoIP SIP FDB Command Reference .............................................................................. 362
voip sip fdb CLI commands............................................................................................. 362
voip sip fdb create........................................................................................................... 362
voip sip fdb delete........................................................................................................... 363
voip sip fdb list ................................................................................................................ 364
voip sip fdb show ............................................................................................................ 364
CHAPTER 16 VoIP H323................................................................................................. 366
Introduction ..................................................................................................................... 366
H.323 Protocols .............................................................................................................. 366
H.323 Components......................................................................................................... 367
Terminals ........................................................................................................................ 367
Gateways........................................................................................................................ 367
Gatekeepers ................................................................................................................... 367
Multipoint Control Units................................................................................................... 368
Protocols Specified by H.323.......................................................................................... 368
Audio CODEC................................................................................................................. 368
Video CODEC................................................................................................................. 368
H.225 Registration, Admission, and Status .................................................................... 369
H.225 Call Signaling ....................................................................................................... 369
H.245 Control Signaling.................................................................................................. 369
Real-Time Transport Protocol......................................................................................... 369
Real-Time Transport Control Protocol ............................................................................ 369
Terminal Characteristics ................................................................................................. 370
Gateway and Gatekeeper Characteristics ...................................................................... 370
Gateway Characteristics................................................................................................. 370
Gatekeeper Characteristics ............................................................................................ 371
AT-RG613, AT-RG623 and AT-RG656 Call Processes ................................................. 371
Calls Involving Another Terminal .................................................................................... 371
Calls Involving a Terminal and a H.323 Endpoint........................................................... 372
VoIP H323 Users ............................................................................................................ 373
Introduction ..................................................................................................................... 373
Users............................................................................................................................... 374
VoIP H323 Command Reference ................................................................................... 376
VoIP h323 protocol CLI commands ................................................................................ 376
voip h323 protocol disable .............................................................................................. 376
voip h323 protocol enable............................................................................................... 377
voip H323 protocol set ALIAS......................................................................................... 377
voip h323 protocol set CONNECT.................................................................................. 378
voip H323 protocol set gatekeeper ................................................................................. 378
voip H323 protocol set NETINTERFACE........................................................................ 379
voip H323 protocol set Q931PORT ................................................................................ 379
voip H323 protocol set RASPORT.................................................................................. 380
voip h323 protocol set REGISTRATION......................................................................... 380
voip h323 protocol set REsponse ................................................................................... 381
voip H323 protocol set SECONDARYgatekeeper .......................................................... 381
voip h323 protocol show ................................................................................................. 382
VoIP H323 User Command Reference........................................................................... 383
voip H323 user CLI commands....................................................................................... 383
voip h323 user add ......................................................................................................... 383
voip h323 user create ..................................................................................................... 384
voip h323 user delete...................................................................................................... 385

xii
AT-RG 600 Residential Gateway – Software Reference Manual xiii

voip h323 user list........................................................................................................... 385

voip h323 user remove ................................................................................................... 386
voip h323 user show....................................................................................................... 387
VoIP H323 FDB Command Reference ........................................................................... 388
voip h323 fdb CLI commands ......................................................................................... 388
voip H323 fdb create....................................................................................................... 388
voip h323 fdb delete........................................................................................................ 389
voip H323 fdb list ............................................................................................................ 389
voip h323 fdb show......................................................................................................... 390
CHAPTER 17 VoIP MGCP ............................................................................................. 391
Introduction ..................................................................................................................... 391
Connections & Endpoints................................................................................................ 391
MGCP Protocol Commands............................................................................................ 393
NotificationRequest......................................................................................................... 393
Notify............................................................................................................................... 393
CreateConnection........................................................................................................... 393
ModifyConnection ........................................................................................................... 394
DeleteConnection ........................................................................................................... 394
AuditEndpoint.................................................................................................................. 395
AuditConnection.............................................................................................................. 395
RestartInProgress........................................................................................................... 395
MGCP Command reference ........................................................................................... 396
MGCP commands........................................................................................................... 396
voip MGCP protocol disable ........................................................................................... 396
voip MGCP protocol enable ............................................................................................ 397
voip MGCP protocol restart............................................................................................. 397
voip MGCP protocol set defaultport................................................................................ 397
voip MGCP protocol set NAT.......................................................................................... 398
voip MGCP protocol set NETINTERFACE ..................................................................... 398
voip MGCP protocol set PROFILE.................................................................................. 399
voip MGCP protocol show .............................................................................................. 399
voip MGCP callagent create ........................................................................................... 400
voip MGCP callagent delete ........................................................................................... 400
voip MGCP callagent list................................................................................................. 401
CHAPTER 18 VoIP QoS and Media ............................................................................. 402
Introduction ..................................................................................................................... 402
QoS................................................................................................................................. 402
Media .............................................................................................................................. 403
VoIP QoS Command Reference..................................................................................... 404
VoIP QoS CLI commands............................................................................................... 404
voip qos SET DSCP........................................................................................................ 404
voip qos SET TOS .......................................................................................................... 404
voip qos SHOW .............................................................................................................. 405
VoIP Media Command Reference .................................................................................. 406
VoIP Media CLI commands ............................................................................................ 406
voip MEDIA SET PORTRANGE ..................................................................................... 406
voip MEDIA SET RTCP .................................................................................................. 406
voip MEDIA SET SESSIONTIMEOUT............................................................................ 407
voip MEDIA SHOW......................................................................................................... 407
CHAPTER 19 ZTC ............................................................................................................ 410
Introduction ..................................................................................................................... 410
Functional blocks ............................................................................................................ 410
ZTC Network Architecture............................................................................................... 411
ZTC Client....................................................................................................................... 412
Storing Unit Configuration............................................................................................... 413
Pull-at-startup.................................................................................................................. 413
 Scheduled-pull ................................................................................................................ 414
ZTC Command reference ............................................................................................... 416
ZtcClient commands ....................................................................................................... 416
ztcclient enable dynamic................................................................................................. 416
ztcclient enable static...................................................................................................... 417
ztcclient disable............................................................................................................... 417
ztcclient show.................................................................................................................. 417
ztcclient set ..................................................................................................................... 418
ztcclient update............................................................................................................... 418
CHAPTER 20 Software Update ..................................................................................... 419
Introduction ..................................................................................................................... 419
FTP server ...................................................................................................................... 420
TFTP server.................................................................................................................... 420
Windows™ Loader.......................................................................................................... 421
SwUpdate module........................................................................................................... 422
Start Time Scheduling......................................................... Error! Bookmark not defined.
Retry Period Scheduling ..................................................... Error! Bookmark not defined.
Stop Time Scheduling......................................................... Error! Bookmark not defined.
Enabling manually SwUpdate............................................. Error! Bookmark not defined.
Plug-and-play.................................................................................................................. 425
server access...................................................................... Error! Bookmark not defined.
SwUpdate Command reference.......................................... Error! Bookmark not defined.
Swupdate commands ......................................................... Error! Bookmark not defined.
SWUPDATE MAC............................................................... Error! Bookmark not defined.
SWUPDATE set login ......................................................... Error! Bookmark not defined.
SWUPDATE set PASSWORD............................................ Error! Bookmark not defined.
SWUPDATE set PAth......................................................... Error! Bookmark not defined.
SWUPDATE set retry period............................................... Error! Bookmark not defined.
SWUPDATE set SERVER.................................................. Error! Bookmark not defined.
SWUPDATE show .............................................................. Error! Bookmark not defined.
SWUPDATE sTART ........................................................... Error! Bookmark not defined.
SWUPDATE sTART TIME.................................................. Error! Bookmark not defined.
SWUPDATE sTOP ............................................................. Error! Bookmark not defined.
SWUPDATE sTop TIME..................................................... Error! Bookmark not defined.

xiv
AT-RG 600 Residential Gateway – Software Reference Manual xv

List of figures
Figure 1. IP Packet overview........................................................................................................................... 35
Figure 2. Tagged frame format according to IEEE 802.3ac standard............................................................. 50
Figure 3. VLAN and IP layer architecture (the greyed area surrounds the entities always available in the
system) ..................................................................................................................................................... 54
Figure 4. IP interface over VLAN - basic steps ............................................................................................... 55
Figure 5. IP packet or datagram. ..................................................................................................................... 61
Figure 6. Subdivision of the 32 bits of an Internet address into network and host fields for class A, B and C
networks. .................................................................................................................................................. 63
Figure 7. Security modules on AT-RG6xx Residential Gateway series. ....................................................... 126
Figure 8. Security interfaces on AT-RG6xx Residential Gateway series. ..................................................... 127
Figure 9. Firewall module and related objects............................................................................................... 131
Figure 10. Address Conservation using NAT ................................................................................................ 170
Figure 11. External access to an FTP server ................................................................................................ 173
Figure 12. Domain Name System ................................................................................................................. 257
Figure 13. PPP is used by Internet Service Providers (ISPs) to allow dial-up users to connect to the Internet.
................................................................................................................................................................ 276
Figure 14. ISDN Basic Access. ..................................................................................................................... 300
Figure 15. VoIP subsystem configuration - basic steps. ............................................................................... 301
Figure 16. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone................................ 336
Figure 17. Phone --> AT-RG613/RG623 (A) --> SIP IP Phone................................................................. 337
Figure 18. VoIP subsystem configuration - basic steps. ............................................................................... 338
Figure 19. H.323 Terminals on a Packet Network......................................................................................... 367
Figure 20. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone................................ 372
Figure 21. Phone --> AT-RG613/RG623 (A) --> H323 IP Phone.............................................................. 373
Figure 22. VoIP H323 subsystem configuration - basic steps....................................................................... 374
Figure 23. ZTC network architecture. ............................................................................................................ 411
Figure 24. Pull-at-Startup ZTC phase........................................................................................................... 414
Figure 25. Scheduled-pull ZTC phase.......................................................................................................... 415
Figure 26. Access to the Residential Gateway TFTP server......................................................................... 421
Figure 27. The Windows™ Loader................................................................................................................ 422
Figure 28. Normal SwUpdate operation mode. ................................................. Error! Bookmark not defined.
Figure 29. DHCPCONF like SwUpdate operation mode............................................................................... 423
Figure 30. SwUpdate scheduling example 1..................................................... Error! Bookmark not defined.
Figure 4. SwUpdate scheduling example 2....................................................... Error! Bookmark not defined.
 AT-RG 600 Residential Gateway – Software Reference Manual

Preface

Purpose of this Manual

This manual is the complete reference to the configuration, management and
operation of the AT-RG613, AT-RG623 and AT-RG656 Residential Gateway, and
includes detailed descriptions of all management commands.
AT-RG613, AT-RG623 and AT-RG656 are Customer Promise Equipment (CPE)
designed to provide data and VoIP access for multiple users in Small Office/Home
Office (SOHO), Small to Medium Enterprise (SME), Branch Offices or customer
residence, wanting very fast download combining broadband access with Internet
telephony services.
Using these intelligent equipment the customer can use broadband integrated
services for telephony, Internet and Internet Video.
The VoIP residential gateway, fitted with a number of ports for interconnection of
traditional domestic appliances (telephone, fax, personal computer), acts as an
adapter for the conversion and management of all the necessary protocols for using
advanced multimedia services:
• Low cost telephony using Internet protocol (VoIP)
• Fast Internet navigation
• Video on demand
• Interactive services

The main features of the device are listed below:

• one 10/100 BaseT Ethernet port for uplink (WAN port)
• three 10/100 BaseT Ethernet ports for connecting user equipment (pc, printer, etc.)
• two analog VoIP ports for connecting two analog telephones or faxes (AT-
RG613TX(J) models) plus one analogue FXO port for connecting to PBX or to
Local Exchange (AT-RG613TXJ model only)
• two digital VoIP ports for connecting up to 8 digital telephones or faxes (AT-
RG623TX model)
• Switching function using the same analogue terminal from VoIP to PSTN
AT-RG 600 Residential Gateway – Software Reference Manual xvii

• IEEE 802.1q tag based VLAN

• QoS packet prioritization support: per port, 802.1p and DiffServ based
• Programmable rate limiting, ingress port, egress port, per port basis.
• IGMP v1/v2 snooping for multicast packet filtering
• PPPOE
• DHCP Server and Relay
• DNS Relay
• Compliant with SIP protocol and H323 v2 protocol
• TFTP - Trivial File Transfer Protocol support
• NTP - Network Time Protocol support

Configuration and management of the device through:

• Serial interface (CLI)
• Telnet
• SNMP
• Zero Touch Configuration

Moreover AT-RG613, AT-RG623 and AT-RG656 integrate advanced router features

like:
• Firewall
• Dynamic Port Opening
• Attack Detection and Blocking
• Advanced Network Address Translation (NAT)

Intended Audience
This manual is intended for the system administrator, network manager or
communications technician who will configure and maintain AT-RG613, AT-RG623
and AT-RG656, or who manages a network of AT-RG613, AT-RG623 and AT-RG656
Residential Gateways.
It is assumed that the reader is familiar with:
• The topology of the network in which the Residential Gateway is to be used.
• Basic principles of computer networking, protocols and routing, and interfaces.
• Administration and operation of a computer network.
Most of the commands described in this manual require superuser privilege and can
only be entered from a terminal or port, which has been logged with superuser
privilege.
xviii

Structure of this Manual

This manual is organized into the following chapters:
Preface - an introduction to AT-RG613, AT-RG623, AT-RG656 Residential Gateway.
Chapter 1, System Management - describes general operation, Command Line
Interface access and user management.
Chapter 2, Switch - describes the commands related to the integrated Layer 2 Switch
configuration.
Chapter 3, VLAN - describes the commands related to the VLAN support provided
by Layer 2 Switch and IP system stack.
Chapter 4, IP - describes the implementation of the Internet Protocol (IP) and all the
commands related to IP network configuration management.
Chapter 5, Transports – describes the commands available to manage the Transport
module.
Chapter 6, Ethernet – describes the commands available to manage the Ethernet
module
Chapter 7, Security and Firewall - describes all the supported features concerning the
Firewall, the “Dynamic Port Opening”, the “Attack Detection and Blocking”.
Chapter 8, Network Address Translation – NAT- describes additional security features
concerning NAT.
Chapter 9, IGMP Snooping and IGMP Proxy - describes all the supported features
concerning the IGMP Snooping and IGMP Proxy.
Chapter 10, Dynamic Host Configuration Protocol – DHCP - gives a brief introduction
to the Dynamic Host Configuration Protocol and describes how to configure the
DHCP server/relay services
Chapter 11, Domain Name System – DNS - gives an introduction to the Domain Name
System and describes how to configure the DNS client/relay services
Chapter 12, SNTP - gives an introduction to the Network Time Protocol and
describes how to configure the SNTP services
Chapter 13, PPPoE - gives an introduction to the Point-To-Point Protocol over
Ethernet and describes how to configure PPPoE services
Chapter 14, VoIP Analogue and Digital Access ports - describes the different type of
access ports for VoIP services and how to configure Analogue and Digital ports.
Chapter 15, VoIP SIP - describes SIP protocol, the related call processes and all the
commands related to SIP, User and FDB configuration management.
Chapter 16, VoIP H323 - describes H323 protocol, the related call processes and all the
commands related to H323 and User configuration management.
Chapter 17, Voip MGCP
Chapter 18, VoIP QoS and Media
Chapter 19, ZTC - describes ZTC Client support and related commands.
Chapter 20, SwUpdate - describes Sw Update support and related commands.
AT-RG 600 Residential Gateway – Software Reference Manual xix

For further information please refer to the “SNMP Reference Manual”

AT-RG 600 Residential Gateway – Software Reference Manual 1

Standards and Protocols

Supported Standards and Protocols
Table 1 lists the protocols and standards supported by the AT-RG613, AT-RG623
and AT-RG656 Residential Gateway and the references where these protocols and
standards are defined.
Protocol/standard Reference
ARP RFCs 826, 925.
Assigned Numbers RFC 1700.
DHCP RFCs 2131, 2132.
DNS RFCs 1034, 1035
H.323 ITU H.323, ITU H.225, ITU H.245
ICMP RFCs 792, 950.
IEEE 802.2 ANSI/IEEE Std 802.2-1985.
IEEE 802.3 ANSI/IEEE Std 802.3-1985, 802.3a, b, c, e-1988.
IGMP RFCs 2236, 1112
IP RFCs 791, 821, 950, 951, 1009, 1055, 1122, 1144,
1349, 1542, 1812, 1858.
IP addressing RFC 1597.
ISDN ITU-T I.430 (Basic Rate Access)
ETSI ETS 300 402-1 (Layer 2)
ETSI ETS 300 403-1 (Layer 3)
NTP RFCs 958, 1305, 1510.
PPP over Ethernet RFC 2516
RTP-RTCP RFC 1889, ITU G.711, ITU G.723, ITU G.729
SDP RFC 2327
SIP RFC 2543
SNMP, MIBs RFCs 1155, 1157, 1213, 1239, 1315, 1398, 1493,
1514, 1573, 2233.
TCP RFC 793.
Telnet RFCs 854–858, 932 1091.
TFTP RFC 1350.
UDP RFC 768.
VLAN IEEE Std 802.1Q

Table 1. Protocols and standards supported by AT-RG613, AT-RG623 and AT-

RG656 Residential Gateway.

Obtaining Copies of Internet Protocols and Standards

The Internet Protocols are defined in Requests For Comments (RFCs). RFCs are
developed and published under the auspices of the Internet Engineering Steering
2 Preface

Group (IESG) of the Internet Engineering Task Force (IETF). For more information
about the IESG and IETF, visit the IETF web site at http://www.ietf.org/.
For more information about RFCs and Internet Drafts (the starting point for RFCs),
visit the RFC Editor web site at http://www.rfc-editor.org/. This site has information
about the RFC standards process, archives of RFCs and current Internet Drafts, links
to RFC indexes and search engines, and a list of other RFC repositories.
RFCs can be obtained electronically from many RFC repositories, mail servers,
World Wide Web (WWW), Gopher or WAIS sites. A good starting point for finding
the nearest RFC repository is to point your Web browser at http://www.isi.edu/in-
notes/rfc-retrieval.txt.

Background Reading
For an introduction to the Internet Protocols refer to:
DDN Protocol Handbook, Elizabeth J. Feinler, 1991, DDN Network Information Center,
SRI International, 333 Ravenswood Avenue, Menlo Park, CA 94025, USA. Email:
nic@nic.ddn.mil.
Internetworking with TCP/IP — Volume I: Principles, protocols and architecture
(2nd Edition), Douglas E. Comer, 1991, Prentice-Hall International, Inc., New Jersey.
ISBN 0-13-474321-0.
Internetworking with TCP/IP — Volume II: Design, implementation, and internals,
Douglas E. Comer and David L. Stevens, 1991, Prentice-Hall International, Inc., New
Jersey. ISBN 0-13-472242-6.
Internetworking with TCP/IP — Volume III: Client-server programming and
applications, Douglas E. Comer and David L. Stevens, 1993, Prentice-Hall
International, Inc., New Jersey. ISBN 0-13-474222-2.
For a description of layered protocols refer to:
Computer networks (2nd Edition), Andrew S. Tanenbaum, 1989, Prentice-Hall
International, Inc., New Jersey. ISBN 0-13-162959-0.
For an introduction to PPP refer to:
Using and Managing PPP, Andrew Sun, O’Reilly; ISBN: 1565923219; (March 1999).
For an introduction to network management refer to:
The simple book — An introduction to management of TCP/IP-based Internets,
Marshall T. Rose, 1991, Prentice-Hall International, Inc. ISBN 013812611-9.
For an introduction to VOIP refer to:
Internet Communications Using SIP, Henry Sinnreich, Alan B. Johnston.
SIP: Understanding the Session Initiation Protocol, Alan B. Johnston.
IP Telephony with H.323: Architectures for Unified Networks and Integrated Services,
Vineet Kumar, Markku Korpi, Senthil Sengodan.

Publicly Accessible Documents

Allied Telesyn maintains an online archive of documents and files that customers
can access via the World Wide Web or via anonymous FTP. For WWW access, point
your Web browser at http://www.alliedtelesyn.com/.
AT-RG 600 Residential Gateway – Software Reference Manual 3

Conventions used in command definitions

A number of symbols, typographic and stylist conventions are used throughout this
manual to help user in learning and to specify command syntax (see Table 2).
This typeface Is used for
Command keywords to be typed as shown. Generally,
ALL CAPS keywords may be abbreviated to the shortest string that is
unambiguous within the current context.
italics Italics are used for denoting a user-specified value.
Angle brackets denote compulsory command-line
< > parameters or values.
Square brackets denote optional command-line
[ ]
parameters or values..
Curly brackets, in conjunction with vertical
{ | | } bars, denote a set of alternative command-
line parameters or values.

Table 2. Typographic conventions used in this manual.

Commands are described under Command Reference within the section to which they
apply.
4 Chapter 1 – System Management

Chapter 1

System Management

This chapter provides some basic instructions about how login to the CLI and the
different types of user access.

Logging into the CLI

It's possible to use two different connections in order to access the Command Line
Interface:

Serial Connection
It's possible to access the CLI interface through a serial connection using a terminal
emulator program like, for example, Windows Hyper Terminal with the following
default parameters:
• bit rate: 38400 bps
• data bits: 8
• parity: none
• stop bits: 1
• flow control: none

TCP/IP connection
It's possible to access the CLI interface through a TCP/IP connection by opening a
Telnet session with the following default parameters:
• ip address: 192.168.1.1 (factory default)
• telnet port: 23

As soon the connection is established, a login and password are requested.

The following default values give superuser access to the CLI commands and must
be used only by administrators to configure the system and to create user access
with restricted privileges:
login: manager
AT-RG 600 Residential Gateway – Software Reference Manual 5

password: friend

Command Line Interface and Console

The CLI is the Command Line Interface used in the AT-RG613, AT-RG623 and AT-
RG656 Residential Gateway to configure and manage the unit.
It provides full access to the following system modules:
console
dhcp client
dhcp relay
dhcp server
dns client
dns relay
ethernet
firewall
igmp
ip
nat
pppoe
security
sntp client
switch
system
transport
user
vlan
voip
webserver
ztc client

Webserver
The AT-RG613, AT-RG623 and AT-RG656 are designed to provide the ability to
configure the system using a Graphical User Interface (GUI) instead of - or together
with - the Command Line Interface (for future release).

To keep the system design open to these future improvements, all CLI
commands are actually processed by the webserver module that acts like a
parsing and pre-processing layer between the user and the software module the
command refers to.

For this reason, syntax errors due to incorrect CLI commands, typically report
the webserver source as reference for the cause of the error.

Webserver commands are accessible from the Command Line Interface for users
with superuser access permission.

Because the webserver is still under development it is strongly discouraged to

make any changes to this module because this could lead to system instability
or could block access to the command line.
6 Chapter 1 – System Management

File System
The AT-RG613, AT-RG623 and AT-RG656 application processes require that
configuration information be accessible when they start up, and that configuration
changes are retained for future operation.
To fulfill the above requirements, two processes are provided, namely the ‘In Store
File System’ and the ‘FLASH File System’. These two processes are referred to as isfs
and flashfs, respectively, in this document.
The two file systems provide a standard file interface to application processes.
The isfs provides for volatile, run-time file storage; whereas the flashfs provides non-
volatile file storage.
The critical period for such a system occurs when the flash memory itself is being
updated, as a power failure could result in data corruption and hence an inoperable
system.
In the AT-RG613, AT-RG623 and AT-RG656, flash memory is divided into three
main areas:

BOOT code
System configuration information
Run-time images and their configuration information

Boot code
The Boot ROM program normally resides in flashfs, in a reserved portion of the first
flash device. This code is run when the system is first booted and provides self-test
code as well as the ability to load the main run-time images.
The Boot ROM area is not normally accessible for either reading or writing by flashfs,
so is rarely, if ever, rewritten.

System configuration information

System configuration information includes information such as the system MAC
address. This information is rarely, if ever, updated once it has been set.

Run-time images
The flashfs file system provides permanent storage of files and is not normally used
other than at start of day or when re-writing the flash. In addition to configuration
files, flashfs stores the software image, which is loaded by the BOOT ROM after
system restart.
After system restart and during system initialization, flashfs files are copied into isfs
so that they are accessible by application processes. Typically, applications use the
isfs files to store their configuration data. Changes made to the configuration can be
written back into isfs, and subsequently flashfs, with the config save command.
AT-RG 600 Residential Gateway – Software Reference Manual 7

During a flashsfs update, all configuration files in isfs are written back to flashfs
irrespective of whether they have changed or not. Normally the software image is
not rewritten.
The flashfs configuration files can be considered the ‘master’ copies, and the isfs files
the runtime copies. If the isfs copies are written back to the flashfs, the current
settings will be will be preserved.

The Command Line Interface doesn't allow access to the flashfs filing system or
to the isfs in store file system because this is not required in typical user
situations.

The Flash file system flashfs, in store file system isfs and special debug functions
can be access through a nested command line called the console.

The console command line can be used only if you have appropriate access
permissions and is typically hidden from the user. It is used only for specific
maintenance purposes.

This Administration Manual doesn't cover console commands.

Access permissions to the CLI

There are three access level options for CLI users that provide different levels of
allowed operations:

default user - can use CLI commands. Cannot access to console commands.
engineer user - can use CLI commands. Can access to limited console commands.
super user - can use CLI commands. Can access the full console command set. Can
also set up user login accounts, save backup configuration and restore factory
settings.
To create new user accounts, use the system add user or system add login commands.
The accounts created by these commands default to low privileges.
To change user privileges, use the system set user access or system set login access
commands.
To list the current user or login accounts, use the system list user or system list login
commands, respectively.
8 Chapter 1 – System Management

System Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to configure and manage the System module.

System CLI commands

The table below lists the system commands provided by the CLI:
Command

SYSTEM ADD USER

SYSTEM ADD LOGIN
SYSTEM CONFIG BACKUP
SYSTEM CONFIG RESTORE
SYSTEM CONFIG SAVE
SYSTEM DELETE LOGIN
SYSTEM DELETE USER
SYSTEM INFO
SYSTEM LIST ERRORS
SYSTEM LIST USERS
SYSTEM LIST LOGINS
SYSTEM LOG
SYSTEM LOG ENABLE|DISABLE
SYSTEM LOG LIST
SYSTEM NAME
SYSTEM RESTART
SYSTEM SET LOGIN ACCESS
SYSTEM SET LOGIN MAYCONFIGURE
SYSTEM SET LOGIN MAYDIALIN
SYSTEM SET USER ACCESS
SYSTEM SET USER MAYCONFIGURE
SYSTEM SET USER MAYDIALIN

SYSTEM ADD USER

Syntax SYSTEM ADD USER <name> ["comment"]

Description This command adds a user (typically a PPP user) to the system. Only a Super user
can use this command.
AT-RG 600 Residential Gateway – Software Reference Manual 9

Default Setting The default settings in the table below are applied to new accounts that are added
using the system add user command. (A different set of defaults are applied to a new
account added using the SYSTEM ADD LOGIN command.)

Option Default Setting

dialin to the system enabled

login to the system disabled
configuration permissions disabled
access permissions default user

Options The following table gives the range of values for each option that can be specified
with this command and a default value (if applicable).

Option Description Default value

A unique user name made up of more than

name one character that identifies an individual N/A
user and lets the user access the system.
An optional comment about the user that is
No comment
comment displayed when you type the commands
added
system list users and system list logins.

Example --> system add user ckearns ["Typical user"]

See also SYSTEM SET USER ACCESS

SYSTEM SET USER MAYDIALIN
SYSTEM SET USER MAYCONFIGURE
SYSTEM LIST USERS
SYSTEM DELETE USER

SYSTEM ADD LOGIN

Syntax SYSTEM ADD LOGIN <name> ["comment"]

Description This command adds a user to the system. Only a Superuser can use this command.

Default setting The default settings in the table below are applied to new accounts that are added
using the system add login command. (A different set of defaults are applied to a new
account added using the SYSTEM ADD USER command.)

Option Default Setting

dialin to the system disabled

login to the system enabled
configuration permissions enabled
access permissions default user
10 Chapter 1 – System Management

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default value

A unique login name made up of more
than one character that identifies an
name N/A
individual user and lets the user access
the system.
An optional comment about the user
that is displayed when you type the Blank (No
comment
commands SYSTEM LIST USERS and comment added)
SYSTEM LIST LOGINS.

Example --> system add login ckearns "temporary contractor"

See also SYSTEM DELETE LOGIN

SYSTEM LIST LOGINS

SYSTEM CONFIG BACKUP

Syntax SYSTEM CONFIG BACKUP [filename]

Description This command saves the current system configuration to a file. To specify the file
that you want to save configuration information in, type //isfs/ or //flashfs/
(depending on which directory the backup file is stored in) followed by a filename
value. If you do not specify a filename, the configuration is saved in the
//isfs/im.conf.backup file by default.

By default, the backup copy is created in a volatile filesystem (isfs). Upon

turning off the unit or simply rebooting the unit, the backup copy is lost. To
make the backup copy permanent, it's necessary to specify the target flashfs
file system plus the filename.

To prevent a user from overwriting the system with their own configuration, only a
Superuser can use this command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the file If a filename is not

that you want to save your configuration specified, the
filename in. configuration is
The filename MUST be preceded by saved in
either //isfs/ or //flashfs/. //isfs/im.conf.backup
AT-RG 600 Residential Gateway – Software Reference Manual 11

Example To make a backup copy of the current system configuration with a default flename,
use the following command:

--> system config backup

Saving to backup configuration //isfs/im.conf.backup

To make a backup copy of the current system configuration with a user defined
flename, use the following command:

--> system config backup //flashfs/mybackup

Saving to backup configuration //flashfs/mybackup

See also SYSTEM CONFIG RESTORE

SYSTEM CONFIG SAVE

SYSTEM CONFIG RESTORE

Syntax SYSTEM CONFIG RESTORE {BACKUP|[filename]|FACTORY}

Description This command tries to restore all system modules; if you do not have all modules
installed, the CLI will display a message telling you which modules could not be
restored. The following options are available:

• Superusers, Engineers and Default users can restore their backup configuration
from the //isfs/im.conf.backup file.
• Super users can restore their backup configuration from a different file by typing
//isfs/ or //flashfs/ (depending on which directory the backup file is stored in)
followed by a filename value.
• Super users can restore the factory defaults from //isfs/im.conf.factory.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Restores the backup configuration from the

BACKUP N/A
im.conf.backup file.
The name of a file containing an alternative
backup configuration to that stored in the
filename //isfs/im.conf.backup file. The filename MUST N/A
be preceded by either //isfs/ or //flashfs/.
Only Super users can use this command.
Restores the factory default configuration
FACTORY from the im.conf.factory file. Only Super N/A
users can use this command.

Example --> system config restore backup

Restoring backup configuration //isfs/im.conf.backup
12 Chapter 1 – System Management

See also SYSTEM CONFIG BACKUP

SYSTEM CONFIG SAVE

SYSTEM CONFIG SAVE

Syntax SYSTEM CONFIG SAVE

Description This command saves the system configuration in the im.conf file in flashfs. This
allows all users to create their own backup files. Default, Engineer and Super users
can use this command.

Example --> system config save

Wait for ‘configurataion saved’ message...

-->Saving configuration...
-->Configuration saved.

See also SYSTEM CONFIG BACKUP

SYSTEM CONFIG RESTORE
Super users can list all configuration files using the console command fm ls.

SYSTEM DELETE LOGIN

Sy/ntax SYSTEM DELETE LOGIN <name>

Description This command deletes a user that has been added to the system using the SYSTEM
ADD LOGIN command. Only a Super user can use this command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Description Default value Option

name The name of an existing user. N/A

Example --> system delete login ckearns

See also SYSTEM ADD LOGIN

SYSTEM DELETE USER

Syntax SYSTEM DELETE USER <name>

Description This command deletes a user that has been added to the system using the SYSTEM
ADD USER command or the SYSTEM ADD LOGIN command. Only a Super user
can use this command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 13

Option Description Default Value

name The name of an existing user. N/A

Example --> system delete user ckearns

See also SYSTEM ADD USER

SYSTEM ADD LOGIN

SYSTEM INFO
Syntax SYSTEM INFO

Description This command displays the vendor ID, URL, base MAC address and hardware and
software version details of the current Residential Gateway system.

Example --> system info

Global System Configuration:

Vendor: Allied Telesis K.K.

URL: http://www.allied-telesis.co.jp/

MAC address: 10:20:30:40:50:85

Hardware ver: RG613 A0

Software ver: 1-0-0_35
Build type: RELEASE

System Name:

SYSTEM LIST ERRORS

Syntax SYSTEM LIST ERRORS

Description This command displays a system error log. The error log contains the following
information:
• the time (in minutes) that an error occured, calculated from the start of your login
session
• the module that was affected by the error
• a brief description of the error itself

Example --> system list errors

Error log:
When | Who | What
------------|------------|-------------------------------------------------
104 | webserver | webserver:Failed to create node type 'ImRfc1483'
104 | webserver | webserver:Invalid argument:Failed to open port
a4 (may already be in use, or invalid port name)
---------------------------------------------------------------------------
14 Chapter 1 – System Management

See also SYSTEM LIST USERS

SYSTEM LIST LOGINS

SYSTEM LIST OPENFILES

Syntax SYSTEM LIST OPENFILES <name>

Description This command allows you to display low-level debug information about specific
open file handles.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
Option Description Default Value
The name of a file which has open file handles
name N/A
associated with it.

Example --> system list openfiles bun

qid devuse appuse colour flags lasterrno
console 0000004b 00000000 00400000 3 0
console 00000027 00000000 00400000 5 0
console 00000003 00000000 00400000 5 0

See also SYSTEM LOG ENABLE|DISABLE

SYSTEM LIST USERS

Syntax SYSTEM LIST USERS

Description This command displays a list of users and logins added to the system using the
SYSTEM ADD USER and SYSTEM ADD LOGIN commands. The same information
is displayed by the SYSTEM LIST LOGINS command.

The list contains the following information:

• user ID number
• user name
• configuration permissions (enabled or disabled)
• dialin permissions (enabled or disabled)
• access level (default, engineer or super user)
• comment (any comments that were included when the user was added to the
system)

Example --> system list users

Users:
May May Access
ID | Name | Conf. | Dialin | Level | Comment
-----|------------|----------|----------|------------|---------------------
1 | admin | ENABLED | disabled | superuser | Default admin user
---------------------------------------------------------------------------
AT-RG 600 Residential Gateway – Software Reference Manual 15

See also SYSTEM LIST ERRORS

SYSTEM LIST LOGINS

SYSTEM LIST LOGINS

Syntax SYSTEM LIST LOGINS

Description This command displays a list of logins and users added to the system using the
SYSTEM ADD LOGIN and SYSTEM ADD USER commands. The same information
is displayed by the SYSTEM LIST USERS command.
The list contains the following information:
• user ID number
• user name
• configuration permissions (enabled or disabled)
• dial in permissions (enabled or disabled)
• access level (default, engineer or super user)
• comment (any comments that were included when the user was added to the
system)

Example --> system list logins

Users:
May May Access
ID | Name | Conf. | Dialin | Level | Comment
-----|------------|----------|----------|------------|--------------------
1 | admin | ENABLED | disabled | superuser | Default admin user
--------------------------------------------------------------------------

See also SYSTEM LIST ERRORS

SYSTEM LIST USERS

SYSTEM LOG
Syntax SYSTEM LOG {NOTHING|WARNINGS|INFO|TRACE|ENTRYEXIT|ALL}

Description This command sets the level of output that is displayed by the CLI for various
modules. Setting a level also implicitly displays the level(s) below it.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

NOTHING No extra output is displayed. N/A
WARNINGS Non-fatal errors are displayed. N/A
Certain program messages are displayed.
INFO N/A
Also displays the values for the warnings
16 Chapter 1 – System Management

option.
Detailed trace output is displayed. Also
TRACE displays the values for info and warnings N/A
options.
A message is displayed every time a
function call is entered or left. Also displays
ENTRYEXIT N/A
the values for trace, info and warnings
options.
All output is displayed. Also displays the
ALL values for entryexit, trace, info and warnings N/A
options.

Example --> system log all

SYSTEM LOG ENABLE|DISABLE

Syntax SYSTEM LOG {ENABLE|DISABLE} RIP {ERRORS|RX|TX}
SYSTEM LOG {ENABLE|DISABLE} IP {ICMP|RAWIP|UDP|TCP|ARP|SOCKET}

Description This command enables/disables the tracing support output that is displayed by the
CLI for a specific module and module category. The command is used for
debugging purposes. The available values for module and category are displayed
by the SYSTEM LOG LIST command. The current list of supported modules is RIP
and IP.
Each individual module has its own specific module category (see Examples). The
output produced when a particular option is enabled depends on that option, and
on the trace statements in the module which are executed. The general purpose of
this tracing is to:
• show how data packets pass through the system
• demonstrate how packets are processed and what they contain
• display any error conditions that occur
•
For example ip rawip tracing shows that an IP packet has been received, sent or
discarded due to an error. Brief details of the packet are displayed to identify it.
The RIP and IP modules provide separate categories which are enabled and
disabled independently. For example, if you enable ip rawip, it does not affect ip udp,
and so on.
To display a list of modules and categories and their enable/disable status, see
SYSTEM LOG LIST.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 17

Option Description Default Value

Enables tracing support output for a
ENABLE specified specific module and module
category.
disable
Disables tracing support output for a
DISABLE specified specific module and module
category.

Examples RIP
--> system log enable rip rx
enabled logging for the receiving of RIP packets

See also SYSTEM LOG LIST

SYSTEM LOG

SYSTEM LOG LIST

Syntax SYSTEM LOG LIST [<module>]

Description The system log list command displays the tracing options for the modules available
in the current image that you are using. The SYSTEM LOG LIST MODULE
command displays the tracing options for an individual module specified in the
command. Both commands display the current status of the tracing options set
using the command SYSTEM LOG ENABLE|DISABLE.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
Option Description Default Value
The name of a module that exists in your
module current image build. This can be either RIP N/A
or IP.

Examples system log list

--> system log list
rip errors (ENABLED)
rip rx (disabled)
rip tx (disabled)
ip icmp (disabled)
ip rawip (ENABLED)
ip udp (disabled)
ip tcp (disabled)
ip arp (disabled)
ip socket (disabled)

system log list <module>

--> system log list ip
ip icmp (disabled)
ip rawip (ENABLED)
ip udp (disabled)
ip tcp (disabled)
18 Chapter 1 – System Management

ip arp (disabled)
ip socket (disabled)

See also SYSTEM LOG

SYSTEM LOG ENABLE|DISABLE

SYSTEM NAME
Syntax SYSTEM NAME {NONE | <sys-name>]

Description This command sets the system name.

To show the current system name use the system info command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

sys-name The name of the system. none

Example --> system name myRG600

SYSTEM RESTART
Syntax SYSTEM RESTART

Description This command restarts the Residential Gateway.

Example --> system restart

SYSTEM SET LOGIN ACCESS

Syntax SYSTEM SET LOGIN <name> ACCESS {DEFAULT|ENGINEER|SUPERUSER}

Description This command sets the access permissions of a user who has been added to the
system using the SYSTEM ADD LOGIN command. Only a Super user can use this
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

name The name of an existing user. N/A
DEFAULT/
ENGINEER/ Access permissions for a user. Default
SUPERUSER

Example --> system set login ckearns access engineer

AT-RG 600 Residential Gateway – Software Reference Manual 19

See also SYSTEM SET LOGIN MAYCONFIGURE

SYSTEM SET LOGIN MAYDIALIN
For more information on the types of user access permissions, see Access
permissions to the CLI.

SYSTEM SET LOGIN MAYCONFIGURE

Syntax SYSTEM SET LOGIN <name> MAYCONFIGURE {ENABLED|DISABLED}

Description This command sets configuration permissions for a user who has been added to the
system using the ADD SYSTEM LOGIN or the ADD SYSTEM USER command.
Only a Super user can use this command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

name The name of an existing user. N/A

ENABLED/ Determines whether or not a user can

DISABLED enabled
configure the system.

Example --> system set login ckearns mayconfigure disabled

See also SYSTEM SET LOGIN ACCESS

SYSTEM SET LOGIN MAYDIALIN

SYSTEM SET LOGIN MAYDIALIN

Syntax SYSTEM SET LOGIN <name> MAYDIALIN {ENABLED|DISABLED}

Description This command sets dialin permissions for a user who has been added to the system
using the SYSTEM ADD LOGIN command. Only a Super user can use this
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

name The name of an existing user. N/A

ENABLED/ Determines whether or not a user can dialin

DISABLED disabled
to the system.

Example --> system set login ckearns maydialin enabled

See also SYSTEM SET LOGIN ACCESS

SYSTEM SET LOGIN MAYCONFIGURE
20 Chapter 1 – System Management

SYSTEM SET USER ACCESS

Syntax SYSTEM SET USER <name> ACCESS {DEFAULT|ENGINEER|SUPERUSER}

Description This command sets the access permissions of a user who has been added to the
system using the SYSTEM ADD USER command. Only a Super user can use this
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

name The name of an existing user. N/A
DEFAULT/
Allows you to set the access permissions for
ENGINEER/ default
SUPERUSER a user.

Example --> system set user ckearns access default

See also SYSTEM SET USER MAYCONFIGURE

SYSTEM SET USER MAYDIALIN

SYSTEM SET USER MAYCONFIGURE

Syntax SYSTEM SET USER <name> MAYCONFIGURE {ENABLED|DISABLED}

Description This command sets configuration permissions for a user who has been added to the
system using the ADD SYSTEM USER command. Only a Super user can use this
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

name The name of an existing user. N/A

ENABLED/ Determines whether or not a user can

DISABLED disabled
configure the system.

Example --> system set user ckearns mayconfigure enabled

See also SYSTEM SET USER ACCESS

SYSTEM SET USER MAYDIALIN

SYSTEM SET USER MAYDIALIN

Syntax SYSTEM SET USER <name> MAYDIALIN {ENABLED|DISABLED}
AT-RG 600 Residential Gateway – Software Reference Manual 21

Description This command sets dial in permissions for a user who has been added to the system
using the SYSTEM ADD USER command. Only a Super user can use this command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

name The name of an existing user. N/A

ENABLED/ Determines whether or not a user can dialin

DISABLED enabled
to the system.

Example --> system set user ckearns maydialin enabled

See also SYSTEM SET USER ACCESS

SYSTEM SET USER MAYCONFIGURE
22 Chapter 1 – System Management

User Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to configure and manage system Users.

User CLI commands

The table below lists the user commands provided by the CLI:

Command

USER LOGOUT
USER PASSWORD
USER CHANGE

USER LOGOUT
Syntax USER LOGOUT

Description This command logs you out of the system. Default, Engineer and Super users can
use this command.

Example --> user logout

Logging out.

Login:

USER PASSWORD
Syntax USER PASSWORD

Description This command allows you to change your user password. Default, Engineer and
Super users can use this command.

Example --> user password

Enter new password *****
Again to verify *****

USER CHANGE
Syntax USER CHANGE <name>

Description This command allows you to change your login to that of another named user.
Super users can use this command. When you change your login to that of a user
with Default or Engineer access permissions, you lose your Super user privileges
and inherit the access permissions of either the Default or Engineer user.

Options The following table gives the range of values for each option which can be specified
AT-RG 600 Residential Gateway – Software Reference Manual 23

with this command and a default value (if applicable).

Option Description Default Value

A unique login name made up of more than
name one character that identifies an individual N/A
user and lets the user access the system.

Example --> user change admin

You are now logged in as user `admin' ...

See also SYSTEM ADD USER

24 Chapter 1 – System Management

Web Server Command Reference

This chapter describes the Web Server CLI commands.

Web Server CLI commands

The table below lists the Web Server commands provided by the CLI:

Command

WEBSERVER CLEAR STATS

WEBSERVER ENABLE|DISABLE
WEBSERVER SET INTERFACE
WEBSERVER SET
MANAGEMENTIP
WEBSERVER SET PORT
WEBSERVER SET UPNPPORT
WEBSERVER SHOW INFO
WEBSERVER SHOW STATS

WEBSERVER CLEAR STATS

Syntax WEBSERVER CLEAR STATS

Description This command sets all of the Web Server process counters to 0.

Example --> webserver clear stats

See also WEBSERVER SHOW INFO

WEBSERVER ENABLE|DISABLE
Syntax WEBSERVER {ENABLE|DISABLE}

Description This command enables or disables the Web Server process.

By default, the Web Server process is enabled.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

ENABLE Enables the Web Server process.
enable
DISABLE Disables the Web Server process.
AT-RG 600 Residential Gateway – Software Reference Manual 25

Example --> webserver disable

WebServer is disabled

WEBSERVER SET INTERFACE

Syntax WEBSERVER SET INTERFACE <interface>

Description This command specifies the name of an IP interface that the system will use for
UPnP (Universal Plug and Play) communication with other devices on the local area
network.

Universal Plug and Play support is for future releases.

You must save your configuration (see SYSTEM CONFIG SAVE) and restart your
system (see SYSTEM RESTART) to activate the Web Server settings.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
interface interface. To display interface names, use Iplan
the ip list interfaces command.

Example --> webserver set interface ip

See also WEBSERVER SET UPNPPORT

WEBSERVER SET MANAGEMENTIP

Syntax WEBSERVER SET MANAGEMENTIP {ip-address}

Description This command causes connections to the Webserver to be allowed from only one IP
address, (e.g. from an IP address that is used by a management device) or from any
IP address (by setting the IP address to 0.0.0.0).

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The only IP address that the Web Server

will allow connection requests from. The IP
ip-address 0.0.0.0
address is displayed in the following
format: 192.168.102.3

Example --> webserver set managementip 192.168.102.3

26 Chapter 1 – System Management

Management IP address is 192.168.102.3

WEBSERVER SET PORT

Syntax WEBSERVER SET PORT <port>

Description This command sets the HTTP port number that the Web Server process will use for
accepting connections (from a WEB Browser).

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A valid port number that must be between
port 80
0 and 65535.

Example --> webserver set port 100

HTTP port number is 100

See also WEBSERVER SET UPNPPORT

WEBSERVER SET UPNPPORT

Syntax WEBSERVER SET UPNPPORT <port>

Description This command sets the TCP port number that the Web Server process will use for
UPnP communication.

Universal Plug and Play support is for future releases.

You must save your configuration (see SYSTEM CONFIG SAVE) and restart your
system (see SYSTEM RESTART) to activate the Web Server settings.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A valid UPnP port number that must be
port N/A
between 0 and 65535.

Example --> webserver set upnpport 280

See also WEBSERVER SET PORT

WEBSERVER SHOW INFO

Syntax WEBSERVER SHOW INFO
AT-RG 600 Residential Gateway – Software Reference Manual 27

Description This command displays the following information about the Web Server process:
• EmWeb (Embedded Web Server) release details
• Web Server enabled status (true or false)
• Interface set
• HTTP port set
• UPnP port set
• Management IP address

Example --> webserver show info

Web server configuration:
EmWeb release: R6_0_0E_ISOS
Enabled: true
Interface: lan
HTTP port: 80
UPnP port: 280
Management IP address: 1.2.3.4

See also WEBSERVER CLEAR STATS

WEBSERVER SHOW STATS

Syntax WEBSERVER SHOW STATS

Description This command tells you how many bytes have been transmitted and received by the
Web Server.

Example --> webserver show stats

Web Server statistics:
Bytes transmitted: 2122
Bytes received: 0

See also WEBSERVER SHOW INFO

28 Chapter 1 – System Management

Console Access Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to access the Console module.
The Console module is used only for engineer troubleshooting and is not supported
a as user accessible module.

Console access CLI commands

The table below lists the console access commands provided by the CLI:

Command
CONSOLE ENABLE
CONSOLE PROCESS

CONSOLE ENABLE
Syntax CONSOLE ENABLE

Description This command allows you to enter console mode in order to use the console
commands. Only Super users can use this command.

Example --> console enable

Switching from CLI to console mode - type `exit' to return

See also CONSOLE PROCESS

CONSOLE PROCESS
Syntax CONSOLE PROCESS <console command>

Description This command allows you to enter a single usable console command without
switching to console mode. You cannot enter blacklisted console commands using
this CLI command. Users with Engineer or Super user access can use this command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A usable console command. You can find a
list of usable commands with a link to
console command further information about each usable N/A
command at the start of each chapter in this
manual.

Example The following console process example enters the usable console command, bridge
AT-RG 600 Residential Gateway – Software Reference Manual 29

portfilter:

--> console process bridge portfilter

portfilter 2 all
portfilter 3 all

See also CONSOLE ENABLE

CONSOLE COMMAND - EXIT

This console command has not been replaced by a CLI command. This is a
special console command to allow Super users to return to the CLI from the
console.

Syntax EXIT

Description This console command allows you to return to the CLI after you have entered
console mode using the command CONSOLE ENABLE. When you want to exit
console mode and return to the CLI, you need to type exit in the root of the console.
Only Super users can use this command.

Example --> exit

Returning to CLI from console

See also CONSOLE ENABLE

30 Chapter 2 – Switch

Chapter 2

Switch

Introduction
The AT-RG613, AT-RG623 and AT-RG656 residential gateways include an
integrated layer 2 managed switch providing 5 Fast Ethernet transceivers
supporting 10Base-T and 100Base-TX modes, high performance memory bandwidth
(wire speed) and an extensive feature set including tag port based VLAN, QoS
priority, VLAN tagging and MIB counters.
The layer 2 switch uses one 100Base-TX port as an internal port to communicate to
the central processor in order to access layer 3 services such as routing, VoIP
signaling and traffic, firewall and NAT security modules.
The following is the complete set of features available in the switch module:
• IEEE 802.1q tag based VLAN (up to 16 VLANs)
• VLAN ID tag/untag options, per port basis
• Programmable rate limiting, ingress port, egress port, per port basis.
• IGMP v1/v2 snooping for multicast packet filtering
• QoS packet prioritization support: per port, 802.1p and DiffServ based
• Integrated look-up engine with dedicated 1 K unicast MAC addresses
• Automatic address learning, address aging and address migration
• Full duplex IEEE 802.3x & half-duplex back pressure flow control
• Automatic MDI/MDI-X crossover for plug-and-play on all the ports

Switch Core Functional Overview

Address Look-up
The internal look up table stores MAC addreses and their associated information. It
contains a 1K unicast address table plus switching information.
AT-RG 600 Residential Gateway – Software Reference Manual 31

Learning
The internal look up engine updates its table with a new entry in the following
conditions:
• the received packet's Source Address does not exist in the look up table;
• the received packet is good: the packet has no receive errors and is of legal length.
The look up engine inserts the qualified Source Address into the table, along with
the port number and VLAN information (see below). If the table is full, the last entry
of the table is deleted for the new entry.
To see the current look up entries use the SWITCH SHOW FDB command.

Migration
The internal look up engine monitors whether a station has moved. If so, it updates
the table accordingly. Migration happens in the following conditions:
• the received packet Source Address is in the table but the associated source port
information is different;
• the received packet is good; the packet has no receive errors and is of legal length.
In this case the look up engine updates the existing record in the table with the new
source port information.

Aging
The look up engine updates the timestamp information of a record whenever the
corresponding Source Address appears. The time stamp is used in the aging
process. If a record is not updated for a period of time, the look up engine removes
the record from the table.
The look up engine constantly performs the aging process and is continuously
removing expired records.
The aging period can be set to normal (300 seconds) or fast (800 usecs) or can be
disabled.
Use the SWITCH SET AGINGTIMER command to change aging period or use
SWITCH DISABLE AGINGTIMER to disable aging.

Forwarding
If 802.1q VLAN mode is enabled, the switch assign a VID to every ingress packet.
• If the packet is untagged or tagged with a null VID, the packet is assigned to the
default port VID of the ingress port.
• If the packet is tagged with a non-null VID, the VID in the tag will be used.
The look up process will start from the VLAN table look up. The 12 bit VID value is
converted to a 4 bit FID value (an internal value that represents up to 16 VLANs).
• If the VID is not valid, the packet will be dropped and no address learning will
take place.
32 Chapter 2 – Switch

• If the VID is valid, the forwarding FID is retrieved. Both the combinations
FID+DA (Destination Address) and FID+SA (Source Address) are looked for in
the forwarding table. The FID+DA look up determines the forwarding ports.
• If FID+DA lookup fails to find a match, the packet will be broadcasted to all
the members (excluding the ingress port) of the VLAN.
• If FID+SA lookup fails, the FID+SA will be learned (ie added to the
forwarding table).

Switching engine
The integrated layer 2 switch features a high performance switching engine to move
data to and from the MAC's, packet buffers. It operates in store and forward mode
while the efficient switching mechanism reduces overall latency
The integrated layer 2 switch has a 64kB internal frame buffer pool. This is
structured as 512 buffers, with each buffer 128 bytes in size. This resource is shared
between all five ports (4 ports user accessible and one internal reserved for
communication to system main processor).
All the ports are allowed to use any free buffer in the buffer pool.

Rate limiting support

The integrated layer 2 switch supports hardware rate limiting on "receive" and
"transmit" independently on a per port basis. It also supports rate limiting in a
priority or non-priority environment.
The rate limit starts from 0kbps and goes up to the line rate in steps of 32 kbps. The
switch uses one second as an interval. At the beginning of each interval, the counter
is cleared to zero, and the rate limit mechanism starts to count the number of bytes
during this interval.
For receive, if the number of bytes exceeds the programmed limit, the switch will
stop receiving packets on the port until the "one second" interval expires.
There is an option provided for flow control to prevent packet loss. If the rate limit
is set to 128kbps or greater and the byte counter is 8Kbytes below the limit, the flow
control will be triggered. If the rate limit is set to less than 128kpbs and the byte
counter is 2Kbytes below the limit, the flow control will be triggered.

Layer 3 routing rate limiting

The integrated layer 2 switch is able to limit traffic that goes to the Residential
Gateway network processor where routing tasks need to be performed.
Limitation on the maximum routing rate is necessary to preserve system resources
for high priority tasks like VoIP and IGMP proxy.
To set the maximum routing rate limit use the SWITCH SET ROUTING-LIMIT
command. The maximum routing rate can be selected between 1.0Kfps (Kilo frame
per second) and 6.0Kfps with 0.5Kfps granularity. Selecting NONE equals to disable
the support for routing rate limiting. In this case there is no filter to the traffic
arriving to the network processor and system stability could be affected if traffic is
too high.
AT-RG 600 Residential Gateway – Software Reference Manual 33

If the number of frame per seconds that need to be routed to the network processor
are higher than the selected maximu rate, the layer 2 switch discards packets
addressed to the network processor in order to force the average traffic rate to be
below the target rate.

Class of Service and Differentiated Services

The integrated layer 2 switch support two Class of Service (CoS) mechanisms: IEEE
802.1p tagging (Layer 2) and Differentiated Services (DS) as an advanced
architecture of ToS (Layer 3).

802.1p Traffic Priority

The IEEE 802.1P signaling technique is an IEEE endorsed specification for
prioritizing network traffic at the data-link/MAC sublayer (OSI Reference Model
Layer 2).
802.1p traffic is simply classified and sent to the destination; no bandwidth
reservations are established.
802.1p is a spin-off of the 802.1q (VLANs tagging) standard and they work in
tandem (see Figure 1).
The 802.1Q standard specifies a tag that appends to a MAC frame. The VLAN tag
carries VLAN information. The VLAN tag has two parts: The VLAN ID (12-bit) and
User Priority (3-bit). The User Priority field was never defined in the VLAN
standard. The 802.1p implementation defines this prioritization field.
Switches, routers, servers, even desktop systems, can set these priority bits in the
three-bit User Priority field, which allows packets to be grouped into various traffic
classes.
On the AT-RG613, AT-RG623 and AT-RG656 residential gateway, traffic is
prioritized into two egress queues, high priority and low priority, according the
following logic:
• if the received frames are tagged, the User Priority field in the TAG header is
compared with an internal value in the switch called the Base Priority:
• if the received priority value is equal to or greater than the switch Base Priority,
the frames are sent to the high priority egress queue, otherwise frames are sent to
low priority egress queue.
• if the received frames are untagged, the Default Priority value of the egress port is
compared with the switch Base Priority:
• if port Default Priority is equal or greater than switch Base Priority, the frames are
sent to the high priority egress queue, otherwise frames are sent to low priority
egress queue
If the egress port is tagged, the Default Priority value of that port is assigned to the
User Priority field in the outgoing frames.
To show the current switch Base Priority and port Default Priority values, use the
SWITCH SHOW and SWITCH SHOW PORT commands, respectively.
34 Chapter 2 – Switch

To change the switch Base Priority and port Default Priority use the SWITCH SET
PRIORITY and SWITCH SET PORT commands, respectively.

Differentiated Services Code Point (DSCP)

The DSCP octet in the IP header classifies the packet service level.
The DSCP replaces the ToS Octet in the Ipv4 header (see Figure 1).
Currently, only the first six bits are used. Two bits of the DSCP are reserved for
future definitions. This allows up to 64 different classifications for service levels.
On the AT-RG613, AT-RG623 and AT-RG656 Residential Gateway it is possible to
assign frames to two different egress priority queues, high priority and low priority,
according to the DSCP value in the IP header of the received frames.
To show the current DSCP priority scheme, use the SWITCH SHOW QOS
command.
To change the current DSCP priority scheme, use the SWITCH SET QOS command.
AT-RG 600 Residential Gateway – Software Reference Manual 35

MACHeader
7 octects PREAMBLE

1 octects START FRAME DELIMITER

6 octects DESTINATIONADDRESS

6 octects SOURCE ADDRESS

1 0 0 0 0 0 0 1

2 octects LENGTH/TYPE = 802.1QTagType 0 0 0 0 0 0 0 0

TAG
header
2 octects TAGCONTROL INFORMATION user priority CFI

VLANidentifier VID(12 bit)

2 octects MACCLIENT LENGTH/TYPE

IP Header IP Header Version IHL

42 - 1500 precedence D T R M 0 TOS

octects

IP Payload
Total Length

4 octects FRAME CHECK SEQUENCE Identification

flags
fragment offset

TTL

Protocol

Header Checksum

Protocol

Source IP Address

Destination IP Address

Figure 1. IP Packet overview.

36 Chapter 2 – Switch

Switch Command Reference

This section describes the commands available on the Residential Gateway to
configure and manage switch ports and the address look up table.

switch CLI commands

The table below lists the switch commands provided by the CLI:

Command

SWITCH DISABLE AGEINGTIMER

SWITCH DISABLE LEARNING
SWITCH DISABLE PORT
SWITCH ENABLE AGEINGTIMER
SWITCH ENABLE LEARNING
SWITCH ENABLE PORT
SWITCH RESET
SWITCH SET PORT
SWITCH SET PRIORITY
SWITCH SET QOS
SWITCH SET ROUTING-LIMIT
SWITCH SHOW
SWITCH SHOW FDB
SWITCH SHOW PORT
SWITCH SHOW QOS

SWITCH DISABLE AGEINGTIMER

Syntax SWITCH DISABLE AGEINGTIMER

Description This command stops the aging timer used by the look up engine to remove expired
fdb entries.
If the ageing timer is disabled, the look up entries in the fdb are kept permanently
until the SWITCH ENABLE AGEINGTIMER command entered or the switch is
reset.
To show the current switch status, use the SWITCH SHOW command.

Example --> switch disable ageingtimer

See also SWITCH ENABLE AGEINGTIMER

SWITCH SHOW
AT-RG 600 Residential Gateway – Software Reference Manual 37

SWITCH DISABLE LEARNING

Syntax SWITCH DISABLE LEARNING

Description This command stops the learning engine used to update the look up table when
frame are received from new Source Addresses.
To restore the learning process, use the SWITCH ENABLE LEARNING command.
To show the current switch status, use the SWITCH SHOW command.

Example --> switch disable learning

See also SWITCH ENABLE LEARNING

SWITCH SHOW

SWITCH DISABLE PORT

Syntax SWITCH DISABLE PORT <port-name> [FLOW JAMMING]

Description This command disables the selected switch port, or disables a flow control
mechanism on the port.
If jamming is specified, the jamming signal used for flow control on half duplex
ports will be disabled.
To show the current port status, use the SWITCH SHOW PORT command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

One of the switch ports to be disabled.
Available ports are:
• wan
port-name N/A
• lan1
• lan2
• lan3

Example --> switch disable port lan1

See also SWITCH ENABLE PORT

SWITCH SHOW PORT

SWITCH ENABLE AGEINGTIMER

Syntax SWITCH ENABLE AGEINGTIMER

Description This command restarts the aging timer used by the look up engine to update the
aging of fdb entries.
38 Chapter 2 – Switch

To show the current switch status, use the SWITCH SHOW command.

Example --> switch enable ageingtimer

See also SWITCH DISABLE AGEINGTIMER

SWITCH SHOW

SWITCH ENABLE LEARNING

Syntax SWITCH ENABLE LEARNING

Description This command restarts the learning process used by the look up engine to update
the fdb when frames from new addresses are received.
To show the current switch status, use the SWITCH SHOW command.

Example --> switch enable learning

See also SWITCH DISABLE LEARNING

SWITCH SHOW

SWITCH ENABLE PORT

Syntax SWITCH ENABLE PORT <port-name> [FLOW JAMMING]

Description This command enables the selected switch port.

If jamming is specified, flow control on half duplex ports is enabled.
To show the current port status, use the SWITCH SHOW PORT command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

One of the switch ports to be enabled.
Available ports are:
• wan
port-name N/A
• lan1
• lan2
• lan3

Example --> switch enable port lan1

See also SWITCH DISABLE PORT

SWITCH SHOW PORT

SWITCH RESET
Syntax SWITCH RESET [PORT <port-name> [COUNTERS]]
AT-RG 600 Residential Gateway – Software Reference Manual 39

Description This command completely resets the switch or resets and individual switch port if a
port is specified.
If no port is specified, all internal switch counters are reset and fdb entries removed.
If a port is specified, only the selected port is reset without removing any fdb
entries. It's possible to specify the resetting of just the counters associated with a
port. In this case the physical layer is not reset and no link interruption occurs.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

One of the switch ports to be reset.
Available ports are:
• wan
port-name N/A
• lan1
• lan2
• lan3

Example --> switch reset

--> switch reset port wan

See also SWITCH SHOW

SWITCH SHOW PORT

SWITCH SET AGEINGTIMER

Syntax SWITCH SET AGEINGTIMER {FAST | NORMAL}

Description This command sets the threshold value of the ageing timer, after which an
unrefreshed dynamic entry in the Forwarding Database is automatically removed.
FAST sets the aging timer to 800 µSec., while NORMAL sets the aging timer to 300 Sec.

Example - -> switch set ageingtimer fast

SWITCH SET PORT

Syntax SWITCH SET PORT <portname> { DEFAULTPRIORITY <default-priority> |
INFILTERING {OFF | ON} | NOQOS | QOS |RCVLIMIT <limit>| <speed >
{100MFULL | 100MHALF | 10MFULL | 10MHALF | AUTONEGOTIATE} }

Description This command modifies the values of parameters for switch ports.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

port-name One of the switch ports to be configured. N/A
40 Chapter 2 – Switch

Available ports are:

• wan
• lan1
• lan2
• lan3
The priority value associated with the port.
If the port is set to receive untagged frames,
then if the port Default Priority is equal or
greater than switch Base Priority, the frames
default-priority 0
are sent to the high priority egress queue,
otherwise frames are sent to low priority
egress queue.
Available values are from 0 to 7.
The infiltering parameter enables or
disables Ingress Filtering of frames
admitted on the specified ports. Each port
on the switch belongs to one or more
VLANs.
If INFILTERING is Enabled then tagged
packets arriving at the port will only be
admitted if the VID in the packet’s tag is
equal to the VID of one of the VLANs that
INFILTERING N/A
the port is a member of.

Untagged frames are also admittedif the

port in an untagged member of some
VLAN.

If OFF is specified, Ingress Filtering is

disabled, and no frames are discarded by
this part of the Ingress Rules.
NOQOS Disable 802.1p priority scheme. N/A
QOS Enable 802.1p priority scheme. N/A
The rcvlimit parameter specifies a rate
limiting on reception bandwith for the port.
The value of this parameter represents kbit
per second reception rate above which the
limit incoming data will be discarded. 0
If the value none or 0 is specified, then rate
limiting is turned off.
If any other value is specified, the reception
of frames will be limited to that bandwith.
The speed parameter specifies the
configured line speed and duplex mode of
the port.
speed autonegotiate
If autonegotiate is specified, the port will
autonegotiate the line speed and duplex
mode with the device attached to the port.
AT-RG 600 Residential Gateway – Software Reference Manual 41

If any other option is specified, the port will

be forced to the speed and duplex mode
given.

Example --> switch set port wan rcvlimit 10000

SWITCH SET PRIORITY

Syntax SWITCH SET PRIORITY <802.1p_base_priority>

Description This command sets the switch base priority.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The system priority value. Available
802.1p_base_priority 4
values are from 0 to 7.

Example --> switch set priority 7

SWITCH SET QOS

Syntax SWITCH SET QOS <dscpcode> PRIORITY {HIGH | LOW}

Description This command maps the priority levels for Quality of Service.
The six bit TOS field in the IP header is decoded as 64 entries and for each one it is
possible to specify the priority.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

dscpcode-list is a comma-separate list of

numbers in the range 0-63 which represent
dscpcode the DSCP (Differentiated Service Code N/A
Point) value in the most significant 6 bits of
the TOS field in IPv4 header.

Example To set the high priority for DSCP values 24 and 37, use the command:
--> switch set qos 24,37 priority high

SWITCH SET ROUTING-LIMIT

Syntax SWITCH SET ROUTING-LIMIT <limit>
42 Chapter 2 – Switch

Description This command set the maximum number of frame per seconds that the layer2
switch forward to the Residential Gateway network processor for routing purposes.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

It's the traffic maximum rate (frame per

seconds) sent to the network processor.
Available values are:
1.0Kfps
1.5Kfps
2.0Kfps
2.5Kfps
3.0Kfps
limit none
3.5Kfps
4.0Kfps
4.5Kfps
5.0Kfps
5.5Kfps
6.0Kfps
none
None equals disable the routing limit.

Example
--> switch set routing-limit 6.0kfps

SWITCH SHOW
Syntax SWITCH SHOW

Description This command shows the following switch parameters:

Switch address The MAC address of the switch; it is used as the source
address in pause control frames.
Learning Whether or not the switch’s dynamic learning and
updating of the Forwarding Database is enabled.
Ageing timer Whether or not the ageing timer is enabled.
Ageing time The value of the ageing timer, after which a dynamic entry
is removed from the Forwarding Database.
UpTime The time in hours:minutes:seconds since the switch was
last powered up, rebooted, or restarted.
Base Priority The bottom end of the range of priority values assigned to
the high priority egress queue.
Routing-limit The maximum number of frame per sencond that the
switch forwards to the processor.
AT-RG 600 Residential Gateway – Software Reference Manual 43

Example --> switch show

Switch configuration
------------------------------------------------------------------------
Switch address 10-20-30-40-50-6f
Learning ON
Ageing timer ON
Ageing time 300 Sec. (NORMAL)
UpTime 00:41:28
802.1p Base Priority 4
Routing-limit none

------------------------------------------------------------------------

See also SWITCH SHOW PORT

SWITCH SHOW FDB

Syntax SWITCH SHOW FDB [{ADDRESS <macadd> | PORT <port-name> | VLAN <vlanname>}]

Description This command displays the contents of the Forwarding Database relevant to the
port or the mac address or the vlan specified.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The ADDRESS parameter specifies the MAC

address of the device for which the contents
macadd N/A
of the Forwarding Database are to be
displayed.
One of the switch ports. The PORT
parameter specifies that only those entries
in the Forwarding Database which were
learned from the specified port are to be
displayed.
port-name N/A
Available ports are:
• wan
• lan1
• lan2
• lan3
The VLAN parameter specifies the VLAN
identifier of the VLAN for which the
vlanname N/A
contents of the Forwarding Database are to
be displayed.

Examples To display all the fdb content:

--> switch show fdb

Switch Forwarding Database

--------------------------------------------------------------------------
44 Chapter 2 – Switch

VLAN MAC address Port Status

--------------------------------------------------------------------------
1 00-00-cd-08-25-30 wan Dynamic
1 00-05-b7-00-0f-5e wan Dynamic
1 00-30-84-25-77-3e wan Dynamic
10 00-30-84-ee-40-60 lan1 Dynamic
10 00-30-84-ee-40-83 lan1 Dynamic
20 00-90-fb-07-9d-c9 lan2 Dynamic
30 00-a0-d2-18-49-fa lan3 Dynamic
30 00-c0-b7-a3-d0-40 lan3 Dynamic
--------------------------------------------------------------------------

To display only the fdb content related to a specific MAC address:

--> switch show fdb address 00-05-b7-00-0f-5e

Switch Forwarding Database

--------------------------------------------------------------------------
VLAN MAC address Port Status
--------------------------------------------------------------------------
1 00-05-b7-00-0f-5e wan Dynamic
--------------------------------------------------------------------------

To display only the fdb content related to a specific switch port:

--> switch show fdb port lan1

Switch Forwarding Database

---------------------------------------------------------------------------
VLAN MAC address Port Status
---------------------------------------------------------------------------
10 00-30-84-ee-40-60 lan1 Dynamic
10 00-30-84-ee-40-83 lan1 Dynamic

To display only the fdb content related to a specific VLAN:

--> switch show fdb vlan 30

Switch Forwarding Database

---------------------------------------------------------------------------
VLAN MAC address Port Status
---------------------------------------------------------------------------
30 00-a0-d2-18-49-fa lan3 Dynamic
30 00-c0-b7-a3-d0-40 lan3 Dynamic

SWITCH SHOW PORT

Syntax SWITCH SHOW PORT <port-name> [COUNTERS]

Description This command displays general information about the specified switch port.
Port Port reference.
Status The admin status of the port; one of
“ENABLED” or “DISABLED”.
AT-RG 600 Residential Gateway – Software Reference Manual 45

Link state The link state of the port, one of “Up” or

Uptime
Port media type
Configured speed/duplex
Acceptable frame type
Broadcast rate limit
Multicast rate limit
Receive rate limit
Current learned, lock state
Enabled flow control(s)
Send tagged pkts for VLAN(s) The name and VLAN Identifier (VID) of the
tagged VLAN(s), if any, to which the port
belongs.
Port based VLAN
Ingress filtering
802.1p Default Priority
802.1p Priority
“Down”.
The count in hours:minutes:seconds of the
elapsed time since the port was last reset or
initialised.
The MAC entity type.
The port speed and duplex mode configured
for this port. One of “Autonegotiate” or a
combination of a speed (one of “10 Mbps” or
“100 Mbps”) and a duplex mode (one of “half
duplex” or “full duplex”).
The maximum acceptable frame size.
The limit of the rate of reception of broadcast
frames for this port, in frames per second.
The limit of the rate of reception of multicast
frames for this port, in frames per second.
The limit of the rate of reception of unicast
frames for this port, in kbit per second.
The number of MAC addresses currently
learned on this port and the state of locking for
this port. The lock state is one of “not locked”,
locked by limit” or “locked by command”.
Flow control parameters set for the port; zero,
one or two of “Jamming” and “Pause”. If flow
control is implemented on the switch, then this
kind of flow control is applied to the port.
The name and VLAN Identifier (VID) of the
port-based VLAN to which the port belongs.
The state of Ingress Filtering: one of “on” or
"off"
The current value set for Default Priority.
The current status for Default Priority: one of
“on” or "off"

If the counters parameter is specified the following information are reported:

• Combined receive/transmit packets by size (octets) counter
packets size <= 64 octects Number of 64 octet packets received and
transmitted.
packets size 65 – 127 Number of 65 - 127 octet packets received and
transmitted.
46 Chapter 2 – Switch

packets size 128 – 255 Number of 128 - 255 octet packets received and
transmitted.
packets size 256 – 511 Number of 256 - 511 octet packets received and
transmitted.
packets size 512 – 1023 Number of 512 - 1023 octet packets received
and transmitted.
packets size 1024 – 1522 Number of 1024 - 1522 octet packets received
and transmitted.

• Receive
Octets The number of octets.
Pkts The number of packets.
FCSerrors The number of frames containing a Frame
Check Sequence error.
MulticastPkts The number of multicast packets.
BroadcastPkts The number of broadcast packets.
PauseMACctlFrms The number of valid PAUSE MAC Control
frames.
OversizePkts The number of oversize packets.
Fragments The number of fragments.
Jabbers The number of jabbers frames.
MACControlFrms The number of MAC Control frames (Pause
and Unsupported).
UnsupportCode The number of MAC Control frames with
unsupported opcode (i.e. not Pause).
AlignmentErrors The number of frames with alignment errors.
SymErDurCarrier The number of frames with invalid data
symbols.
UndersizePkts The number of undersized packets.

• Transmit
Octets The number of octets.
Pkts The number of packets.
MulticastPkts The number of multicast packets.
BroadcastPkts The number of broadcast packets.
PauseMACctlFrms The number of PAUSE MAC Control frames.
FrameWDeferrdTx The number of frames deferred once before
successful transmission.
SingleCollsnFrm The number of frames which experienced
exactlyone collision.
AT-RG 600 Residential Gateway – Software Reference Manual 47

MultCollsnFrm The number of frames which experienced 2 to

15 collisions (including late collisions).
LateCollsns The number of frames which experienced late
collisions.
ExcessivCollsns The number of frames aborted before
transmission after 16 collisions.
CollisionFrms Total number of collisions.

• Miscellaneous Counters
DropEvents The number of packets discarded at ingress
port.
totalPktTxAbort The number of packets aborted during
transmission.

Examples --> switch show port wan

Switch Port information

--------------------------------------------------------------------------
Port: wan
Status Enabled
Link state Up
UpTime 00:29:38
Port media type ISO8802-3 CSMACD
Configured speed/duplex Autonegotiate
Actual speed/duplex -
Acceptable frame type packet sizes up to 1536 bytes
(inclusive)
Broadcast rate limit -
Multicast rate limit -
Receive rate limit -
Current learned, lock state 10, not locked
Enabled flow control(s) Pause

Send tagged pkts for VLAN(s) -

Port based VLAN default (1)
Ingress filtering ON
802.1p Default Priority 0
802.1p Priority Disabled
--------------------------------------------------------------------------

--> switch show port wan counters

Switch Counter
--------------------------------------------------------------------------
Port: wan
Received packets by size (octets) counters:
64 1668 256 - 511 31
65 - 127 1119 512 - 1023 26
128 - 255 777 1024 - 1522 6

General Counters:
Receive: Transmit:
Octets 377801 Octets 1108
Pkts 3627 Pkts 17
FCSerrors 0 MulticastPkts 0
MulticastPkts 7 BroadcastPkts 0
48 Chapter 2 – Switch

BroadcastPkts 1377 PauseMACctlFrms 0

PauseMACctlFrms 0 FrameWDeferrdTx 0
OversizePkts 0 SingleCollsnFrm 0
Fragments 0 MultiCollsnFrm 0
Jabbers 0 LateCollsns 0
MACControlFrms 0 ExcessivCollsns 0
UnsupportCode - CollisionFrames 0
AlignmentErrors 0
SymErDurCarrier 0
UndersizePkts 0

Miscellaneous Counters:
DropEvents 0
totalPktTxAbort 0

--------------------------------------------------------------------------

SWITCH SHOW QOS

Syntax SWITCH SHOW QOS

Description This command displays the current mapping of user priority level to QOS egress
queue for the switch.
AT-RG 600 Residential Gateway – Software Reference Manual 49

Chapter 3

VLAN

INTRODUCTION
VLAN is a networking technology that allows networks to be segmented logically
without having to be physically rewired.
Many Ethernet switches support virtual LAN (VLAN) technologies. By replacing
hubs with VLAN switches, the network administrator can create a virtual network
within existing network. With VLAN, the network logical topology is independent
of the physical topology of the wiring. Each computer can be assigned a VLAN
identification number (ID), and computers with the same VLAN ID can act and
function as though they are all on the same physical network.
So, the traffic on a VLAN is isolated and thus all communications remain within the
VLAN. The assignment of VLAN IDs is done by the switches and can be managed
remotely using network management software.
VLAN switches can function in different ways. They can be switched at the data-
link layer (layer 2 of the Open Systems Interconnection reference model) or the
network layer (layer 3), depending on the type of switching technology used. The
main advantage of using VLAN technologies is that users can be grouped together
according to their need for network communication, regardless of their actual
physical locations. This isolation will help to reduce unnecessary traffic so better
network performance. The disadvantage is that additional configuration is required
to set up and establish the VLANs when implementing these switches.

VLAN TAGGING
VLAN technology introduces the following three basic types of frame:
• Untagged frames
• Priority-tagged frames
• VLAN-tagged frames
50 Chapter 3 – VLAN

An untagged frame or a priority-tagged frame does not carry any identification of the
VLAN to which it belongs. Such frames are classified as belonging to a particular
VLAN based on parameters associated with the receiving port.
This classification mechanism requires the association of a specific VLAN ID, the
Port VLAN Identifier, or PVID, with each of the switch ports.
The PVID for a given port provides the VID for untagged and priority-tagged
frames received through that port. The PVID for each port shall contain a valid VID
value, and shall not contain the value of the null VLAN ID (see Table 3).
A VLAN-tagged frame carries an explicit identification of the VLAN to which it
belongs; i.e., it carries a non-null VID. Such a frame is classified as belonging to a
particular VLAN based on the value of the VID that is included in the tag header.
The presence of a tag header carrying a non-null VID means that some other device,
either the originator of the frame or a VLAN-aware switch, has mapped this frame
into a VLAN and has inserted the appropriate VID.
Tagging of frames is performed for the following purposes:
• To allow user priority information to be added to frames carried on IEEE 802
LAN MAC types that have no inherent ability to signal priority information at the
MAC protocol level;
• To allow a frame to carry a VID;
• To allow the frame to indicate the format of MAC Address information carried in
MAC user data;
• To allow VLANs to be supported across different MAC types.
Tagging a frame requires:
• The addition of a tag header to the frame. This header is inserted immediately
following the destination MAC Address and source MAC Address fields of the
frame to be transmitted;
• Recomputation of the Frame Check Sequence (FCS).
When relaying a tagged frame between 802.3/Ethernet MACs, a switch may adjust
the PAD field such that the minimum size of a transmitted tagged frame is 68 octets.

7 octects PREAMBLE

1 octects START FRAME DELIMITER

6 octects DESTINATION ADDRESS

6 octects SOURCE ADDRESS

1 0 0 0 0 0 0 1

2 octects LENGTH/TYPE = 802.1QTagType 0 0 0 0 0 0 0 0

TAG
header
2 octects TAG CONTROL INFORMATION user priority CFI

VLAN identifier VID (12 bit)

2 octects MAC CLIENT LENGTH/TYPE

42 - 1500 MAC CLIENT DATA

octects
PAD

4 octects FRAME CHECK SEQUENCE

Figure 2. Tagged frame format according to IEEE 802.3ac standard.

AT-RG 600 Residential Gateway – Software Reference Manual 51

The tag header carries the following information (see Figure 2):
• The Tag Protocol Identifier (TPID) carrying an Ethernet Type value
(802.1QTagType), which identifies the frame as a tagged frame. The value of
802.1QTagType is 81-00
• Tag Control Information (TCI). The TCI field is two octets in length, and contains
user priority, CFI and VID (VLAN Identifier) fields. Figure ... illustrates the
structure of the TCI field:
• User priority. The user priority field is three bits in length, interpreted as a
binary number. The user priority is therefore capable of representing eight
priority levels, 0 through 7. This field allows the tagged frame to carry user
priority information across Bridged LANs in which individual LAN
segments may be unable to signal priority.
• Canonical Format Indicator (CFI). The Canonical Format Indicator (CFI) is a
single bit flag value. CFI reset indicates that all MAC Address information
that may be present in the MAC data carried by the frame is in Canonical
format.
• The meaning of the CFI when set depends upon the variant of the tag
header in which it appears.
• In an Ethernet-encoded tag header, transmitted using 802.3/Ethernet MAC
methods, CFI has the following meanings:
When set, indicates that the E-RIF field is present in the tag header,
and that the NCFI bit in the RIF determines whether MAC Address
information that may be present in the MAC data carried by the
frame is in Canonical (C) or Non-canonical (N) format;
When reset, indicates that the E-RIF field is not present in the tag
header, and that all MAC Address information that may be present
in the MAC data carried by the frame is in Canonical format (C).

• VLAN Identifier (VID). The twelve-bit VLAN Identifier field uniquely identifies
the VLAN to which the frame belongs. The VID is encoded as an unsigned binary
number. Table 3. Reserved VID values. identifies values of the VID field that have
specific meanings or uses; the remaining values of VID are available for general
use as VLAN identifiers.
A priority-tagged frame is a tagged frame whose tag header contains a VID value
equal to the null VLAN ID.

VID value
Meaning/Use
(hexadecimal)
The null VLAN ID. Indicates that the tag header contains only
0
user priority information; no VLAN identifier is present in the
frame. This VID value shall not be configured as a PVID,
configured in any Filtering Database entry, or used in any
Management operation.
The default PVID value used for classifying frames on ingress
1 through a switch port. The PVID value can be changed by
management on a per-port basis.
52 Chapter 3 – VLAN

Reserved for implementation use. This VID value shall not be

configured as a PVID, configured in any Filtering Database
FFF
entry, used in any Management operation, or transmitted in a
tag header.

Table 3. Reserved VID values.

VLAN SUPPORT ON AT-RG600 RESIDENTIAL GATEWAY

AT-RG613, AT-RG623 and AT-RG656 Residential Gateway supports up to 16 VLAN
(irrespective of whether they are carrying tagged or untagged frames)
The Residential Gateway provides a 16 entry VLAN table that converts VID (12bits)
to an internal value called FID (4 bits) for address look up.
If a non tagged or null-VID tagged packet is received, the ingress port VID is used
for look up.
The look up process starts with a VLAN table look up to determine whether the VID
is valid.
If the VID is not valid the packet will be dropped and its address will not be
learned.
If the VID is valid, FID is retrieved for further look up.
FID + DA is used to determine the destination port. FID + SA is used for learning
purposes.

VLAN definition and port tagging

By default the Residential Gateway starts with only one VLAN defined with name
default and VID=1.
All the system ports are members of the default VLAN.
Use the VLAN SHOW command to display the current VLAN status on the residential
gateway.
Creating and configuring a new VLAN is a two step process:
• A VLAN is created with the VLAN ADD VID command, specifying a name
for the VLAN and its VID value.
• WAN, LAN1, LAN2 and LAN3 ports are added (if required) to the VLAN
using the VLAN ADD PORT command. When a port is added it's necessary
to specify the frame format in which packets associated with that VLAN
will be transmitted from that port: untagged or tagged.
Note that a physical port can be a member of one or more VLANs.
• If a port is member of one VLAN only it can accept tagged or untagged frames.
• If a port is member of two or more VLANs it can accept untagged frames for one
VLAN only and tagged frames for the remaining VLANs; or can accept tagged
frames for all the VLANs.
A port can accept tagged or untagged frames on the same VLAN in a mutually
exclusive way (when ingress filtering is enabled):
AT-RG 600 Residential Gateway – Software Reference Manual 53

• If a port is assigned to a VLAN as untagged, only untagged frames will be

permitted
• if the port is assigned to a VLAN as tagged, only tagged frames will be permitted.
To change the tagged/untagged frame format of a port for a specific VLAN it's
necessary remove the port from the VLAN with the VLAN DELETE command and
then re-add the port to the VLAN with the VLAN ADD PORT command,
specifying the required frame format.
To remove a VLAN it is necessary to remove all ports that are members of the
VLAN with the command VLAN DELETE PORT and then remove the VLAN with
the command VLAN DELETE VID. The Default VLAN (VID=1) cannot be removed.
When a port is removed from a VLAN and the same port is not a member of any
other VLAN, the port is automatically added to the default VLAN with the
untagged attribute.

VLAN versus IP Interface

One of the major constraints when using VLANs is that packets exchanged between
hosts that are members of the same VLAN cannot be received by hosts that are
members of a different VLAN.
The Residential Gateway solves this limitation by offering a packet routing service
between different VLANs.
The routing of packets between VLANs is based on the classical layer 3 routing
method as, for example, a typical router performs between IP interfaces.
Based on this approach, there is the requirement that each VLAN that you wish to
be involved in the routing of packets must have an associated IP interface.
In this way, the Layer 3 routing process is able to treat VLAN IP interfaces as
though they were distinct Ethernet ports, and route rules apply as they would for a
multiport router.
Each primary IP interface uses the VLAN data transport services (frame tagging and
untagging and related layer 2 forwarding) as though it were an Ethernet port.
For the system point of view, when a VLAN is used to support an IP interface, the
VLAN becomes a transport device supporting ethernet traffic (see Figure 3).
54 Chapter 3 – VLAN

IP routing

IP layer IP Interface ip0 IP Interface <name> IP Interface <name>

Transport
VLAN default VLAN <vlanname> VLAN <vlanname>
(VLAN)

Virtual port Ethernet 0 Ethernet 1 Ethernet 1

Layer 2 switch

Physical port lan1 lan2 lan3 wan

Figure 3. VLAN and IP layer architecture (the greyed area surrounds the entities
always available in the system)

The maximum number of primary IP interfaces that can be defined is 16 and is

equal to the maximum number of VLANs that it is possible to create on the
residential gateway.
To create a primary IP interface and connect it to a VLAN, the following steps must
be performed (see Figure 4):
• Create a VLAN using the VLAN ADD VID command
• Add ports to the VLAN using the VLAN ADD PORT command
• Add the VLAN to the ethernet transports list using the ETHERNET ADD
TRANSPORT command. This command instructs the system that a new
(virtual) transport device has been added to the system.
• Create an IP interface with the IP ADD INTERFACE command. This
command constructs a new IP interface with the specified IP address and
netmask but doesn't bind the IP interface to any port.
• Bind the IP interface to the VLAN using the IP ATTACH TRANSPORT
command.
At this point the IP interface is available for any process requiring access to the IP
network.
When more than one IP interfaces is defined, routing between these interfaces is
immediately enabled without requiring any route to be explicitly defined.
By default, the Residential Gateway starts with one IP interface attached to the
default VLAN in order to provide remote access to the system via telnet.
The default VLAN and the IP interface attached to it cannot be removed. It's
possible to remove all the ports from the default VLAN if one or more other VLANs
exist.
AT-RG 600 Residential Gateway – Software Reference Manual 55

Default Configuration

VLAN Creation IP Interface Creation

VLAN Port Adding IP Interface Config.

VLAN Ethernet
Transport Adding

IP and VLAN Attach

IP Interface on VLAN

Figure 4. IP interface over VLAN - basic steps

56 Chapter 3 – VLAN

VLAN Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 residential Gateway to create, configure and manage VLANs.

vlan CLI commands

The table below lists the vlan commands provided by the CLI:

Command
VLAN ADD PORT
VLAN ADD VID
VLAN DELETE
VLAN SHOW

VLAN ADD PORT

Syntax VLAN ADD <vlanname> PORT <portname> FRAME {TAGGED | UNTAGGED}

Description This command adds an Ethernet port to an existing named VLAN that has been
created with the command VLAN ADD VID.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing VLAN.

vlanname To display the existing VLANs, use the N/A
VLAN SHOW command.

A name that identifies an Ethernet port.

portname Valid port names (case insensitive) are: N/A
wan, lan1, lan2, lan3.
The FRAME parameter specifies whether a
VLAN tag header is included in each frame
transmitted on the specified ports.
• If tagged is specified, a VLAN tag is
added to frames prior to transmission.
FRAME The port is then called a tagged port for N/A
this VLAN.
• If untagged is specified, the frame is
transmitted without a VLAN tag. The
port is then called an untagged port for
this VLAN.

Example --> vlan add voip port lan1 frame untagged

AT-RG 600 Residential Gateway – Software Reference Manual 57

See also VLAN SHOW

VLAN ADD VID

Syntax VLAN ADD <vlanname> VID <vlanID> [802.1p_priority <priority>]

Description This command defines a new VLAN which has the specified VID value.
The VLAN name can be 16 characters length; it cannot start with a digit and cannot
contain dots '.' or the slash symbols '/'.
This command specifies also the priority value of the tagged packets that from the
network processor are sent to the layer2 switch and then to the network.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the

VLAN. The name must not be already in
vlanname N/A
use for another VLAN. The VLAN name
can be a maximum of 16 chars long.
The VLANID parameter specifies a unique
VLAN Identifier (VID) for the VLAN.
• If tagged ports are added to this VLAN,
the specified VID is used in the VID
field of the tag in outgoing frames.
vlanID • If untagged ports are added to this N/A
VLAN, the specified VID only acts as an
identifier for the VLAN in the
Forwarding Database.
The default port based VLAN has a VID of
1.
It's the priority value as defined in 802.1p of
the tagged packets that from the Residential
priority Gateway network processor are sent to the 0
switch and then outside to the network.
Available values are from 0 to 7.

Example --> vlan add voip vid 10 802.1p_priority 7

See also VLAN SHOW

VLAN DELETE
Syntax VLAN DELETE <vlanname> [PORT <portname>]

Description This command deletes an existing VLAN created with the VLAN ADD VID
command.
58 Chapter 3 – VLAN

To completely remove a VLAN it is necessary to first remove all port members of

the vlan.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing VLAN.

vlanname To display the existing VLANs, use the N/A
VLAN SHOW command.
A name that identifies a port members of
the VLAN.
portname N/A
Valid port names (case insensitive) are:
Wan, lan1, lan2, lan3.

Example --> vlan delete voip port lan2

--> vlan delete voip

See also VLAN ADD PORT

VLAN ADD VID
VLAN SHOW

VLAN SHOW
Syntax VLAN SHOW

Description This command display the following information about all the VLANs defined in
the system:
• Name The name of the VLAN.
• Identifier The numerical VLAN identifier of the VLAN (VID).
• Status The status of the VLAN (only static VLAN are supported)
• Untagged port(s) A list of untagged ports that belong to the VLAN.
• Tagged port(s) A list of tagged ports that belong to the VLAN.
• 802.1p priority The value of the 802.1.p priority assigned to packets sent
from the Residential Gateway processor.

Example --> vlan show

VLAN information
---------------------------------------------
Name: default
Identifier 1
Status static
802.1p Priority 7
Untagged port(s) lan3, wan
Tagged port(s) cpu
Name: voip
Identifier 10
Status static
AT-RG 600 Residential Gateway – Software Reference Manual 59

802.1p Priority 7
Untagged port(s) lan2
Tagged port(s) lan1

---------------------------------------------

See also VLAN ADD PORT

VLAN ADD VID
60 Chapter 4 – IP

Chapter 4

IP

INTRODUCTION
This chapter describes the main features of the Internet Protocol (IP) and how to
configure and operate the AT-RG613, AT-RG623 and AT-RG656 IP interface.
IP protocols are widely used and available on nearly all hosts and PC systems. They
provide a range of services including remote login, file transfer and Email.

THE INTERNET
The Internet (with a capital “I”) is the name given to the large, worldwide network
of networks based on the original concepts of the ARPAnet. A large number of
government, academic and commercial organizations are connected to the Internet,
and use it to exchange traffic such as Email. The Internet uses the TCP/IP protocols
for all routing. In recent times the term Internet (with a lowercase “i”) has also come
to refer to any network (usually a wide area network), which utilizes the Internet
Protocol. The remainder of this chapter will concentrate on the latter definition, i.e.
that of a generalized network which uses IP as the transport protocol.
The basic unit of data sent through an Internet is a packet or datagram. An IP
network functions by moving packets between routers and/or hosts. A packet
consists of a header followed by the data (see Figure 5 and Table 4). The header
contains the information necessary to move the packet across the Internet. It must be
able to cope with missing and duplicated packets as well as possible fragmentation
(and reassembly) of the original packet.
Packets are sent using a connectionless transport mechanism. A connection is not
maintained between the source and destination addresses; rather, the destination
address is placed in the header and the packet is transmitted on a best effort basis. It
is up to the intermediate systems (routers and gateways) to deliver the packet to the
correct address, using the information in the header.
Successive packets may take different routes through the network to the destination.
There is a strong analogy with the postal delivery system in that letters are placed in
individually addressed envelopes and put into the system in the ‘hope’ that they
AT-RG 600 Residential Gateway – Software Reference Manual 61

will arrive. Like an Internet, the postal system is very reliable. In an Internet, higher
layers (such as TCP and Telnet) are responsible for ensuring that packets are
delivered in a reliable and sequenced way.
In contrast to a connectionless transport mechanism, a connection-oriented
transport mechanism requires a connection to be maintained between the source
and destination for as long as necessary to complete the exchange of packets
between source and destination. X.25 is an example of a connection-oriented
protocol. A good analogy to X.25 would be a telephone call, in which both parties
verify that they are talking to the correct person before exchanging highly
sequenced data (if both talk at once then nothing intelligible results!), and the
connection is maintained until both parties have finished talking. Its not hard to
imagine the chaos if the telephone system delivered words in the wrong order.

1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Version IHL TOS Total Length

Identification flags fragment offset

TTL Protocol Header Checksum

Source IP Address

Destination IP Address

User Data

Figure 5. IP packet or datagram.

Field Function

Ver The version of the IP protocol that created the datagram.

IHL The length of the IP header in 32-bit words (the minimum
value is 5).
Type of service The quality of service (precedence, delay, throughput, and
reliability) desired for the datagram.
Total length The length of the datagram (both header and user data), in
octets.
Identification A 16-bit value assigned by the originator of the datagram,
used during reassembly
Flags Control bits indicating whether the datagram may be
fragmented, and if so, whether other later fragments exist
Fragment offset The offset in the original datagram of the data being carried
in this datagram, for fragmented datagrams
Time to live The time in seconds the datagram is allowed to remain in
the Internet system
Protocol The high level protocol used to create the message
(analogous to the type field in an Ethernet packet)
Header checksum A checksum of the header
62 Chapter 4 – IP

Source IP address 32-bit IP address of the sender

Destination IP 32-bit IP address of the recipient
address
Options An optional field primarily used for network testing or
Debugging.
Padding All bits set to zero—used to pad the datagram header to a
length that is a multiple of 32 bits.
User data The actual data being sent.

Table 4. Functions of the fields in an IP datagram.

ADDRESSING
Internet addresses are fundamental to the operation of the TCP/IP Internet.
Each packet must contain an Internet address to determine where to send the
packet. Most packets also require a source address so that the sender of the packet is
known. Addresses are 32-bit quantities which are logically divided into fields. They
must not be confused with physical addresses (such as an Ethernet address); they
serve only to address Internet Protocol packets.
Addresses are organised into five classes (see Table 5).
Class Maximum number of possible Maximum number of hosts per
networks network
A 127 16,777,216
B 16,384 65,536
C 2,097,152 255
D Reserved Class
E Reserved Class

Table 5. Internet Protocol address classes and limits on numbers of networks and
hosts.

Each class differs in the number of bits assigned to the host and network portions of
the address (Figure 6).
AT-RG 600 Residential Gateway – Software Reference Manual 63

1 7 24

CLASS A 0 NETWORK HOST

1 1 14 16

CLASS B 1 0 NETWORK HOST

1 1 1 21 8

CLASS C 1 1 0 NETWORK HOST

Figure 6. Subdivision of the 32 bits of an Internet address into network and host
fields for class A, B and C networks.

The addressing scheme is designed to allow routers to efficiently extract the host
and network portions of an address. In general a router is only interested in the
network portion of an address.
Class A sets the Most Significant Bit (MSB) to 0 and allocates the next 7 bits to define
the network and the remaining 24 bits to define the host. Class B sets the two MSBs
to 10 and allocates the next 14 bits to designate the network while the remaining 16
refer to the host. Class C sets the three MSBs to ‘110’ and allocates the next 21 bits to
designate the network while the remaining 8 are left to the user to assign as host or
subnet numbers.
The term host refers to any attached device on a subnet, including PCs, mainframes
and routers. Most hosts are connected to only one network. In other words they
have a single IP address. Routers are connected to more than one network and can
have multiple IP addresses. The IP address is expressed in dotted decimal notation
by taking the 32 binary bits and forming 4 groups of 8 bits, each separated by a dot.
For example:
10.4.8.2 is a class A address
10 is the DDN assigned network number
.4.8 are (possibly) user assigned subnet numbers
.2 is the user assigned host number

172.16.9.190 is a class B address

172.16 is the DDN assigned network number
.9 is the user assigned subnet number
.190 is the user assigned host number

The value 0.0.0.0 is used to define the default address, while a value of all ones in
any host portion (i.e. 255) is reserved as the broadcast address. Some older versions
of UNIX use a broadcast value of all zeros, therefore both the value ‘0’ and the value
‘255’ are reserved within any user assigned host portion. The address 172.16.0.0
refers to any host (not every host) on any subnet within the class B address 172.16.
64 Chapter 4 – IP

Similarly 172.16.9.0 refers to any host on subnet 9, whereas 172.16.9.255 is a packet

addressed to every host on subnet 9. The router uses this terminology to indicate
where packets are to be sent.
An address with ‘0’ in the host portion refers to ‘this particular host’ while an
address with ‘0’ in the network portion refers to ‘this particular network’. As
mentioned above a value of all ‘1’ (255) is a broadcast. To reduce loading, IP
consciously tries to limit broadcasts to the smallest possible set of hosts, hence most
broadcasts are ‘directed’. For example 172.16.56.255 is a broadcast to subnet 56 of
network 172.16. A major problem with the IP type of addressing is that it defines
connections not hosts. A particular address, although it is unique, defines a host by
its connection to a particular network. Therefore if the host is moved to another
network the address must also change. The situation is analogous to the postal
system. A related problem can occur when an organisation which has a class C
address finds that they need to upgrade to class B. This involves a total change of
every address for all hosts and routers. Thus the addressing system is not scalable.

Subnets
Related to the two issues discussed above, the rapid growth of the Internet has
meant a proliferation in the number of addresses which must be handled by the core
routers. More addresses means more loading and tends to slow the system down.
This is overcome by minimising the number of network addresses by sharing the
same IP prefix (the assigned network number) with multiple physical networks.
Generally these would all be within the same organisation, although this is not a
requirement. There are two main ways of achieving this; Proxy ARP and subnetting.
Proxy ARP will be discussed later in this section.
A subnet is formed by taking the host portion of the assigned address and dividing
it into two parts. The first part is the ‘set of subnets’ while the second refers to the
hosts on each subnet. For example the DDN may assign a class B address as
172.16.0.0. The system manager would then assign the lower two octets in some way
which makes sense for this particular network. A common method for class B is to
simply use the higher octet to refer to the subnet. Thus there are 254 subnets (0 and
255 are reserved) each with 254 hosts. These subnets need not be physically on the
same media. Generally they would be allocated geographically with subnet 2 being
one site, subnet 3 another and so on. Some sites may have a requirement for
multiple subnets on the same LAN.
This could be to increase the number of hosts or simply to make administration
easier. In this case it is normal (but not required) that the subnets be assigned
contiguously for this site. This makes the allocation of a subnet mask easier.
This mask is needed by the routers to ascertain which subnets are available at each
site. Bits in the mask are set to ‘1’ if the router is to treat the corresponding bit in the
IP address as belonging to the network portion or set to ‘0’ if it belongs to the host
portion. This allows a simple bit-wise logical AND to determine if the address
should be forwarded or not. Although the standard does not require that the subnet
mask must select contiguous bits, it is normal practice to do so. To do otherwise can
make the allocation of numbers rather difficult and prone to errors.
Some example masks are:

11111111.11111111.11111111.00000000 = 255.255.255.0
<----network----> <subnet> <-host->
AT-RG 600 Residential Gateway – Software Reference Manual 65

This would give 254 subnets on a class B network, each with 254 hosts.

11111111.11111111.11111111.11110000 = 255.255.255.240
<------network--> <- --subnet-><host>
This would give 4094 subnets on a class B network, each with 14 hosts or, 14 subnets
on a class C network each with 14 hosts.

IP SUPPORT ON AT-RG6XX RESIDENTIAL GATEWAY SERIES

In order to use the IP stack, one or more interfaces must be added to the IP stack and
attached to a transport.
Each interface must be configured with an IP address and a subnet mask. Together,
these define the range of addresses which can be reached via the interface without
passing through any other routers.
Each interface (real and virtual) must have a unique subnet; the range of addresses
on each interface must not overlap with any other interface. In situations where
there is no local subnet associated with an interface, unnumbered interfaces may be
used.

Adding and attaching IP interfaces

IP interfaces are added and attached using the commands provided in the ip and
ethernet module respectively.
IP interfaces use typically the services provided by ethernet transports. Ethernet
transport is an abstraction layer used to classify the format of the IP packets that will
be transferred through the network. Another type of transport is, for example, is
pppoe. Packets trasmitted through a pppoe connection or ethernet connection will
have different frame format even if the convey the same type of information to the
IP layer.
Because the system support VLANs, the same ethernet port can be shared between
different VLANs. Therefore it's not possible map an ethernet transport directly to a
physical ethernet port.
Instead ethernet transports are mapped to VLANs that from a logical point of view
they act like an ethernet segment as an ethernet port would do in a simple system
without VLANs
To attach an ethernet transport to the Residential Gateway the following steps must
be performed:
Create an ethernet transport using the command:

ethernet add transport eth1 myvlan

Create an interface to the IP stack: using, for example, the command:

ip add interface ip1 192.168.101.2 255.255.255.0

Attach the transport to the interface using the command:

ip attach ip1 eth1

66 Chapter 4 – IP

IP stack and incoming packets

When a packet arrives on an IP interface, the IP stack determines whether:
• the packet should be received locally;
• the packet should be forwarded to another interface

Locally received packets

A packet will be received locally if:

• the destination address of the packet matches any of the IP stack interface
addresses (real or virtual interface, primary or secondary addresses).
• the packet is a broadcast.
• the packet is a multicast to a group that the IP stack belongs to.
• the packet has the Router Alert option set.
The packet is either processed internally within the IP stack (for example, ICMP or
IGMP control messages), or passed up to an application via the appropriate protocol
processing (for example, TCP or UDP data).
For a local application to successfully send a packet back to another host, the IP
stack must be able to find a suitable route to that host.

Forwarding packets
If the IP stack determines that a packet is not destined to be received locally, it will
try to forward the packet. The packet will be forwarded if:
• the destination of the packet can be reached directly via any of the IP stack’s
interfaces.
• a route has been added, either manually or by a routing protocol, specifying a
suitable gateway via which that destination may be reached.
Several address tests are applied before forwarding a packet, for example to prevent
broadcast packets from being forwarded. For more information about these tests,
see RFC1122: Requirements for Internet - Hosts (section 3.2).
If the packet cannot be forwarded, an ICMP “Destination Unreachable” error will be
returned to the sender.
By default, the checksum of forwarded IP packets is not checked. This is for reasons
of efficiency, because calculating the checksum on all packets adds significantly to
the forwarding time and reduces throughput. This default setting is common in
most IP routers. Locally terminated packets always have their checksum checked.

Unconfigured interfaces
An interface with an IP address of 0.0.0.0 is unconfigured. An interface is added as
unconfigured when it is to be configured at a later time, for example, by IPCP or
DHCP.
AT-RG 600 Residential Gateway – Software Reference Manual 67

No traffic will be forwarded from an unconfigured interface. However, an

unconfigured interface may still receive certain types of traffic, such as responses to
DHCP requests.
An unconfigured interface should not be confused with an unnumbered interface.

Unnumbered interfaces
In a routed network, consider two routers that are joining two different subnets via
a point-to-point link. It would usually be necessary to allocate a whole subnet just
for the link between the routers, in addition to the other two subnets.
An unnumbered interface does not have a subnet associated with it and simply
serves as one end of a point-to-point link. An unnumbered link does not have an IP
address, but a router id which is the IP address of one of the router’s other interfaces.
You can have multiple unnumbered interfaces as long as you have at least one
normal (numbered) IP interface in your router so that you can use its IP address as
the router id. The unnumbered interfaces can either use different router id values, or
use the same router id value. Whatever their value, the router id(s) must match the
address of a normal interface.

Unnumbered interfaces can only be used on point-to-point links. This includes

PPP. You cannot use unnumbered interfaces with Ethernet

Unconfigured interfaces v unnumbered interfaces

An unnumbered interface is not the same as an unconfigured interface.
An unconfigured interface is created by adding an interface without specifying an
IP address (ip add interface myinterface), or by specifying an IP address of 0.0.0.0 (ip
add interface myinterface 0.0.0.0).
You would add an unconfigured interface if the interface address were to be set
automatically later, for example, by IPCP or DHCP. It cannot be used for normal
traffic.
An unnumbered interface is different - it is used for normal traffic but does not have
its own IP address or a local subnet associated with it.

Configuring unnumbered interfaces

Unnumbered interfaces are created using the following CLI command:

ip add interface <name> <ipaddress> 255.255.255.255

For example:

ip add interface myinterface 192.168.101.3 255.255.255.255

In this command:
• myinterface is the unnumbered interface name.
• 192.168.101.3 is the router id. The router id must be set to the IP address of
one of the router’s normal interfaces. The main use of the router id is as the source
address for packets sent on an unnumbered interface from local applications or
68 Chapter 4 – IP

routing protocols. Router IDs are described in RFC1812 “Requirements for IP v4

Routers”.
• 255.255.255.255 is a special subnet mask that identifies an unnumbered
interface and distinguishes it from any other type of interface.
You must also add a route before your unnumbered interface can send packets.

Creating a route
Because an unnumbered interface does not have a local subnet associated with it, no
packets can be routed to an unnumbered interface until a route is added. Let us just
consider how this is done.
Usually, for ethernet interface, routes are added with a gateway to be used for a
particular destination.
For example:

ip add route myroute 10.0.0.0 255.0.0.0 gateway 192.168.101.10

This means that all packets for the 10.0.0.0 subnet will be sent to the address
192.168.101.10 as their next hop. The gateway must be reachable directly, so
192.168.101.10 must be on a subnet served by one of the local interfaces.
But, for point-to-point links, you can add a route through the interface, without
specifying a gateway address, for example:

ip add route myroute 10.0.0.0 255.0.0.0 interface myinterface

All packets for the specified destination will be sent via the unnumbered interface
called myinterface. This type of route can be used for all interfaces with point-to-
point links, not just unnumbered interfaces.

Virtual Interfaces
Usually, each transport only has one router interface associated with it,and each
router interface has only one IP address and local subnet associated with.
Virtual interfaces allow you to attach more than one IP interface to the same
transport. Secondary IP addresses allow you to associate more than one IP address
with the same IP interface. Together, these features allow many configurations
which would not otherwise be possible.
Virtual interfaces allow you to create multiple router interfaces on the same
transport, for example, on the same Ethernet port. This allows the IP stack to
communicate with and route between multiple subnets existing on the same LAN.

Configuring virtual interfaces

To configure a virtual interface you need to create an IP interface, but instead of
attaching it to a transport, you need to attach it to a second IP interface that already
has a transport attached to it.
In this way, the two interfaces share the transport that is only attached to one of the
interfaces.
AT-RG 600 Residential Gateway – Software Reference Manual 69

The original interface attached directly to a transport is called the real interface, and
the interface that is attached to the real interface is called the virtual interface.
To configure a virtual interface using the CLI:
(i) Create the real interface, then create an Ethernet transport and attach the IP
interface to the transport:

ip add interface real_ip 192.168.101.2 255.255.255.0

ethernet add transport eth1 myvlan
ip attach real_ip eth1
(ii) Create the virtual interface:

ip add interface virtual_ip 192.168.50.10 255.255.255.0

(iii) Attach the virtual interface to the real interface:

ip attachvirtual virtual_ip real_ip

You can add more than one virtual interface to the same real interface.
Virtual interfaces are created by attaching them to a real interface instead of directly
to a transport. If the real interface is deleted, then all associated virtual interfaces are
detached automatically.

Similarities between virtual interfaces and real

interfaces
A virtual interface is similar to a real interface:
• virtual interfaces may be manipulated in the same way as real interfaces using the
CLI.
• the IP stack will route between virtual interfaces and real interfaces in the same
way that it routes between real interfaces.

Like real interfaces, virtual interfaces must have a unique subnet which does not
overlap with other interfaces. In order to have the router respond to more than
one IP address on the same subnet, secondary addresses must be used instead
of virtual interfaces.

Differences between virtual interfaces and real

interfaces
When the IP stack receives a packet from a transport that has associated virtual
interfaces, the IP stack must decide which interface the packet arrived on.
The source address of the incoming packet is compared with the subnet of each
virtual interface on that transport. If there is no match, the IP stack assumes that the
packet arrived on the real interface.
The interface that the packet arrived on is important in two scenarios:
• When the Firewall is in use - different rules (such as policies, portfilters and
validators) are configured between different interfaces, so you need to know
which interfaces the packet passes between.
70 Chapter 4 – IP

• Some applications are written to only respond to traffic received on a specific

interface. For example, DHCP server.
Because the traffic for all virtual interfaces is received in the same way as the real
interface, the only reasonable way of selecting an interface is based on source
address as described above. This means that:
• A virtual interface only receives packets with a source address matching its
interface subnet, providing packets arrive via the real interface that the virtual
interface is attached to.
• Packets that arrive with a source address that does not match a local subnet are
deemed to have been received on the real interface, even if the next hop would be
reached through the virtual interface when sending to that destination.
• Any packets from an unconfigured host, for example DHCP or BOOTP requests,
are deemed to be received on the real interface.

Remember that the source address of the packet can be spoofed by the sender,
therefore security-related decisions should not be based on the ability to
distinguish between virtual interfaces on the same transport.

Secondary IP addresses
Secondary IP addresses differ from virtual interfaces because there is no concept of a
separate local subnet associated with a secondary address.
The secondary addresses share the same subnet with the interface.
Secondary addresses therefore allow the IP stack to have more than one address on
the same subnet. After setting the main interface address, one or more additional
addresses on the same subnet can be added to the interface.

Configuring secondary IP addresses

You can create and configure secondary IP addresses using the CLI.
The following CLI commands allow you to create and configure secondary IP
addresses:

ip interface add secondaryipaddress

ip interface clear secondaryipaddresses
ip interface delete secondaryipaddress
ip interface list secondaryipaddresses

The ability to specify a subnet mask with a secondary address is superseded by

the functionality of virtual interfaces. You should use virtual interfaces instead.

Support for adding secondary IP addresses including subnet mask specification will
be withdrawn in a future software release.
AT-RG 600 Residential Gateway – Software Reference Manual 71

Functionality of secondary IP addresses

On Ethernet interfaces, secondary IP addresses must be on the same subnet as the
interface. Secondary addresses may be added to virtual interfaces, as well as real
interfaces.
On Point-to-Point links, secondary addresses may be added on a different subnet to
the main interface address. This will provide an additional address which the IP
stack will respond to for traffic arriving on that interface, but with no associated
local subnet.
This is similar to configuring a virtual interface as an unnumbered interface. This is
not a common configuration.

IP Quality of Service
The IP stack includes features which enable different levels of service to be provided
to different classes of routed traffic.
Currently, two traffic classes are offered:

• the Expedited traffic class

• the Default (or Best-effort) traffic class

Expedited class
The Expedited class differs in two ways from the default level of service:
• Lower packet loss; in overload conditions (where there is more traffic than the IP
stack can route) packets from the default traffic class will be dropped in
preference to packets from the expedited traffic class.
• Lower latency; network traffic tends to arrive in bursts; the IP stack ensures that
the latency of expedited traffic is reduced to a minimum by never queuing
packets in the expedited traffic class behind packets in the default traffic class.
These features are applicable to both forwarded and locally terminated traffic.

Example of use of Prioritization

• When forwarding traffic between interfaces where one or more interface has a
limited bandwidth, certain classes of traffic can be given priority over other types
of traffic.
The IP stack is routing traffic between a fast Ethernet LAN and a limited-
bandwidth WAN connection. One or more devices on the LAN wish to send
voice over IP (VoIP) traffic over the WAN connection. It is important that the
VoIP traffic has low packet loss and latency, even when other devices are also
sending traffic to the WAN connection at the same time. The IP stack can ensure
that the VoIP traffic is given preference to other types of traffic.
• The architecture of the IP stack can enable specially written local applications to
receive an enhanced level of service compared to other applications, and
compared to other classes or forwarded traffic For example, the Residential
72 Chapter 4 – IP

Gateway provides routing to a LAN as well as terminating VoIP traffic. The IP

stack can ensure that the VoIP application can send and receive packets with low
packet loss and low latency even in the presence of other routed traffic, or traffic
to other applications (like DHCP server, Firewall, etc).

Quality of Service support

There are three components to the Quality of Service support:
• packet classification
• link bandwidth prioritization
• CPU prioritization
Only packet classification can be configured by CLI.

Packet Classification
When the IP stack first receives a packet, it is passed to the classifier.
The classifier is also known as the Flow Qualifier.
The classifier’s job is to examine certain fields in each IP packet and assign a specific
Quality of Service Class to the packet. As mentioned before, there are currently two
Quality of Service Classes: Expedited and Default.
Packets are assumed to be in the Default class unless they match a specific rule
added to the classifier.
Each rule states that values must be present in fields in order for the packet to be
classified as Expedited. The following fields can be examined:
• the TOS (Type of Service) / DS (Differentiated Services) field in the IP header. This
field may be set by the IP stack originating the packet if the application has
requested it, or by a previous router which has already classified the packets and
marked them using this field.
• The IP Protocol, or the IP Protocol and TCP/UDP source and/or destination port
numbers. In cases where the packets cannot be identified by their TOS/DS field,
rules may be added to identify certain traffic sent to or from certain applications
by the TCP or UDP source and/or destination port numbers, or just by IP
protocols.
• The source IP address. This is usually used in conjunction with the fields
described above. For example, when used in conjunction with checking the
TOS/DS field, this would ensure that only certain hosts could receive expedited
service, other hosts would be ignored even if they set the correct values in the
TOS/DS field.
Rules are added to the classifier separately for each IP Interface. The classifier
configuration on an interface only affects packets arriving on that interface, not
packets forwarded to that interface.

Configuring Flow Qualifiers

To create and configure qualifier rules using the CLI, use the commands described
in this section.
AT-RG 600 Residential Gateway – Software Reference Manual 73

To classify packets based on a specified protocol, use the following command. If the
protocol you specify is TCP or UDP, you can also base the flow qualifier on the
source and destination port of incoming packets:

ip interface add fq protocol

You can also classify packets based on the protocol and the source address of
incoming packets, using:

ip interface add fq srcaddr protocol

To classify packets based on both the source address of incoming packets, and the
DS (Differentiated Services) codepoint field of each IP packet header, use the
command:

ip interface add fq srcaddr codepoint

To classify packets based on the DS (Differentiated Services) field only, use the
command:

ip interface add fq codepoint

Once you have created flow qualifier rules, you can configure them using the
following CLI commands:

ip interface clear fqs

ip interface delete fq
ip interface list fqs

Link bandwidth prioritization

If you are routing from an interface on a high speed link, such as Ethernet, to an
interface on a low speed link, such as DSL, the router may forward more traffic from
the Ethernet interface to the DSL interface than can be transmitted.
When a packet is received, the classifier assigns a QoS class to it (Expedited or
Default). When the IP stack sends a packet to a device driver, it marks the packet
with a priority that is to be used during packet transmission. The QoS class
determines what priority the packet is given. The device driver itself is responsible
for prioritizing the transmission of packets.
The device driver will handle expedited traffic differently from default traffic in two
ways:
• When traffic is queued for transmission, expedited traffic must be queued ahead
of default traffic. This ensures that expedited traffic is not delayed by best-effort
traffic while awaiting transmission.
• When traffic is queued for transmission, the number of packets of default traffic
on the queue must be limited. This ensures that when default traffic is sent to the
interface faster than it can be transmitted, the default packets are discarded. This
is necessary in order to prevent the system from running out of buffers, which
would make them unavailable for use by expedited traffic.

CPU prioritization
The CPU resources of the system may be constrained in certain circumstances, for
example:
74 Chapter 4 – IP

• constrained throughput; the speed of the interfaces may be so fast that packets are
sent to the IP stack faster than it can route them. Under heavy traffic, the
throughput of the IP stack may be constrained by the amount of available
processing power.
• application resource requirements; other applications that run on the same processor
as the router may consume a significant amount of CPU (for example, if a user is
retrieving pages from the embedded webserver). Here, there may be enough CPU
to route all packets, but you do not want individual packets to be delayed while
another process is running, because this added latency would be apparent when
making VoIP calls.
To ensure that CPU resources are available to preferentially handle expedited
traffic, the system incorporates the following features:
• Process priorities; these are used to ensure that tasks handling expedited traffic run
at a higher priority than the rest of the system. For example, device drivers and
encapsulation protocols, certain parts of the IP stack, and local VoIP applications
run at a higher priority compared to the rest of the system.
• Division of tasks; The IP stack is split into separate tasks, with a division between:
• the part of the stack that quickly makes the routing decision and forwards
traffic between interfaces
• and the part of the stack which performs more lengthy but less time-critical
tasks (such as TCP, ICMP and ARP protocol processing).

This ensures lower latency for expedited traffic.

• Post-classification priority processing; after classification, packets are processed in
priority order within the forwarding path. This not only ensures that expedited
packets are still handled even under CPU overload conditions, but also reduces
the adverse effect on latency of best-effort traffic bursts that arrive immediately
before an expedited packet.
AT-RG 600 Residential Gateway – Software Reference Manual 75

TCP/IP Command Reference

This section describes the commands available on the Residential Gateway to
manage the TCP/IP module.

IP Tracing commands
You can carry out tracing in the IP stack using the following system commands:
• SYSTEM LOG ENABLE|DISABLE; enables/disables the tracing support output
for a specific module and category.
• SYSTEM LOG LIST; displays the tracing options for the modules available in the
current image.

IP CLI commands
The table below lists the IP commands provided by the CLI:
Command
IP ADD DEFAULTROUTE GATEWAY
IP ADD DEFAULTROUTE INTERFACE
IP ADD INTERFACE
IP ADD ROUTE
IP ATTACH
IP ATTACH VIRTUAL
IP CLEAR ARPENTRIES
IP CLEAR INTERFACES
IP CLEAR RIPROUTES
IP CLEAR ROUTES
IP DELETE INTERFACE
IP DELETE ROUTE
IP DETACH INTERFACE
IP INTERFACE ADD FQ CODEPOINT
IP INTERFACE ADD FQ PROTOCOL
IP INTERFACE ADD FQ SRCADDR CODEPOINT
IP INTERFACE ADD FQ SRCADDR PROTOCOL
IP INTERFACE ADD PROXYARPENTRY
IP INTERFACE ADD PROXYARPEXCLUSION
IP INTERFACE ADD SECONDARYIPADDRESS
IP INTERFACE CLEAR FQS
IP INTERFACE CLEAR PROXYARPENTRIES
76 Chapter 4 – IP

IP INTERFACE CLEAR SECONDARYIPADDRESS

IP INTERFACE DELETE FQ
IP INTERFACE DELETE PROXYARPENTRIES
IP INTERFACE DELETE PROXYARPEXCLUSION
IP INTERFACE DELETE
SECONDARYIPADDRESS
IP INTERFACE LIST FQS
IP INTERFACE LIST PROXYARPENTRIES
IP INTERFACE LIST SECONDARYIPADDRESSES
IP LIST ARPENTRIES
IP LIST CONNECTIONS
IP LIST INTERFACES
IP LIST RIPROUTES
IP LIST ROUTES
IP PING
IP SET INTERFACE DHCP
IP SET INTERFACE IPADDRESS
IP SET INTERFACE MTU
IP SET INTERFACE NETMASK
IP SET INTERFACE RIP ACCEPT
IP SET INTERFACE RIP MULTICAST
IP SET INTERFACE RIP SEND
IP SET INTERFACE TCPMSSCLAMP
IP SET INTERFACE RIP SEND
IP SET RIP ADVERTISEDEFAULT
IP SET RIP AUTHENTICATION
IP SET RIP DEFAULTROUTECOST
IP SET RIP HOSTROUTES
IP SET RIP PASSWORD
IP SET RIP POISON
IP SET ROUTE COST
IP SET ROUTE DESTINATION
IP SET ROUTE GATEWAY
IP SET ROUTE INTERFACE
IP SHOW
AT-RG 600 Residential Gateway – Software Reference Manual 77

IP SHOW DEBUGINFO
IP SHOW INTERFACE
IP SHOW ROUTE

IP ADD DEFAULTROUTE GATEWAY

Syntax IP ADD DEFAULTROUTE GATEWAY <gateway_ip>

Description This command creates a default route. It acts as a shortcut command that can be
used instead of typing the following:

ip add route default 0.0.0.0 0.0.0.0 gateway 192.168.103.3

It's possible to create only one default route.

A default route will not be created if a default route has already been created using
the IP ADD ROUTE command or the IP ADD DEFAULTROUTE INTERFACE command.
To have RIP advertise a default route with a default cost metric, see THE IP SET RIP
ADVERTISEDEFAULT and IP SET RIP DEFAULTROUTECOST commands.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable)

Option Description Default Value

The IP address of the gateway that this
gateway_ip route will use by default, displayed in the N/A
IPv4 format (e.g. 192.168.102.3)

Example --> ip add defaultroute gateway 192.168.103.3

See also IP ADDROUTE

IP ADD DEFAULT ROUTE INTERFACE

IP ADD DEFAULTROUTE INTERFACE

Syntax IP ADD DEFAULTROUTE INTERFACE <interface>

Description This command creates a default route. It acts as a shortcut command that can be
used instead of typing the following:

ip add route default 0.0.0.0 0.0.0.0 interface ip3

A default route will not be created if a default route has already been created
using the IP ADD ROUTE command or the IP ADD DEFAULTROUTE
INTERFACE command.
78 Chapter 4 – IP

To have RIP advertise a default route with a default cost metric, see the IP SET RIP
ADVERTISEDEFAULT and IP SET RIP DEFAULTROUTECOST commands.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable)

Option Description Default Value

The name of the existing interface that this

interface route will use. To display interface names, N/A
use the IP LIST INTERFACES command.

Example --> ip add defaultroute interface ip3

See also IP ADDROUTE

IP ADD DEFAULT ROUTE GATEWAY

IP ADD INTERFACE
Syntax IP ADD INTERFACE <name> [<ipaddress> <netmask>]

Description This command adds a named interface and optionally sets its IP address. The IP
address is not mandatory at this stage, but if it is not specified in this command, the
interface will be unconfigured. There are three ways that the IP address can be set
later:
• using the ip set interface ipaddress command
• it is possible to set the interface to obtain its configuration via Dynamic Host
Configuration Protocol (DHCP) using the IP SET INTERFACE DHCP ENABLED
command. By default, DHCP is disabled.
• the interface can obtain its IP configuration via PPP IPCP (Internet Protocol
Control Protocol) negotiation. See PPPoE CLI commands
The IP stack automatically creates a loopback interface for address 127.0.0.1 subnet
mask 255.255.255.0. This interface is not displayed by the IP LIST INTERFACES
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the IP
interface. It can be made up of one or more
name N/A
letters or a combination of letters and digits,
but it cannot start with a digit.
The IP address of the interface displayed in
the IPv4 format (e.g. 192.168.102.3)
ipaddress If the IP address is set to the special value 0.0.0.0
0.0.0.0, the interface is marked as
unconfigured. This value is used when the
AT-RG 600 Residential Gateway – Software Reference Manual 79

interface address is obtained automatically.

For unnumbered interface, the IP address
parameter is used to specify the router-id of
the interface. The router-id should be the
same as the IP address of one of the router's
numbered interfaces.
The netmask address of the interface
displayed in the IPv4 format (e.g.
255.255.255.0)
The special value 255.255.255.255 is used to
netmask indicate an unnumbered interface. An N/A
unnumbered interface is configured by
setting the IP address to the interface's
router-id value, and setting netmask to
255.255.255.255.

Example --> ip add interface ip1 192.168.103.3 255.255.255.0

See also IP ATTACH

IP SHOW INTERFACE
IP SET INTERFACE IPADDRESS
IP SET INTERFACE DHCP
For information on setting DHCP client configuration options, see DHCP Client CLI
commands.

IP ADD ROUTE
Syntax IP ADD ROUTE <name> <dest_ip> <netmask> {GATEWAY <gateway_ip> | INTERFACE
<interface>}

Description This command creates a static route to a destination network address via a gateway
device or an existing interface. It also allows the creation of a default route.

A default route will not be created if a default route has already been created
using the IP ADD ROUTE command or the IP ADD DEFAULTROUTE
INTERFACE command.

A route specifies a destination network (or single host), together with a mask to
indicate what range of addresses the network covers, and a next-hop gateway
address or interface. If there is a choice of routes for a destination, the route with the
most specific mask is chosen.
Routes are used when sending datagrams as well as forwarding them, so they are
not relevant only to routers. However, a system with a single interface is likely to
have a single route as a default route to the router on the network that it most often
needs to use. Route metric can only be set using the IP SET ROUTE COST
command.

Options The following table gives the range of values for each option which can be specified
80 Chapter 4 – IP

with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the route.
It can be made up of one or more letters or a
combination of letters and digits, but it
cannot start with a digit.
name N/A
To create a default static route to a
destination address, type default as the
route name. It's possible create one route
called default.
The IP address of the destination network
dest_ip displayed in the IPv4 format (e.g. N/A
192.168.102.3)
The destination netmask displayed in the
netmask N/A
IPv4 format (e.g. 255.255.255.0)
The IP address of the gateway that this
gateway_ip route will use, displayed in the IPv4 format N/A
(e.g. 192.168.102.3)
The name of the existing interface that this
interface route will use. To display interface names, N/A
use the IP LIST INTERFACES command.

Examples There are two examples in this section. Example 1 routes through a gateway.
Example 2 routes through an existing interface.

Example 1

--> ip add route route1 192.168.103.3 255.255.255.0 gateway 192.168.102.3

Example 2

--> ip add route route2 192.168.103.4 255.255.255.0 interface ip1

See also LIST INTERFACES

IP ATTACH
Syntax IP ATTACH {<name>|<number>} <transport>

Description This command attaches an existing IP interface to an existing transport (i.e. a

VLAN) so that data can be transported via the selected transport.
This command implicitly enables the transport being attached, i.e. IP frames passing
through the VLAN used as transport could reach the system main processor.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 81

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
A name that identifies an existing transport
(i.e. VLAN).
transport N/A
To show the existing transports, use the
TRANSPORT LIST command.

Example In the example below, voip is the name of an ethernet transport created using the
ETHERNET ADD TRANSPORT command:

--> ip attach ip1 voip

See also IP ADD INTERFACE

IP LIST INTERFACES

IP ATTACHVIRTUAL
Syntax IP ATTACHVIRTUAL {<name>|<number>} <real_interface>

Description This command creates a virtual interface. The virtual interface is associated with a
‘real’ IP interface that has already been attached to a transport using the IP
ATTACH command. You can attach multiple virtual interfaces to one ‘real’ IP
interface.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
interface that will be the virtual interface.
The IP interface should not have a transport
name N/A
attached to it. To display the interface
names, use the IP LIST INTERFACES
command.
A number that identifies an existing IP
interface that will be the virtual interface.
The IP interface should not have a transport
number attached to it. To display interface numbers, N/A
use the IP LIST INTERFACES command.
The number appears in the first column
under the heading ID.
82 Chapter 4 – IP

A name that identifies an existing IP

interface. This is the ‘Real’ interface that the
virtual interface will be associated with.
Real_interface N/A
This interface must already be attached to a
transport. To display the interface names,
use the IP LIST INTERFACES command.

Example --> ip attachvirtual ip_virtual ip_real

See also IP LIST INTERFACES

IP CLEAR ARPENTRIES
Syntax IP CLEAR ARPENTRIES

Description This command clears all ARP entries listed in the IP ARP table.

Example --> ip clear arpentries

IP CLEAR INTERFACES
Syntax IP CLEAR INTERFACES

Description This command clears all IP interfaces that were created using the IP ADD
INTERFACE command.

Example --> ip clear interfaces

See also IP DELETE INTERFACE

IP CLEAR RIPROUTES
Syntax IP CLEAR RIPROUTES

Description This command deletes all the existing dynamic routes that have been obtained from
RIP. It does not delete the static routes; see the IP CLEAR ROUTES command.

Example --> ip clear riproutes

See also IP CLEAR ROUTES

IP SET RIP HOSTROUTES
IP SET INTERFACE RIP ACCEPT
IP SET INTERFACE RIP SEND

IP CLEAR ROUTES
Syntax IP CLEAR ROUTES
AT-RG 600 Residential Gateway – Software Reference Manual 83

Description This command clears all static routes that were created using the IP ADD ROUTE
command.

Example --> ip clear routes

See also IP DELETE ROUTE

IP DELETE INTERFACE
Syntax IP DELETE INTERFACE {<name>|<number>}

Description This command deletes a single IP interface that was created using the IP ADD
INTERFACE command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.

Example --> ip delete interface ip1

See also IP CLEAR INTERFACES

IP LIST INTERFACES

IP DELETE ROUTE
Syntax IP DELETE ROUTE {<name>|<number>}

Description This command deletes a single route that was created using the IP ADD ROUTE
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing route. To
name display route names, use the IP LIST N/A
ROUTES command.
number A number that identifies an existing route. N/A
84 Chapter 4 – IP

To display route numbers, use the IP LIST

ROUTES command. The number appears in
the first column under the heading ID.

Example --> ip delete route route1

See also IP LIST ROUTES

IP DETACH INTERFACE
Syntax IP DETACH {<name>|<number>}

Description This command detaches an IP interface from a transport (i.e. a VLAN) where it was
previously attached using the IP ATTACH INTERFACE command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.

Example --> ip detach ip1

See also IP LIST INTERFACES

IP INTERFACE ADD FQ CODEPOINT

Syntax IP INTERFACE {<name>|<number>} ADD FQ <fqname> CODEPOINT <ds_codepoint>

Description This command adds a flow qualifier rule that classifies IP packets based on the DS
(Differentiated Services) codepoint field of the IP packet header. Incoming packets
that match this rule are given a higher quality of service (qos) value, which allows
them to be handled at a higher priority than other packets that do not match this
rule.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

name A name that identifies an existing IP N/A

AT-RG 600 Residential Gateway – Software Reference Manual 85

interface. To display interface names, use

the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
An arbitrary name that identifies the flow
qualifier (fq). It can be made up of one or
more letters or a combination of letters and
fqname digits, but it cannot start with a digit. N/A
A flow qualifier is a rule that allows you to
select a quality of service value to assign to
an incoming packet.
A codepoint is a 6 digit binary number set
in the DS (Differentiated Services) field of
the IP packet header. DS RFCs defines
recommended DS codepoint values for
ds_codepoint N/A
various PHBs (Per Hop Behaviors). The
PHB supported here is Expedited
Forwarding, which recommends a
codepoint of 101110.

Example --> ip interface ip1 add fq myfq codepoint 101110

See also IP LIST INTERFACES

IP INTERFACE LIST FQS

IP INTERFACE ADD FQ PROTOCOL

Syntax IP INTERFACE {<name>|<number>} ADD FQ <fqname> PROTOCOL {<proto> | TCP
[<srcport>] [<dstport>] | UDP [<srcport>] [<dstport>]}

Description This command adds a flow qualifier rule that classifies IP packets based on the
specified protocol. If the protocol specified is TCP or UDP, you can also specify the
protocol source and destination port. Incoming packets that match this rule are
given a higher quality of service (qos) value, which allows them to be handled at a
higher priority than other packets that do not match this rule.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
number A number that identifies an existing IP N/A
86 Chapter 4 – IP

interface. To display interface numbers, use

the IP LIST INTERFACES command. The
number appears in the first column under
the heading ID.
An arbitrary name that identifies the flow
qualifier (fq). It can be made up of one or
more letters or a combination of letters and
fqname digits, but it cannot start with a digit. N/A
A flow qualifier is a rule that allows you to
select a quality of service value to assign to
an incoming packet.
The protocol type that you want to classify.
The protocol can be TCP, UDP, ICMP, GRE
proto N/A
or any numeric value.
For a list of protocol numbers, see RFC1700
The source port of incoming packets. This is
only used if you have set TCP or UDP as the
srcport N/A
fq protocol. If you set this to 0, packets
arriving from any port are classified.
The destination port of incoming packets.
This is only used if you have set TCP or
dstport N/A
UDP as the fq protocol. If you set this to 0,
packets destined for any port are classified.

Example
To prioritise TCP packets with source port 50000 and dest port 80

--> ip interface ip1 add fq myfq1 protocol tcp 50000 80

--> ip interface ip3 add fq myfq1 protocol udp 0 5001

See also IP LIST INTERFACES

IP INTERFACE LIST FQS

IP INTERFACE ADD FQ SRCADDR CODEPOINT

Syntax IP INTERFACE {<name>|<number>} ADD FQ <fqname> SRCADDR <srcaddr>
CODEPOINT <ds_codepoint>

Description This command adds a flow qualifier rule that classifies IP packets based on both the
source IP address of incoming packets, and the DS (Differentiated Services)
codepoint field of each IP packet header.
Incoming packets that match this rule are given a higher quality of service (qos)
value, which allows them to be handled at a higher priority than other packets that
do not match this rule.
AT-RG 600 Residential Gateway – Software Reference Manual 87

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
An arbitrary name that identifies the flow
qualifier (fq). It can be made up of one or
more letters or a combination of letters and
fqname digits, but it cannot start with a digit. N/A
A flow qualifier is a rule that allows you to
select a quality of service value to assign to
an incoming packet.
The IP address that will be compared
srcaddr against the source IP address of incoming
N/A
packets, displayed in the following format:
192.168.102.3
A codepoint is a 6 digit binary number set
in the DS (Differentiated Services) field of
the IP packet header. DS RFCs define
ds_codepoint
recommended DS codepoint values for N/A
various PHBs (Per Hop Behaviors). The
PHB supported here is Expedited Forwarding,
which recommends a codepoint of 101110.

Example --> ip interface ip1 add fq myfq1 srcaddr 192.168.101.2 codepoint 101110

See also IP LIST INTERFACES

IP INTERFACE LIST FQS

IP INTERFACE ADD FQ SRCADDR PROTOCOL

Syntax IP INTERFACE {<name>|<number>} ADD FQ <fqname> SRCADDR <srcaddr>
PROTOCOL {<proto> | TCP <srcport> <dstport> | UDP <srcport> <dstport>}

Description This command adds a flow qualifier rule that classifies IP packets based on the
source address and protocol of the packet. If the protocol specified is TCP or UDP,
you can also specify the protocol source and destination port. Incoming packets that
match this rule are given a higher quality of service (qos) value, which allows them
to be handled at a higher priority than other packets that do not match this rule.
88 Chapter 4 – IP

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP interface. To
name display interface names, use the IP LIST N/A
INTERFACES command.
A number that identifies an existing IP interface.
To display interface numbers, use the IP LIST
number N/A
INTERFACES command. The number appears
in the first column under the heading ID.

An arbitrary name that identifies the flow

qualifier (fq). It can be made up of one or more
letters or a combination of letters and digits, but
fqname it cannot start with a digit. N/A
A flow qualifier is a rule that allows you to select
a quality of service value to assign to an
incoming packet.

The IP address that will be compared against the

source IP address of incoming packets, displayed
srcaddr N/A
in the following format:
192.168.102.3

The protocol type that you want to classify. The

protocol can be TCP, UDP, ICMP, GRE or any
proto N/A
numeric value.
For a list of protocol numbers, RFC1700.

The source port of incoming packets. This is only

used if you have set TCP or UDP as the fq
srcport 0
protocol. If you set this to 0, packets arriving
from any port are classified.

The destination port of incoming packets. This is

only used if you have set TCP or UDP as the fq
dstport 0
protocol. If you set this to 0, packets destined for
any port are classified.

Example
To prioritise TCP packets from 192.168.101.2, with source port 50000 and destport 80

--> ip interface ip1 add fq fq1 srcaddr 192.168.101.2 protocol

tcp 50000 80

See also IP LIST INTERFACES

IP INTERFACE LIST FQS

IP INTERFACE ADD PROXYARPENTRY

Syntax IP INTERFACE {<name>|<number>} ADD PROXYARPENTRY <ipaddress> [<netmask>]
AT-RG 600 Residential Gateway – Software Reference Manual 89

Description This command configures proxy ARP functionality on an existing IP interface. This
means that an interface responds to ARP requests for both its own address and for
any address that has been configured as a proxy ARP address.
You can configure proxy ARP functionality on a single address or a range of
addresses. Once you have configured a range of proxy ARP interfaces, you can set
one or more addresses in the range to NOT respond to proxy ARP using the IP
INTERFACE ADD PROXYARPEXCLUSION command.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP interface. To
name display interface names, use the IP LIST N/A
INTERFACES command.
A number that identifies an existing IP interface.
To display interface numbers, use the IP LIST
number N/A
INTERFACES command. The number appears
in the first column under the heading ID.

The IP address (or range of addresses) of the

address for which you wish to make proxy ARP
ipaddress N/A
replies, displayed in the IPv4 format (e.g.
192.168.102.3)

The netmask of the subnet for which you wish to

netmask make proxy ARP replies, displayed in the IPv4 N/A
format: (e.g. 255.255.255.0)

Example The following command adds proxy ARP support to the entire subnet 192.168.100.0:
--> ip interface ip1 add proxyarpentry 192.168.100.0 255.255.255.0

See also IP INTERFACE ADD PROXYARPEXCLUSION

IP INTERFACE LIST PROXYARPENTRIES

IP INTERFACE ADD PROXYARPEXCLUSION

Syntax IP INTERFACE {<name>|<number>} ADD PROXYARPEXCLUSION <ipaddress>
[<netmask>]

Description This command configures proxy ARP exclusion functionality on an existing IP

interface. This means that once you have configured an interface with a range of
proxy ARP addresses, you can set one or more addresses in the range to NOT
respond with proxy ARP.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

90 Chapter 4 – IP

A name that identifies an existing IP interface. To

name display interface names, use the IP LIST N/A
INTERFACES command.
A number that identifies an existing IP interface.
To display interface numbers, use the IP LIST
number N/A
INTERFACES command. The number appears
in the first column under the heading ID.

The IP address (or range of addresses) that you

ipaddress want to set as a proxy ARP exclusion entry, N/A
displayed in the IPv4 format (e.g. 192.168.102.3)

The netmask of the subnet you wish to exclude

netmask from proxy ARP, displayed in the IPv4 format N/A
(e.g. 255.255.255.0)

Example The first command below adds proxy ARP support to the subnet 192.168.100.0 . The
second command excludes proxy ARP support from 192.168.100.10 /
255.255.255.254:

--> ip interface ip1 add proxyarpentry 192.168.100.0 255.255.255.0

--> ip interface ip1 add proxyarpexclusion 192.168.100.10 255.255.255.254
This means that the Residential Gateway will make proxy ARP responses for the
entire subnet 192.168.100.0 / 255.255.255.0, EXCEPT for addresses 192.168.100.10 and
192.168.100.11.

See also IP INTERFACE ADD PROXYARPENTRY

IP INTERFACE LIST PROXYARPENTRIES

IP INTERFACE ADD SECONDARYIPADDRESS

Syntax IP INTERFACE {<name>|<number>} ADD SECONDARYIPADDRESS <ipaddress>
[<netmask>]

Description This command adds a secondary IP address to an existing IP interface. A secondary

address may be used to create an extra IP address on an interface for management
purposes, or to allow the IP stack to route between two subnets on the same
interface.
The functionality of secondary IP addresses depends on several parameters
including the type of IP interface and the netmask:
• if a secondary address is on the same subnet as the primary interface address, you
do not need to specify a subnet mask for that secondary address. This applies to
all interface types.

The ability to specify a subnet mask with a secondary address is superseded by

the functionality of virtual interfaces. You should use virtual interfaces instead.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 91

Option Description Default Value

name A name that identifies an existing IP
interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
The netmask of the secondary IP address
displayed in the Iov4 format (e.g.
255.255.255.0)
netmask N/A
To display the secondary IP addresses, use
the IP INTERFACE LIST
SECONDARYIPADDRESSES command.
A secondary IP address that you want to
add to the main IP interface. You can add
any number of secondary IP addresses. The
IP address is displayed in the IPv4 format
ipaddress N/A
(e.g. 192.168.102.3)
To display the secondary IP addresses, use
the IP INTERFACE LIST
SECONDARYIPADDRESSES command.

Example --> ip interface ip1 add secondaryipaddress 192.168.102.3

255.255.255.0

See also IP LIST INTERFACES

IP INTERFACE LIST SECONDARYIPADDRESSES

IP INTERFACE CLEAR FQS

Syntax IP INTERFACE {<name>|<number>} CLEAR FQS

Description This command deletes all flow qualifiers that have been added to an existing IP
interface using the IP INTERFACE ADD FQ commands.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
number interface. To display interface numbers, use N/A
the IP LIST INTERFACES command. The
92 Chapter 4 – IP

number appears in the first column under

the heading ID.

Example --> ip interface ip1 clear fqs

See also IP LIST INTERFACES

IP INTERFACE DELETE FQ

IP INTERFACE CLEAR PROXYARPENTRIES

Syntax IP INTERFACE {<name>|<number>} CLEAR PROXYARPENTRIES

Description This command clears all proxy arp entries and exclusions that were created using
the IP INTERFACE ADD PROXYARPENTRY and IP INTERFACE ADD
PROXYARPEXCLUSION commands.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.

Example --> ip interface ip1 clear proxyarpentries

See also IP INTERFACE ADD PROXYARPENTRY

IP INTERFACE ADD PROXYARPEXCLUSION

IP INTERFACE CLEAR SECONDARYIPADDRESSES

Syntax IP INTERFACE {<name>|<number>} CLEAR SECONDARYIPADDRESSES

Description This command deletes all additional IP addresses that have been added to an
existing IP interface using the IP INTERFACE ADD SECONDARYIPADDRESS
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

AT-RG 600 Residential Gateway – Software Reference Manual 93

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.

Example --> ip interface ip1 clear secondaryipaddresses

See also IP LIST INTERFACES

IP INTERFACE ADD SECONDARYIPADDRESS
IP INTERFACE DELETE SECONDARYIPADDRESS
IP INTERFACE LIST SECONDARYIPADDRESSES

IP INTERFACE DELETE FQ
Syntax IP INTERFACE {<name>|<number>} DELETE FQ <fqname>

Description This command deletes a single flow qualifier that has been added to an existing IP
interface using the IP INTERFACE ADD FQ commands.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
A name that identifies the flow qualifier (fq). To
fqname display flow qualifier names, use the IP N/A
INTERFACE LIST FQS command.

Example --> ip interface ip1 delete fq myfq

See also IP LIST INTERFACES

IP INTERFACE LIST FQS
94 Chapter 4 – IP

IP INTERFACE DELETE PROXYARPENTRIES

Syntax IP INTERFACE {<name>|<number>} DELETE PROXYARPENTRIES <entrynumber>

Description This command deletes a single proxy arp entry that was created using the IP
INTERFACE ADD PROXYARPENTRY command.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
A number that identifies an existing
ProxyArp entry on this IP interface. To
display entry numbers, use the IP
entrynumber N/A
INTERFACE LIST PROXYARPENTRIES
command. The number appears in the first
column under the heading ID.

Example --> ip interface ip1 delete proxyarpentry 1

See also IP INTERFACE ADD PROXYARPENTRY

IP INTERFACE LIST PROXYARPENTRIES

IP INTERFACE DELETE PROXYARPEXCLUSION

Syntax IP INTERFACE {<name>|<number>} DELETE PROXYARPEXCLUSION <entrynumber>

Description This command deletes a single proxy arp exclusion entry that was created using the
IP INTERFACE ADD PROXYARPEXCLUSION command.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
AT-RG 600 Residential Gateway – Software Reference Manual 95

A number that identifies an existing IP

interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
A number that identifies an existing
ProxyArpExclusion entry on this IP
interface. To display entry numbers, use the
entrynumber N/A
IP INTERFACE LIST PROXYARPENTRIES
command. The number appears in the first
column under the heading ID.

Example --> ip interface ip1 delete proxyarpexclusion 2

See also IP INTERFACE ADD PROXYARPEXCLUSION

IP INTERFACE LIST PROXYARPENTRIES

IP INTERFACE DELETE SECONDARYIPADDRESS

Syntax IP INTERFACE {<name>|<number>} DELETE SECONDARYIPADDRESS
<secondaryipaddress number>

Description This command deletes a single secondary IP address that has previously been
added to an existing IP interface using the IP INTERFACE ADD
SECONDARYIPADDRESS command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
The number that identifies a secondary IP
address that you want to delete from the
secondary main IP interface. To display secondary IP
ipaddress address numbers, use the IP INTERFACE N/A
number LIST SECONDARYIPADDRESSES
command. The number appears in the first
column under the heading ID.

Example --> ip interface ip1 delete secondaryipaddress 1

96 Chapter 4 – IP

See also IP LIST INTERFACES

IP INTERFACE LIST SECONDARYIPADDRESSES

IP INTERFACE LIST FQS

Syntax IP INTERFACE {<name>|<number>} LIST FQS

Description This command lists all flow qualifiers that have been added to an existing IP
interface using the IP INTERFACE ADD FQS command.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.

Example --> ip interface ip1 list fqs

Flow Qualifiers for interface: ip1

ID | Name | Src IP Address | Proto | Src Port | Dst Port | ds
---|------|----------------|-------|----------|----------|-------
1 | fq1 | 192.168.101.2 | tcp | 50000 | 80 |101110
-----------------------------------------------------------------

IP INTERFACE LIST PROXYARPENTRIES

Syntax IP INTERFACE {<name>|<number>} LIST PROXYARPENTRIES

Description This command displays information about proxy arp entries and exclusions that
were created using the IP INTERFACE ADD PROXYARPENTRY and IP
INTERFACE ADD PROXYARPEXCLUSION commands.
The following information are displayed:
• interface ID numbers
• IP address and netmask of proxy ARP entries and exclusions
• Exclusion status; true for exclusions, false for inclusions

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 97

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.

Example --> ip interface ip1 list proxyarpentries

ID | IP Address | Netmask | Exclude

---|---------------|----------------|----------
1 | 192.168.100.0 | 255.255.255.0 | false
2 | 192.168.100.8 | 255.255.255.254| true
-----------------------------------------------

IP INTERFACE LIST SECONDARYIPADDRESSES

Syntax IP INTERFACE {<name>|<number>} LIST SECONDARYIPADDRESSES

Description This command lists the secondary IP addresses that have been added to an existing
IP interface using the IP INTERFACE ADD SECONDARYIPADDRESS command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.

Example In the example output below, secondary IP addresses without netmasks associated
with them appear as 0.0.0.0 by default.

--> ip interface ip1 list secondaryipaddresses

ID | IP Address | Netmask
-----|-----------------------------------
1 | 192.168.104.6 | 255.255.255.0
2 | 192.168.103.4 | 255.255.255.0
3 | 192.168.103.2 | 255.255.255.0
-----------------------------------------
98 Chapter 4 – IP

See also IP LIST INTERFACES

IP LIST INTERFACE SECONDARYIPADDRESS

IP LIST ARPENTRIES
Syntax IP LIST ARPENTRIES

Description This command displays the ARP table, which lists the following information:
• IP addresses and corresponding MAC addresses obtained by ARP.
• IP interface on which the host is connected
• Static status - `no' for dynamically generated ARP entries; `yes' for static entries
added by the user.

Example --> ip list arpentries

IP ARP table entries:

IP address | MAC address | Interface | Static

-----------------|-------------------|--------------|--------
10.10.10.10 | 00:20:2b:e0:03:87 | 3 | no
-----------------|-------------------|--------------|--------
20.20.20.20 | 00:20:2b:03:0a:72 | 2 | no
-----------------|-------------------|--------------|--------
30.30.30.30 | 00:20:2b:03:09:c4 | 1 | no
-------------------------------------------------------------

IP LIST CONNECTIONS
Syntax IP LIST CONNECTIONS

Description This command lists the active TCP/UDP connections in use by applications running
on the device. It displays the following information:
• Protocol type (TCP or UDP)
• Local connection address and port number
• Remote connection address and port number
• Connection state for TCP connections
This command does not show raw socket connections or UDP connections opened
internally within the IP stack.

Example The example below shows an active telnet connection, and the listen sockets of the
WebServer, TFTP server and SNMP:
--> ip list connections

Local TCP/UDP connections:

Proto | Local address | Remote address | State
-------|------------------------|------------------------|------------
tcp | 192.168.91.19:23 | 192.168.91.18:1080 | ESTABLISHED
tcp | *:80 | *:* | LISTEN
udp | *:69 | *:* |
udp | *:161 | *:* |
AT-RG 600 Residential Gateway – Software Reference Manual 99

----------------------------------------------------------------------

IP LIST INTERFACES
Syntax IP LIST INTERFACES

Description This command lists information about IP interfaces that were added using the ip add
interface command. The following information is displayed:

• interface ID numbers
• interface names
• IP addresses (if previously specified)
• DHCP status
• Whether a transport is attached to the interface, and if so, the name of the
transport
• Whether a virtual interface is attached to a real interface. The name of the
attached virtual interface is displayed in the Transport column in square brackets,
for example [ip2]

Example --> ip list interfaces

IP Interfaces:
ID | Name | IP Address | DHCP | Transport
-----|--------------|------------------|----------|---------------
1 | ppp_device | 192.168.102.2 | disabled | pppoe1
2 | ip0 | 192.168.1.1 | disabled | default
------------------------------------------------------------------

See also IP SHOW INTERFACE

IP SET INTERFACE DHCP

IP LIST RIPROUTES
Syntax IP LIST RIPROUTES

Description This command lists information about the routes that have been obtained from RIP.
It displays the following information:
• destination IP addresses
• destination netmask
• gateway address
• cost - The number of hops counted as the cost of the route.
• timeout - the number of seconds that this RIP route will remain in the routing
table unless updated by RIP.
• source interface - the name of the existing interface that this route uses

Example --> ip list riproutes

100 Chapter 4 – IP

IP RIP routes:
Destination | Mask | Gateway | Cost | Time | Source
---------------|---------------|-----------------|------|------|-------
192.168.101.1 | 255.255.255.0 | 10.10.10.10 | 1 | 3000 | ip2
-----------------------------------------------------------------------

See also IP SET RIP HOSTROUTES

IP SET INTERFACE RIP ACCEPT
IP SET INTERFACE RIP SEND

IP LIST ROUTES
Syntax IP LIST ROUTES

Description This command lists information about existing routes. It displays the following
information:
• route ID numbers
• route names
• destination IP addresses (if previously specified)
• destination netmask address (if previously specified)
• Either the gateway address or the name of the destination interface (whichever is
set)

Example --> ip list routes

IP routes:

ID | Name | Destination | Netmask | Gateway/Interface

-----|----------|------------------|------------------|-----------------
2 | route2 | 192.168.102.3 | 255.255.255.0 | ip1
1 | route1 | 192.168.50.50 | 255.255.255.0 | 192.168.68.68
-----------------------------------------------------------------------

See also IP SHOW ROUTE

IP PING
Syntax IP PING <dest-ip>

Description This command pings a specified destination IP address.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The IP address of the destination machine
dest-ip N/A
that you want to ping, displayed in the IPv4
AT-RG 600 Residential Gateway – Software Reference Manual 101

format (192.168.102.3)

Example --> ip ping 192.168.102.3

ip: ping - reply received from 192.168.102.3
If ping was unsuccessful, the following output is displayed:

ip: ping - no reply received.

IP SET INTERFACE DHCP

Syntax IP SET INTERFACE {<name>|<number>} DHCP {ENABLED|DISABLED}

Description This command specifies whether a named interface should obtain its configuration
via DHCP.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
The interface obtains its configuration
enabled
information from DHCP client.
disabled
The interface does not use DHCP client
disabled
configuration information.

Example --> ip set interface ip2 dhcp enabled

See also IP SET INTERFACE IPADDRESS

IP SET INTERFACE MTU

IP LIST INTERFACES
For information on setting DHCP client configuration options, see DHCP Client CLI
commands.

IP SET INTERFACE IPADDRESS

Syntax IP SET INTERFACE {<name>|<number>} IPADDRESS <ipaddress> [<netmask>]

Description This command sets the IP address for an existing IP interface.

102 Chapter 4 – IP

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
The IP address of the interface displayed in
the following IPv4 format (e.g.
192.168.102.3)
If the IP address is set to the special value
0.0.0.0, the interface is marked as
unconfigured. This value is used when the
ip address 0.0.0.0
interface address is obtained automatically.
For unnumbered interfaces, the IP address
parameter is used to specify the router-id of
the interface. The router-id should be the
same as the IP address of one of the router's
numbered interfaces.
The netmask of the interface displayed in
the IPv4 format (e.g. 255.255.255.0)
If no netmask is
The special value 255.255.255.255 is used to
supplied, the
indicate an unnumbered interface.
netmask natural mask of
An unnumbered interface is configured by
the IP address is
setting the IP address to the interface's
used.
router-id value, and setting netmask to
255.255.255.255.

Example --> ip set interface ip4 ipaddress 192.168.102.3 255.255.255.0

See also IP SET INTERFACE MTU

IP SET INTERFACE DHCP
IP LIST INTERFACES

IP SET INTERFACE MTU

Syntax IP SET INTERFACE {<name>|<number>} MTU <mtu>

Description This command sets the MTU (Maximum Transmission Unit) for an existing IP
interface.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 103

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
Maximum Transmission Unit: maximum
packet size (in bytes) that an interface can
handle. The MTU should be set to a value
appropriate for the transport attached to the
mtu interface (typically from 576 to 1500 bytes). 1500
For example, Ethernet and most other
transports support an MTU of 1500 bytes,
whereas PPPoE supports an MTU of 1492
bytes.

Example --> ip set interface ip2 mtu 800

See also IP SET INTERFACE IPADDRESS

IP SET INTERFACE DHCP
IP LIST INTERFACES

IP SET INTERFACE NETMASK

Syntax IP SET INTERFACE {<name>|<number>} netmask

Description This command sets the netmask for an existing IP interface.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP interface. To
name display interface names, use the IP LIST N/A
INTERFACES command
A number that identifies an existing IP interface.
To display interface numbers, use the IP LIST
number N/A
INTERFACES command. The number appears
in the first column under the heading ID.
104 Chapter 4 – IP

The netmask of the interface displayed in the

IPv4 format (e.g. 255.255.255.0)
The special value 255.255.255.255 is used to
netmask indicate an unnumbered interface. N/A
An unnumbered interface is configured by
setting the IP address to the interface’s router-id
value, and setting netmask to 255.255.255.255.

Example --> ip set interface ip6 netmask 255.255.255.0

See also IP SET INTERFACE IPADDRESS

IP LIST INTERFACES

IP SET INTERFACE RIP ACCEPT

Syntax IP SET INTERFACE {<name>|<number>} RIP ACCEPT {NONE|V1|V2|ALL}

Description This command specifies whether or not an existing interface accepts RIP messages.
You can specify what version of RIP messages are accepted by the interface.
When receiving RIP v1 messages, the IP stack tries to use the information it has
available to determine the appropriate subnet mask for the addresses received.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACE command. The N/A
number appears in the first column under
the heading ID.
NONE The interface does not accept RIP messages.
The interface only accepts RIP version 1
V1
messages (RFC1058).
The interface only accepts RIP version 2 none
V2
messages (RFC1723).
The interface accepts RIP version 1
ALL (RFC1058) and RIP version 2 (RFC1723)
messages.

Example --> ip set interface ip3 rip accept none

See also IP SET INTERFACE RIP SEND

IP SET INTERFACE RIP MULTICAST
AT-RG 600 Residential Gateway – Software Reference Manual 105

IP SET RIP HOSTROUTES

IP SET RIP POISON
IP SHOW
IP LIST INTERFACES

IP SET INTERFACE RIP MULTICAST

Syntax IP SET INTERFACE {<name>|<number>} RIP MULTICAST {ENABLED |
DISABLED}

Description This command allows you to enable/disable whether RIP version 2 messages are
sent via multicast.
RIP version 2 messages sent via multicast are only received by the hosts on the
network that are configured to listen to the RIP v2 multicast address. If this
command is disabled, RIP version 2 messages are sent via broadcast and are
received by all the hosts on the network.
You need to set RIP to send v2 messages using the IP SET INTERFACE RIP SEND
command in order for the IP SET INTERFACE RIP MULTICAST ENABLED
command to send version 2 messages via multicast.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
Allows RIP version 2 messages to be sent
ENABLED
via multicast.
disabled
Disables RIP version 2 messages being sent
DISABLED via multicast. Messages are sent via
broadcast instead.

Example --> ip set interface ip1 rip multicast enabled

See also IP LIST INTERFACES

IP SET INTERFACE RIP SEND

IP SET INTERFACE RIP SEND

Syntax IP SET INTERFACE {<name>|<number>} RIP SEND {NONE|V1|V2|ALL}
106 Chapter 4 – IP

Description This command specifies whether or not an existing interface can send RIP messages.
You can specify which version of RIP messages will broadcast routing information
on the interface. Routing information is broadcast every 30 seconds or when the RIP
routing table is changed.

RIP version 1 does not allow specification of subnet masks; a RIP version 1 route
that appears to be to an individual host might in fact be to a subnet, and treating
it as a route to the whole network may be the best way to make use of the
information.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.
NONE The interface does not accept RIP messages.

The interface only sends RIP version 1 messages

RIP SEND V1
(RFC1058)

The interface only sends RIP version 2 messages none

RIP SEND V2 (RFC1723). If set, RIP version 2 is used on all
non-loopback interfaces.

RIP SEND The interface sends RIP version 1 (RFC1058) and

ALL RIP version 2 (RFC1723) messages.

Example --> ip set interface ip1 rip send v1

See also IP SET INTERFACE RIP ACCEPT

IP SET RIP HOSTROUTES
IP SET RIP POISON
IP SHOW
IP LIST INTERFACES

IP SET INTERFACE TCPMSSCLAMP

Syntax IP SET INTERFACE <name> TCPMSSCLAMP {ENABLED|DISABLED}

Description This command enables/disables TCP MSS (Maximum Segment Size) Clamp
functionality on an existing IP interface. When TCP MSS Clamp is enabled on an
interface, all TCP traffic routed through that interface will be examined. If a TCP
SYN (synchronize/start) segment is sent with a maximum segment size larger than
AT-RG 600 Residential Gateway – Software Reference Manual 107

the interface MTU (Maximum Transmission Unit), the MSS option will be rewritten
in order to allow TCP traffic to pass through the interface without requiring
fragmentation.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
TCP SYN segments routed through this
ENABLED interface will be examined and, if necessary,
modified. disabled
The IP stack will not examine or modify
DISABLED
TCP traffic routed through this interface.

Example --> ip set interface ip2 tcpmssclamp enabled

See also IP SET INTERFACE MTU

IP SHOW

IP SET RIP ADVERTISEDEFAULT

Syntax IP SET RIP ADVERTISEDEFAULT {ENABLED | DISABLED}

Description This command enables/disables the advertising of a default route via RIP. If you set
this to enabled, then create a default route using the IP ADD DEFAULTROUTE
commands, the route will also be added to those advertised by the RIP protocol.
The cost associated with the route is the value set using the IP SET RIP
DEFAULTROUTECOST command.
You must enable default advertising before you create the default route.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Enables RIP to advertise a default route
ENABLED with the cost metric set using the IP SET RIP
disabled
DEFAULTROUTECOST command.
DISABLED Disables advertisement of a default route.

Example --> ip set rip advertisedefault enabled

See also IP ADD DEFAULTROUTE GATEWAY

108 Chapter 4 – IP

IP ADD DEFAULTROUTE INTERFACE

IP SET RIP DEFAULTROUTECOST

IP SET RIP AUTHENTICATION

Syntax IP SET RIP AUTHENTICATION {ENABLED | DISABLED}

Description This command enables/disables RIP v2 plain text authentication.

If enabled, a plain text authentication string is placed in RIP v2 packets.
RIP v2 packets will only be accepted if they contain an authentication entry with the
correct password string.
Packets with no authentication or the wrong password will be rejected.
To set an authentication password, use the IP SET RIP PASSWORD command.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

Accepts RIP v2 packets that contain an
authentication entry with the correct
ENABLED password string.
Packets with no authentication or the wrong disabled
password are rejected.
Rejects RIP v2 packets containing an
DISABLED
authentication entry.

Example --> ip set rip authentication enabled

See also IP SET RIP PASSWORD

IP SHOW

IP SET RIP DEFAULTROUTECOST

Syntax IP SET RIP DEFAULTROUTECOST <cost>

Description This command sets the number of hops counted as the cost of a default route
advertised via RIP.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The number of hops counted as the cost of

cost the default route. The cost value can be any 1
positive integer between 1 and 15.
AT-RG 600 Residential Gateway – Software Reference Manual 109

Example --> ip set rip defaultroutecost 10

See also IP ADD DEFAULTROUTE GATEWAY

IP ADD DEFAULTROUTE INTERFACE
IP SET RIP ADVERTISEDEFAULT

IP SET RIP HOSTROUTES

Syntax IP SET RIP HOSTROUTES {ENABLED | DISABLED}

Description Specifies whether IP interfaces will accept RIP routes to specific routes.

RIP version 1 does not allow specification of subnet masks; a RIP version 1 route
that appears to be to an individual host might in fact be to a subnet, and treating
it as a route to the whole network may be the best way to make use of the
information.

To display the current state of rip hostroutes, use the IP SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Sets the hostroutes flag to on. The interface
ENABLED
accepts RIP routes to specific hosts.
Sets the hostroutes flag to off.
RIP version 1 routes to individual hosts are disabled
treated as routes to the network containing
DISABLED
the host.
RIP version 2 routes to individual hosts are
ignored.

Example --> ip set rip hostroutes enabled

See also IP SET INTERFACE RIP ACCEPT

IP SET INTERFACE RIP SEND
IP SHOW

IP SET RIP PASSWORD

Syntax IP SET RIP PASSWORD <password>

Description This command sets an authentication string that is placed in RIP v2 packets if ip set
rip authentication is enabled.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).
110 Chapter 4 – IP

Option Description Default Value

An authentication password used by RIP v2
packets if ip set rip authentication is
password N/A
enabled. The password is a string of 0 to 16
characters.

Example --> ip set rip password vancouver

See also IP SET RIP AUTHENTICATION

IP SHOW

IP SET RIP POISON

Syntax IP SET RIP POISON {ENABLED | DISABLED}

Description Enables or disables the poisoned reverse flag. If this flag is on, the AT-RG613, AT-
RG623 and AT-RG656 performs poisoned reverse as defined in RFC 1058; see that
RFC for discussion of the details.

In short, though, the effect of Poison Reverse is to specifically advertise routes, with
metric set to 16, if those routes are no longer accessible for some reason. Hosts
receiving these advertisements will then mark these routes as unusable. This
process results in a quicker updating of other hosts routing tables. The alternative is
to simply not advertise the inaccessible routes, and let other hosts eventually age
them out.
To display the current state of the poisoned reverse flag, use the IP SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Sets the poisoned reverse flag to on. The AT-

RG613, AT-RG623 and AT-RG656 TCP/IP
ENABLED
performs poisoned reverse as defined in disabled
RFC 1058.
DISABLED Sets the poisoned reverse flag to off.

Example --> ip set rip poison enabled

See also IP SET INTERFACE RIP ACCEPT

IP SET INTERFACE RIP SEND
IP SET RIP HOSTROUTES
IP SHOW

IP SET ROUTE COST

Syntax IP SET ROUTE {<name>|<number>} COST <cost>
AT-RG 600 Residential Gateway – Software Reference Manual 111

Description This command sets the number of hops counted as the cost of the route for a route
previously created using the IP ADD ROUTE command.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing route. To

name display route names, use the IP LIST N/A
ROUTES command.
A number that identifies an existing route.
To display route numbers, use the IP LIST
number N/A
ROUTES command. The number appears in
the first column under the heading ID.
The number of hops counted as the cost of
the route. This may affect the choice of
route when the route is competing with
cost 1
routes acquired from RIP. (Using a mixture
of RIP and static routing is not advised).
The cost value can be any positive integer.

Example --> ip set route route1 cost 3

See also IP ADD ROUTE

IP SET ROUTE DESTINATION
IP SET ROUTE GATEWAY
IP LIST ROUTES

IP SET ROUTE DESTINATION

Syntax IP SET ROUTE {<name>|<number>} DESTINATION <dest-network> <netmask>

Description This command sets the destination network address of a route previously created
using the IP ADD ROUTE command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing route. To
name display route names, use the IP LIST N/A
ROUTES command.
A number that identifies an existing route.
To display route numbers, use the IP LIST
number N/A
ROUTES command. The number appears in
the first column under the heading ID.
dest-network The IP address of the destination network N/A
112 Chapter 4 – IP

displayed in the IPv4 format (e.g.

192.168.102.3)
The destination netmask displayed in the
netmask N/A
IPv4 format (e.g. 255.255.255.0)

Example
--> ip set route route1 destination 192.168.103.3 255.255.255.0

See also IP SET ROUTE GATEWAY

IP SET ROUTE COST
IP LIST ROUTES

IP SET ROUTE GATEWAY

Syntax IP SET ROUTE {<name>|<number>} GATEWAY <gateway>

Description This command sets the gateway address of a route previously created using the IP
ADD ROUTE command.
If you want the route to go directly to its destination and not via a gateway, specify
0.0.0.0 as the gateway.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing route. To

name display route names, use the IP LIST N/A
ROUTES command.
A number that identifies an existing route.
To display route numbers, use the IP LIST
number N/A
ROUTES command. The numbers appear in
the first column under the heading ID.
The IP address of the gateway, which is the
next device along the path to the destination
network, displayed in the IPv4 format (e.g.
gateway 192.168.102.3) N/A
If you added a route directly to an interface,
the gateway address is set by default to
0.0.0.0 so that no gateway is specified.

Example --> ip set route route1 gateway 192.168.102.3

See also IP ADD ROUTE

IP SET ROUTE DESTINATION
AT-RG 600 Residential Gateway – Software Reference Manual 113

IP SET ROUTE COST

IP LIST ROUTES

IP SET ROUTE INTERFACE

Syntax IP SET ROUTE {<name>|<number>} INTERFACE {<interface>|NONE}

Description This command sets the interface used by a route previously created by the IP ADD
ROUTE command. If you want the existing route to route to an address via a
gateway device, use none so that no interface is set.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing route. To

name display route names, use the IP LIST N/A
ROUTES command.
A number that identifies an existing route.
To display route numbers, use the IP LIST
number N/A
ROUTES command. The number appears in
the first column under the heading ID.
The name of the existing interface that the
ip routes through, displayed in the IPv4
interface format (e.g. 192.168.102.3) N/A
To display interface names, use the IP LIST
INTERFACES command.
No interface is set. This is used for routes
NONE that route via a gateway device instead of N/A
an interface.

Example --> ip set route r1 interface eth1

See also IP LIST INTERFACES

IP LIST ROUTES

IP SHOW
Syntax IP SHOW

Description Shows current RIP configuration and any other information global to the router.

Example --> ip show

Global IP configuration:

Host routes: true

Poison reverse: false
114 Chapter 4 – IP

See also IP SET RIP HOSTROUTES

IP SET RIP POISON

IP SHOW INTERFACE
Syntax IP SHOW INTERFACE {<name>|<number>}

Description This command displays the following information about a named interface:
• IP address and netmask (if set)
• MTU (Maximum Transmission Unit)
• Status of DHCP and NAT
• Status of TCP MSS Clamp
• Status of RIP send and RIP accept
• Status of RIP multicast

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
A number that identifies an existing IP
interface. To display interface numbers, use
number the IP LIST INTERFACES command. The N/A
number appears in the first column under
the heading ID.

Example --> ip show interface ip2

IP Interface: ip2
IP address: 192.168.102.3
Netmask: 255.255.255.0
MTU: 1500
DHCP: disabled

TCP MSS Clamp: disabled

Accept RIP V1: true

Send RIP V1: false
Accept RIP V2: true
Send RIP V2: false
Multicast RIP V2: disabled

--> ip show interface ip3

IP Interface: ip3 - virtual [ip2]

IP address: 192.168.50.10
Netmask: 255.255.255.0
MTU: 1500
DHCP: disabled
AT-RG 600 Residential Gateway – Software Reference Manual 115

TCP MSS Clamp: disabled

Accept RIP V1: true
Send RIP V1: false
Accept RIP V2: true
Send RIP V2: false
Multicast RIP V2: disabled

See also IP SHOW

IP SHOW ROUTE
IP LIST INTERFACES

IP SHOW ROUTE
Syntax IP SHOW ROUTE {<name>|<number>}

Description This command displays the following information about a named route:
• Destination IP address
• Netmask
• Gateway IP address (if applicable)
• Cost: the number of hops counted as the cost of the route
• Interface name (if applicable)

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existingroute. To

name display route names, use the IP LIST N/A
ROUTES command.
A number that identifies an existing route.
To display route numbers, use the IP LIST
number N/A
ROUTES command. The number appears in
the first column under the heading ID.

Example --> ip show route route3

IP route: route3
Destination: 192.168.102.3
Netmask: 255.255.255.0
Gateway: 192.168.108.3
Cost: 1
Interface:

See also IP SHOW

IP LIST ROUTES
116 Chapter 5 – Transports

Chapter 5

Transports

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 residential Gateway to manage the Transport module.

Throughout this section, the syntax <transport_module> is used to generically

represent a transport module like PPPOE or Ethernet.

This module allows you to clear, delete, list and display information about existing
transports that were created using the <transport_module> add transport
commands. To carry out more detailed configuration of transports, see the
corresponding transport module chapter:
• For PPPoE commands, see PPPoE CLI commands
• For Ethernet commands, see Ethernet CLI commands
AT-RG 600 Residential Gateway – Software Reference Manual 117

Transports CLI commands

The table below lists the Transports commands provided by the CLI:

Command
TRANSPORTS CLEAR
TRANSPORTS DELETE
TRANSPORTS LIST
TRANSPORTS SHOW

TRANSPORTS CLEAR
Syntax TRANSPORTS CLEAR

Description This command deletes all transports that were created using the <transport_module>
ADD TRANSPORT command.

Example --> transports clear

See also TRANSPORTS DELETE

TRANSPORTS DELETE
Syntax TRANSPORTS DELETE {<name>|<number>}

Description This command deletes a single transport that was created using the
<transport_module> ADD TRANSPORT command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value for each option (if applicable).

Option Description Default Value

A name that identifies an existing transport.
name To display transport names, use the N/A
TRANSPORTS LIST command.
A number that identifies an existing
number transport. To display transport numbers, N/A
use the TRANSPORTS LIST command.

Example --> transports delete eth1

See also TRANSPORTS CLEAR

TRANSPORTS LIST
118 Chapter 5 – Transports

TRANSPORTS LIST
Syntax TRANSPORTS LIST

Description This command lists all currently existing transports. It displays the following
information about the transports:
• transport identification number
• transport name
• transport type (PPP or Ethernet)
• Number of transmitted/received packets for each transport

Example --> transports list

Services:

ID | Name | Type
-----|--------------|-----------------------------------------------------
1 | default | Ethernet | TxPkts: 142/0 RxPkts: 10625/0
2 | voip | Ethernet | TxPkts: 0/0 RxPkts: 0/0
--------------------------------------------------------------------------

See also TRANSPORTS SHOW

TRANSPORTS SHOW
Syntax TRANSPORTS SHOW {<name>|<number>}

Description This command displays detailed information about an existing transport.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing transport.
name To display transport names, use the N/A
TRANSPORTS LIST command.
A number that identifies an existing
number transport. To display transport numbers, N/A
use the TRANSPORTS LIST command.

Example --> transports show default

Ethernet Status

Service
Creator : CLI
Description : default

Ethernet
Vlan : default
AT-RG 600 Residential Gateway – Software Reference Manual 119

If In Octets : 953676
If Out Octets : 8962
If In Errors : 0
If Out Errors : 0
Packets Sent : 142
Good Packets Received : 10726
Enabled : true

Termination : Ip Interface: ip0

Ether Channel
Port : ethernet0

See also TRANSPORTS LIST

120 Chapter 6 – Ethernet

Chapter 6

Ethernet

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 residential Gateway to manage the Ethernet module

Ethernet CLI commands

The table below lists the Ethernet commands provided by the CLI.

Command
ETHERNET ADD TRANSPORT
ETHERNET CLEAR TRANSPORTS
ETHERNET DELETE TRANSPORT
ETHERNET LIST PORTS
ETHERNET LIST TRANSPORTS
ETHERNET SHOW TRANSPORT

ETHERNET ADD TRANSPORT

Syntax ETHERNET ADD TRANSPORT <vlanname>

Description This command adds a named ethernet transport that will manage traffic related
only to the specified VLAN.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing VLAN.

vlanname See VLAN SHOW command to see the N/A
VLANs currently defined in the system.
AT-RG 600 Residential Gateway – Software Reference Manual 121

Example --> ethernet add transport voip

See also ETHERNET LIST TRANSPORTS

ETHERNET LIST PORTS
VLAN SHOW

ETHERNET CLEAR TRANSPORTS

Syntax ETHERNET CLEAR TRANSPORTS

Description This command deletes all ethernet transports that were created using the
ETHERNET ADD TRANSPORT command.

Be very careful when using this command due to side effects.

Removing all the transports result in detaching all the IP interfaces from the
VLANs and therefore the unit can not longer be reached by any IP interface (i.e.
via a telnet connection).

Example --> ethernet clear transports

See also ETHERNET DELETE TRANSPORT

ETHERNET DELETE TRANSPORT

Syntax ETHERNET DELETE TRANSPORT {<name>|<number>}

Removing the transport named "default" results in system failure. All the other
IP interfaces will not be able to communicate externally.

Description This command deletes a single ethernet transport.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing Ethernet
transport. To display transport names, use
name N/A
the ETHERNET LIST TRANSPORTS
command.
A number that identifies an existing
Ethernet transport. To display transport
number N/A
numbers, use the ETHERNET LIST
TRANSPORTS command.

Example --> ethernet delete transport eth1

122 Chapter 6 – Ethernet

See also ETHERNET LIST TRANSPORTS

ETHERNET LIST PORTS

Syntax ETHERNET LIST PORTS

Description This command lists the valid ports that can be used to transport ethernet data.

Example --> ethernet list ports

Valid port names:
ethernet 0
ethernet 1

ETHERNET LIST TRANSPORTS

Syntax ETHERNET LIST TRANSPORTS

Description This command lists all ethernet transports that have been created using the
ETHERNET ADD TRANSPORT command. It displays the transport identification
number and name, and the name of the port that it uses to transport ethernet data.

Example --> ethernet list transports

Ethernet transports:

ID | Name | Port
-----|-----------|------------
1 | default | ethernet0
2 | voip | ethernet1
------------------------------

See also ETHERNET LIST PORTS

ETHERNET SHOW TRANSPORT

Syntax ETHERNET SHOW TRANSPORT {<name>|<number>}

Description This command displays the name and port used by an existing Ethernet transport.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing Ethernet
transport. To display transport names, use
name N/A
the ETHERNET LIST TRANSPORTS
command.
A number that identifies an existing
number Ethernet transport. To display transport N/A
numbers, use the ETHERNET LIST
AT-RG 600 Residential Gateway – Software Reference Manual 123

TRANSPORTS command.

Example --> ethernet show transport default

Ethernet transport: default

Description: Default
Port: ethernet0

See also ETHERNET LIST TRANSPORTS

124 Chapter 7 – Security & Firewall

Chapter 7

Security & Firewall

Introduction
This section describes the AT-RG613, AT-RG623 and AT-RG656 built-in security
facilities, and how to configure and monitor them.
The Internet is a network that allows access to vast amounts of information and
potential customers. However, the Internet is not controlled and certain individuals
use it destructively. These individuals attack other users’ computer systems for
entertainment and/or profit.
The security system is designed to allow safe access to the Internet by enforcing a set
of access rules between the various interfaces of the product. To configure these
rules at least two interfaces have to be defined — one interface is attached to the
public network (e.g., the Internet), and the other interface is attached to an internal
private network (intranet) that requires protection. The security prevents
unrestricted access to the private network and protects the computer systems from
attack.
The security system provides a single link between the private network and the
public network, it is also uniquely positioned to provide a single point where all
traffic entering and leaving the private network can be logged and monitored. This
information is useful for providing a security audit trail.
Currently, two main security technologies are recognized that are briefly explained
in the following.

Application Gateway
This is the traditional approach used to build a firewall, where every connection
between two networks is made via an application program (called a proxy) specific
for that protocol. A session from the private network is terminated by the proxy,
which then creates another separate session to the end destination.
Typically, a proxy is designed with a detailed knowledge of how the protocol works
and what is allowed or not. This approach is very CPU intensive and very
restrictive. Only protocols that have specific proxies configured are allowed through
the security system; all other traffic is rejected. In practice most third-party proxies
AT-RG 600 Residential Gateway – Software Reference Manual 125

are transparent proxies, which pass all traffic between the two sessions without
regard to the data.

Stateful Inspection
A more recent approach to security design uses a method called “stateful inspection”.
Stateful inspection is also referred to as dynamic packet filtering or context-based access
control (CBAC).
In this technology, an inspection module understands data in packets from the
network layer (IP headers) up to the application layer. The inspection module
checks every packet passing through the security system and makes access decisions
based on the source, destination and service requested. The term stateful refers to the
security system’s ability to remember the status of a flow. For example, whether a
packet from the public Internet is returning traffic for a flow originated from the
private intranet. The TCP state of TCP flows is also monitored, allowing
inappropriate traffic to be discarded. The benefit of this approach is that stateful
inspection security systems are generally faster, less demanding on hardware, and
more adaptive to new Internet applications.

Security support on AT-RG6xx Residential Gateway

series
The Security module is the main module in the AT-RG613, AT-RG623 and AT-RG656
Residential Gateway that acts as server to the other two security modules, Firewall
and NAT, forming the Security System (see Figure 7).
The Security module makes it possible to:
• enable/disable all modules in the Security System (including the child modules;
NAT and Firewall)
• add IP interfaces to the Security System to create security interfaces that are used
to configure the NAT and Firewall child modules.
• configure TCP/UDP ports that can be opened dynamically to allow sessions
required by certain applications.
• enable/disable binary address replacement for sessions using dynamically opened
ports
The AT-RG613, AT-RG623 and AT-RG656 security system implementation has the
following features:
• Dynamic packet filtering (stateful inspection) technology.
• Application of dynamic filtering to traffic flows, using the base rule that all access
from the outside (i.e., public interfaces) is denied unless specifically permitted
and all access from the inside (i.e., private interfaces) is allowed unless
specifically denied.
• The firewall will open only the required ports for the duration of a user session.
• The firewall can be configured to limit internal access to the public network based
on a policy setting.
126 Chapter 7 – Security & Firewall

Security module

NAT
Firewall module
module

Figure 7. Security modules on AT-RG6xx Residential Gateway series.

Security Interfaces
On the AT-RG613, AT-RG623 and AT-RG656 it is possible to define three type of
security interfaces interfaces : Internal, External and DMZ (see Figure 8)
• An Internal interface is an IP interface that is attached to a network that needs to
be protected from the network attached to the External interface. For example, an
interface attached to a private LAN is an internal interface.
• The External interface is an IP interface that is attached to a network, for example
the Internet, containing hosts that may pose a security threat to hosts on the
internal interfaces.
• A DMZ (demilitarized zone) is an IP interface serving a small network that acts as
a neutral zone between the inside network and the outside network. A DMZ is a
portion of the local network that is almost completely open to the external
network. There may be some restriction at external access to the DMZ, but much
less than the restriction of access to the internal
To define an existing IP interface as a security interface use the SECURITY ADD
INTERFACE command.
To show the security interfaces currently defined, use the SECURITY LIST
INTERFACES command.

Only one external security interface and one DMZ security interface can be
defined.
AT-RG 600 Residential Gateway – Software Reference Manual 127

External Network

external interface

Internal Network
DMZ Network DMZ interface internal interface

internal interface Internal Network

internal interface
Internal Network

Figure 8. Security interfaces on AT-RG6xx Residential Gateway series.

Dynamic Port Opening and Triggers

Dynamic Port Opening is a companion feature to the filtering rules.
The Dynamic port opening feature solves a typical security problem related to
Internet applications that require secondary ports to be open in order for a session
to operate.
For example, an FTP control session operates on port 21, but FTP uses port 20 as a
secondary port for the data transfer process. The more ports that are open, the
greater the security risk. So, the “Dynamic Port Opening” service makes it possible
to designate certain secondary ports that will only be opened when there is an active
session on their associated primary port.
AT-RG613, AT-RG623 and AT-RG656 use triggers to tell to the security mechanism
to expect these secondary sessions and how to handle them. Rather than allowing a
range of port numbers, triggers handle the situation dynamically, allowing the
secondary sessions only when appropriate.
The trigger mechanism works without having to understand the application
protocol or reading the payload of the packet, (although the payload does need to be
read when using NAT if address replacement has to be performed).
Dynamic Port Opening makes use of triggers in the following way.
The user configures the Residential Gateway with a list of primary port numbers for
the applications that they want to handle using the SECURITY ADD TRIGGER
command and uses the startport and endport fields to specify the range of primary
port number(s).
The Primary port number refers to the TCP/UDP port number to which the primary
(starting) session of the application is established.
Every time the router detects that an outgoing session has been established to one of
these primary port numbers, it creates an entry in a table of currently open primary
128 Chapter 7 – Security & Firewall

sessions. The table entry contains the IP addresses of the devices at each end of the
session.
Subsequently, if an incoming session-establishment packet arrives at the router, the
source and destination addresses of the packet are compared against the entries in
the table of currently open primary sessions.
If there are no matches, the packet is discarded. If there are one or more matches,
then the router carries out a port-probing process.
In the port-probing process, the router runs through the list of matching sessions.
For each session, it sends a packet to the private IP address in the table entry. The
destination port number in this packet is the destination port number in the
incoming packet.
In the case of TCP, the probe packet is a TCP SYN packet. In the case of UDP, the
packet is just a small UDP packet.
Depending on the response that the router gets back from the probe packet, it can
work out whether the local host was expecting to receive an incoming session to that
port number.
If the port probing process does find a local host that was expecting the incoming
session, then the session is established. If a local host is not found, then the packet is
discarded.
This mechanism enables the router to allow in only those incoming secondary
sessions that should be allowed in, and can reject malicious attempts to establish
incoming sessions.
Although FTP is given as an example of a protocol that requires dynamic port
opening, because FTP is such a very common application, the dynamic port opening
for FTP is enabled in the software by default, and does not have to be configured by
the user.

Non-Activity Timeout
The dynamic port opening process opens secondary ports, as described above.
Typically, it will detect when a session using a secondary port is being closed (ie an
exchange of FIN, FIN/ACK packets) and stop passing packets for that session.
However, UDP sessions do not have a specific close-down process. Also, TCP
sessions might be terminated without a proper close-down (for example, the host at
one end of the session might be simply turned off). So, there needs to be a criterion
for deciding when to remove a session in these cases. The method that the router
uses is for the user to configure an inactivity time. If there has been no activity (no
exchange of packets) on the secondary session for the specified period of time, the
session is closed (ie the router will no longer forward any packets for that session).

Session Chaining
There are some applications (Netmeeting is the most well-known of these) in which
the secondary sessions may, themselves, spawn their own secondary sessions. This
process is known as session chaining.
If a dynamic port opening definition is being configured for such an application,
then the user needs to configure this definition to have session chaining on.
AT-RG 600 Residential Gateway – Software Reference Manual 129

In this case, when secondary sessions are successfully established, the

source/destination addresses of the session will also be added to the table of
currently open primary sessions.
To set a trigger for a session chaining that will enable chaining of TCP sessions, use
the SECURITY SET TRIGGER SESSIONCHAINING command.
To set a trigger for a session chaining that will enable chaining of UDP sessions, use
the SECURITY SET TRIGGER UDPSESSIONCHAINING command.

TCP session chaining must be always enabled if UDP session chaining is to be

used. It's not possible define a UDP session chaining without previously
enabling TCP session chaining.

Disabling TCP session chaining also automatically disables UDP session

chaining.

Firewall
The AT-RG613, AT-RG623 and AT-RG656 security system implements a stateful
Firewall providing high security by blocking certain incoming traffic based on
stateful information.
Each time outbound packets are sent from an internal host to an external host, the
following information is logged by the Firewall:
• port number
• sequencing information
• additional flags for each connection associated with that particular internal host
All inbound packets are compared against this logged information and only allowed
through the Firewall if it can be determined that they are part of an existing
connection. This makes it very difficult for hackers to break through the stateful
Firewall, because they would need to know addresses, port numbers, sequencing
information and individual connection flags for an existing session to an internal
host.
Firewall behaviour is managed by the firewall module. The firewall module offers
the ablitiy to:
• control what kind of Firewall activity is logged
• protect the internal network using stateful firewall functionality
• create policies
• add validators to policies
• add portfilters to to policies
• enable/disable and configure Intrusion Detection Settings (IDS)
In order to access firewall features, the firewall module must be enabled using the
firewall enable command.
Figure 9 shows the entities involved in the firewall module and their relationships.
130 Chapter 7 – Security & Firewall

Policy
A policy is a relationship between two security interfaces where it is possible to
assign portfilter and validator rules between them.
There are three different security interface combinations that Firewall policies can be
created between:
• the external interface and the internal interface
• the external interface and the DMZ interface
• the DMZ interface and the internal interface
To add a policy between one of the three above interface combinations use the
FIREWALL ADD POLICY command.

Portifilter
A portfilter is a rule that determines how the Firewall should handle packets being
transported between two security interfaces that are defined in an existing policy.
The rules define:
• what protocol type is allowed (specified using the protocol number or the
protocol name)
• the range of source and destination port numbers allowed
• the direction that packets are allowed to travel in (inbound, outbound, neither or
both)
To add a portfilter to an existing policy use the FIREWALL ADD PORTFILTER
command.
More than one portfilter object can be added to the same policy.

Validator
A validator is a rule that determines how the Firewall handles packets based on the
source or destination IP address. The policy that the validator belongs to determines
whether packets to/from the specified IP address are allowed or blocked
To add a validator to an existing policy use the FIREWALL ADD VALIDATOR
command.
AT-RG 600 Residential Gateway – Software Reference Manual 131

Firewall

IDS policies
li t refers to an interface combination
(e.g. external-internal)
policy
#1
policy
#2

policy
#

portfilters
li t could refer to ports and traffic
direction Source/Destination
portfilter
#1
could refer to transport protocol
portfilter
and traffic direction
#2

could refer to application and

portfilter
traffic direction protocol
#

validators
li t refers to Source/Destination ,IP
address and traffic direction
validator
#1
validator
#2

validator
#

Figure 9. Firewall module and related objects.

Intrusion Detection
Intrusion Detection is a feature that looks for traffic patterns that correspond to
certain known types of attack from suspicious hosts that attempt to damage the
network or to prevent legitimate users from using it.
The Intrusion Detection protects the system from the following kinds of attacks:
• DOS (Denial of Service) attacks - a DOS attack is an attempt by an attacker to
prevent legitimate hosts from accessing a service.
• Port Scanning - an attacker scans a system in an attempt to identify any open
ports.
• Web Spoofing - an attacker creates a 'shadow' of the World Wide Web on their
own machine, however a legitimate host sees this as the 'real' WWW. The attacker
uses the shadow WWW to monitor the host's activities and send false data to and
from the host's machine.
132 Chapter 7 – Security & Firewall

Intrusion Detection works differently for each type of attack:

• For DOS (Denial of Service) attacks, it's possible to set three maximum parameter
levels:
• the maximum number of ICMP packets allowed before a flood is detected
(using FIREWALL SET IDS MAXICMP command)
• the maximum number of pings allowed before an Echo Storm is detected
(using FIREWALL SET IDS MAXPING command)
• the maximum number of unfinished TCP handshakes allowed before a
flood is detected (using FIREWALL SET IDS
MAXTCPOPENHANDSHAKE command)

Once a maximum level is reached, an intrusion attempt is detected and the attacker
is blocked by the Firewall for the time limit specified by the FIREWALL SET IDS
DOSATTACKBLOCK command (default is 30 minutes).
• For Port Scan attacks, once an attacker scanning your system's ports has been
identified, they are blocked by the Firewall for the time limit specified in the
FIREWALL SET IDS SCANATTACKBLOCK command.
• For Web Spoofing attacks, packets destined for the victim of a spoofing attack are
blocked by the Firewall for the time limit specified in the FIREWALL SET IDS
VICTIMPROTECTION command.
AT-RG 600 Residential Gateway – Software Reference Manual 133

Security Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the Security
module.

Security CLI commands

The table below lists the security commands provided by the CLI.

Command
SECURITY ADD INTERFACE
SECURITY ADD TRIGGER TCP|UDP
SECURITY ADD TRIGGER NETMEETING
SECURITY CLEAR INTERFACES
SECURITY CLEAR TRIGGERS
SECURITY DELETE INTERFACE
SECURITY DELETE TRIGGER
SECURITY
SECURITY LIST INTERFACES
SECURITY LIST TRIGGERS
SECURITY SET TRIGGER UDPSESSIONCHAINING
SECURITY SET TRIGGER ADDRESSREPLACEMENT
SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT
SECURITY SET TRIGGER ENDPORT
SECURITY SET TRIGGER MAXACTINTERVAL
SECURITY SET TRIGGER MULTIHOST
SECURITY SET TRIGGER SESSIONCHAINING
SECURITY SET TRIGGER STARTPORT
SECURITY SHOW INTERFACE
SECURITY SHOW TRIGGER
SECURITY STATUS

SECURITY ADD INTERFACE

Syntax SECURITY ADD INTERFACE <name> {EXTERNAL|INTERNAL|DMZ}

Description This command adds an existing IP interface to the Security package to create a
134 Chapter 7 – Security & Firewall

security interface, and specifies what type of interface it is depending on how it

connects to the network.
Once security interfaces have been added, they can be used in the NAT and/or
Firewall configurations.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP
name interface. To display interface names, use N/A
the IP LIST INTERFACES command.
An interface that connects to the external
EXTERNAL N/A
network.
An interface that connects to the internal
INTERNAL N/A
network
An interface that connects to the de-
DMZ N/A
militarized zone (DMZ)

Example --> security add interface ip1 internal

See also IP LIST INTERFACES

FIREWALL CLI COMMANDS
NAT CLI COMMANDS

SECURITY ADD TRIGGER TCP|UDP

Syntax SECURITY ADD TRIGGER <name> {TCP|UDP} <startport> <endport> <maxactinterval>

Description This command adds a trigger to the Security module.

A trigger allows an application to open a secondary port in order to transport
packets.
Some applications, such as FTP, need to open secondary ports - they have a control
session port (21 for FTP) but also need to use a second port in order to transport
data. Adding a trigger means that you do not have to define static portfilters to open
ports for each secondary session. If you did this, the ports would remain open for
potential use (or misuse, see the command FIREWALL SET IDS
SCANATTACKBLOCK) until the portfilters were deleted. A trigger opens a
secondary port dynamically, and allows you to specify the length of time that it can
remain inactive before it is closed.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

name An arbitrary name that identifies the N/A
AT-RG 600 Residential Gateway – Software Reference Manual 135

trigger. It can be made up of one or more

letters or a combination of letters and digits,
but it cannot start with a digit.
Adds a trigger for a TCP application to the
TCP N/A
security package.
Adds a trigger for a UDP application to the
UDP N/A
security package.
Sets the start of the trigger port range for
startport N/A
the control session.
Sets the end of the trigger port range for the
endport N/A
control session.
Sets the maximum interval time (in
milliseconds) between the use of secondary
maxactinterval port sessions. If a secondary port opened by 3000
a trigger has not been used for the specified
time, it is closed.

Example The following example creates an FTP (File Transfer Protocol) trigger:
--> security add trigger t1 tcp 21 21 3000

See also SECURITY LIST TRIGGERS

SECURITY ADD TRIGGER NETMEETING

Syntax SECURITY ADD TRIGGER <name> NETMEETING

Description This command allows you to add a trigger to allow Netmeeting to transport data
through the security package.
This application opens a secondary port session. You do not have to set the port
range or maxactinterval for a Netmeeting trigger - the CLI automatically sets this for
you.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the
trigger. It can be made up of one or more
name N/A
letters or a combination of letters and digits,
but it cannot start with a digit.

Example --> security add trigger t2 netmeeting

See also SECURITY LIST TRIGGERS

SECURITY ADD TRIGGER TCP|UDP
136 Chapter 7 – Security & Firewall

SECURITY CLEAR INTERFACES

Syntax SECURITY CLEAR INTERFACES

Description This command removes all security interfaces that were added to the Security
package using the SECURITY ADD INTERFACE command.

Example --> security clear interfaces

See also SECURITY DELETE INTERFACE

SECURITY CLEAR TRIGGERS

Syntax SECURITY CLEAR TRIGGERS

Description This command deletes all triggers that were added to the Security module using the
SECURITY ADD TRIGGER commands.

Example --> security clear triggers

See also SECURITY DELETE TRIGGER

SECURITY DELETE INTERFACE

Syntax SECURITY DELETE INTERFACE <name>

Description This command removes a single security interface that was added to the Security
package using the SECURITY ADD INTERFACE command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing security
interface. To display interface names, use
name N/A
the SECURITY LIST INTERFACES
command.

Example --> security delete interface f1

See also SECURITY CLEAR INTERFACES

SECURITY LIST INTERFACES

SECURITY DELETE TRIGGER

Syntax SECURITY DELETE TRIGGER <name>

Description This command deletes a single trigger that was added to the Security module using
AT-RG 600 Residential Gateway – Software Reference Manual 137

the SECURITY ADD TRIGGER commands.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.

name To display trigger names, use the N/A
SECURITY LIST TRIGGER command.

Example --> security delete trigger t2

See also SECURITY LIST TRIGGERS

SECURITY CLEAR TRIGGERS

SECURITY
Syntax SECURITY {ENABLE | DISABLE}

Description This command explicitly enables/disables all modules in the Security package
(including the child modules; NAT and Firewall).

You must enable the Security package if you want to use the NAT and/or
Firewall modules to configure security for your system.

If you disable the Security package during a session, any configuration changes
made to the Security, NAT or Firewall modules when the package was enabled
remain in the system, so that you can re-enable them later in the session. If you
need to reboot the Residential Gateway but want to save the security
configuration between sessions, use the system config save command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Enables all modules in the Security package

ENABLED
(Security, NAT and Firewall modules).
disabled
Disables all modules in the Security
DISABLED package (Security, NAT and Firewall
modules).

Example --> security enable

See also FIREWALL SET SECURITYLEVEL

SYSTEM CONFIG SAVE
138 Chapter 7 – Security & Firewall

SECURITY LIST INTERFACES

Syntax SECURITY LIST INTERFACES

Description This command lists the following information about security interfaces that were
added to the Security package using the SECURITY ADD INTERFACE command:
• Interface ID number
• Interface name
• Interface type (external, internal or DMZ)

Example --> security list interfaces

Security Interfaces:
ID | Name | Type
-----|----------|----------
1 | i1 | internal
2 | i2 | external
3 | i3 | dmz
---------------------------

See also SECURITY SHOW INTERFACE

SECURITY LIST TRIGGERS

Syntax SECURITY LIST TRIGGERS

Description This command lists triggers that were added to the Security module using the
SECURITY ADD TRIGGER command. It displays the following information about
triggers:
• Trigger ID number
• Trigger name
• Trigger transport type (TCP or UDP)
• Port range
• Interval

Example --> security list triggers

Security Triggers:
ID | Name | Type | Port Range | Interval
---------------------------------------------
1 | tr1 | tcp | 21 - 21 | 3000
2 | tr2 | tcp | 1720 - 1720 | 3000
---------------------------------------------

See also SECURITY SHOW TRIGGER

SECURITY SET TRIGGER UDPSESSIONCHAINING

Syntax SECURITY SET TRIGGER <name> UDPSESSIONCHAINING {ENABLE | DISABLE}
AT-RG 600 Residential Gateway – Software Reference Manual 139

Description This command determines whether or not a UDP dynamic session can become also
a triggering session.
If UDP session chaining is enabled, both UDP and TCP dynamic sessions also
become triggering sessions, which allows multi-level session triggering.

UDP session chaining can be enabled only if a TCP session chaining is already
enabled on the same trigger using the security set trigger sessionchaining
command.

This CLI command is case-sensitive. The command must be typed exactly as

they appear in the syntax section on this page otherwise a syntax error message
is returned.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.
name To display trigger names, use the N/A
SECURITY LIST TRIGGERS command.
Enables UDP sessionchaining on an existing
trigger. TCP and UDP session chaining is
ENABLED
allowed if the SECURITY SET TRIGGER
SESSIONCHAINING command is enabled.
disabled
Disables UDP session chaining on an
existing trigger. TCP session chaining is
DISABLED
allowed if the SECURITY SET TRIGGER
SESSIONCHAINING command is enabled.

Example --> security set trigger t3 UDPsessionchaining enable

See also SECURITY SET TRIGGER SESSIONCHAINING

SECURITY SET TRIGGER ADDRESSREPLACEMENT

Syntax SECURITY SET TRIGGER <name> ADDRESSREPLACEMENT
{NONE|TCP|UDP|BOTH}

Description The settings in this command are only effective if you enable address translation
using the command SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT.
This command allows you to specify what type of address replacement is set on an
trigger. Incoming and outgoing packets are searched in order to find any IP
addresses embedded in the payload. Any IP addresses that are found are then
compared with the public and private addresses being used by NAT. If the
addresses that have been found would have been translated by NAT (had they been
140 Chapter 7 – Security & Firewall

in the packet header), then they are translated and the original addresses in the
payload are replaced by the translated addresses.
You can specify whether you want to carry out address replacement on TCP
packets, on UDP packets or on both TCP and UDP packets.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an trigger. To display
name trigger names, use the SECURITY LIST N/A
TRIGGERS command.
NONE Disables address replacement.
Sets address replacement on TCP packets
TCP
for an existing trigger.
none
Sets address replacement on UDP packets
UDP
for an existing trigger.
Sets address replacement on TCP and UDP
BOTH
packets for an existing trigger.

Example --> security set trigger t2 addressreplacement tcp

See also SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT

SECURITY SET TRIGGER

BINARYADDRESSREPLACEMENT
Syntax SECURITY SET TRIGGER <name> BINARYADDRESSREPLACEMENT {ENABLE |
DISABLE}

Description This command enables/disables binary address replacement on an existing trigger.

You can then set the type of address replacement (TCP, UDP, both or none) using
the command SECURITY SET TRIGGER ADDRESSREPLACEMENT.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.
name To display trigger names, use the N/A
SECURITY LIST TRIGGERS command.
Enables the use of binary address
ENABLED
replacement on an existing trigger.
disabled
Disables the use of binary address
DISABLED
replacement on an existing trigger.
AT-RG 600 Residential Gateway – Software Reference Manual 141

Example --> security set trigger t5 binaryaddressreplacement enable

See also SECURITY SET TRIGGER ADDRESSREPLACEMENT

SECURITY LIST TRIGGERS

SECURITY SET TRIGGER ENDPORT

Syntax SECURITY SET TRIGGER <name> ENDPORT <portnumber>

Description This command sets the end of the port number range for an existing trigger.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.
name To display trigger names, use the N/A
SECURITY LIST TRIGGERS command.
portnumber Sets the end of the trigger port range. N/A

Example --> security set trigger t3 endport 21

See also SECURITY SET TRIGGER STARTPORT

SECURITY SET TRIGGER MAXACTINTERVAL

Syntax SECURITY SET TRIGGER <name> MAXACTINTERVAL <interval>

Description This command sets the maximum activity interval limit on existing session entries
for an existing trigger.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.
name To display trigger names, use the N/A
SECURITY LIST TRIGGERS command.
Sets the maximum interval time (in
milliseconds) between the use of secondary
interval port sessions. If a secondary port opened by N/A
a trigger has not been used for the specified
time, it is closed.

Example --> security set trigger t2 maxactinterval 5000

See also SECURITY LIST TRIGGERS

142 Chapter 7 – Security & Firewall

SECURITY SET TRIGGER MULTIHOST

Syntax SECURITY SET TRIGGER <name> MULTIHOST {ENABLE | DISABLE}

Description This command sets whether or not a secondary session can be initiated to/from
different remote hosts or the same remote host on an existing trigger.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.
name To display trigger names, use the N/A
SECURITY LIST TRIGGERS command.
A secondary session can be initiated to/from
ENABLED
different remote hosts.
disabled
A secondary session can only be initiated
DISABLED
to/from the same remote host.

Example --> security set trigger t1 multihost enable

See also SECURITY LIST TRIGGERS

SECURITY SET TRIGGER SESSIONCHAINING

Syntax SECURITY SET TRIGGER <name> SESSIONCHAINING {ENABLE | DISABLE}

Description This command determines whether or not triggering sessions can be chained. If
session chaining is enabled, TCP dynamic sessions also become triggering sessions,
which allows multi-level session triggering.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.
name To display trigger names, use the N/A
SECURITY LIST TRIGGERS command.
Enables TCP sessionchaining on an existing
ENABLED
trigger.
disabled
Disables all session chaining (TCP and
DISABLED
UDP) on an existing trigger.

Example --> security set trigger t4 sessionchaining enable

See also SECURITY SET TRIGGER UDPSESSIONCHAINING

AT-RG 600 Residential Gateway – Software Reference Manual 143

SECURITY SET TRIGGER STARTPORT

Syntax SECURITY POLICY <name> SET TRIGGER STARTPORT <portnumber>

Description This command sets the start of the port number range for an existing trigger.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.
name To display trigger names, use the N/A
SECURITY LIST TRIGGERS command.
portnumber Sets the start of the trigger port range. N/A

Example --> security set trigger t3 startport 21

See also SECURITY SET TRIGGER ENDPORT

SECURITY SHOW INTERFACE

Syntax SECURITY SHOW INTERFACE <name>

Description This command displays information about a single interface that was added to the
Security package using the SECURITY ADD INTERFACE command. The following
interface information is displayed:
• Interface name
• Interface type (external, internal or DMZ)

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.
name To display trigger names, use the N/A
SECURITY LIST TRIGGERS command.

Example --> security show interface f2

Interface name: f2
Interface type: internal

See also SECURITY LIST INTERFACES

SECURITY SHOW TRIGGER

Syntax SECURITY SHOW TRIGGER <name>
144 Chapter 7 – Security & Firewall

Description This command displays information about a single trigger that was added to the
Security module using the SECURITY ADD TRIGGER command. The following
trigger information is displayed:
• Trigger name
• Transport type (TCP or UDP)
• Start of the port range
• End of the port range
• Multiple host permission (true/false)
• Maximum activity interval (in milliseconds)
• Session chaining permission (true/false)
• Session chaining on UDP permission (true/false)
• Binary address replacement permission (true/false)
• Address translation type (UDP, TCP, none or both)

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing trigger.
name To display trigger names, use the N/A
SECURITY LIST TRIGGERS command.

Example --> security show trigger t2

Security Trigger: t2

Transport Type: tcp

Starting port number: 1000
Ending port number: 1000
Allow multiple hosts: false
Max activity interval: 30000
Session chaining: false
Session chaining on UDP: false
Binary address replacement: false
Address translation type: none

See also SECURITY LIST TRIGGERS

SECURITY STATUS
Syntax SECURITY STATUS

Description This command displays the following information about the Security package:
• Security status (enabled or disabled)
• Firewall status (enabled or disabled)
• Firewall security level setting (none, high, low, or medium)
AT-RG 600 Residential Gateway – Software Reference Manual 145

• Firewall session logging (enabled or disabled)

• Firewall blocking logging (enabled or disabled)
• Firewall intrusion logging (enabled or disabled)
• NAT status (enabled or disabled)

Example --> security status

Security enabled.
Firewall disabled.
Firewall security level: none.
Firewall session logging enabled.
Firewall blocking logging enabled.
Firewall intrusion logging disabled.
NAT enabled

See also SECURITY

FIREWALL SET SECURITYLEVEL
146 Chapter 7 – Security & Firewall

Firewall Command Reference

This section describes the commands available on AT-RG613, AT-RG623 and AT-
RG656 Residential Gateway to enable, configure and manage the Firewall module.

Firewall CLI commands

The table below lists the firewall commands provided by the CLI:

Command

FIREWALL ADD POLICY

FIREWALL ADD PORTFILTER
FIREWALL ADD VALIDATOR
FIREWALL CLEAR POLICIES
FIREWALL CLEAR PORTFILTERS
FIREWALL DELETE POLICY
FIREWALL DELETE PORTFILTER
FIREWALL DELETE VALIDATOR
FIREWALL ENABLE|DISABLE
FIREWALL ENABLE|DISABLE IDS
FIREWALL ENABLE|DISABLE BLOCKINGLOG
FIREWALL ENABLE|DISABLE INTRUSIONLOG
FIREWALL ENABLE|DISABLE SESSIONLOG
FIREWALL LIST POLICIES
FIREWALL LIST PORTFILTERS
FIREWALL LIST PROTOCOLS
FIREWALL LIST VALIDATORS
FIREWALL SET IDS DOSATTACKBLOCK
FIREWALL SET IDS MAXICMP
FIREWALL SET IDS MAXPING
FIREWALL SET IDS MAXTCPOPENHANDSHAKE
FIREWALL SET IDS SCANATTACKBLOCK
FIREWALL SET IDS BLACKLIST
FIREWALL SET IDS VICTIMPROTECTION
FIREWALL SET SECURITYLEVEL
FIREWALL SHOW IDS
AT-RG 600 Residential Gateway – Software Reference Manual 147

FIREWALL SHOW POLICY

FIREWALL SHOW PORTFILTER
FIREWALL SHOW VALIDATOR
FIREWALL STATUS

FIREWALL ADD POLICY

Syntax FIREWALL ADD POLICY <name> {EXTERNAL-INTERNAL|EXTERNAL-DMZ|DMZ-
INTERNAL} [ALLOWONLY-VAL]|[BLOCKONLY-VAL]

Description This command creates a policy between two interface types. There are three types of
policy that you can add to the firewall:
• a policy between the external interface and the internal interface
• a policy between the external interface and the DMZ interface
• a policy between the DMZ interface and the internal interface
A policy is the collective term for the rules that apply to incoming and outgoing
traffic between two interface types. Once a policy is created using the FIREWALL
ADD POLICY command, it's possible to create rules for the policy using the
FIREWALL ADD PORTFILTER command.
The FIREWALL ADD VALIDATOR command allows you to block/allow traffic
based on the source and/or destination IP addresses and masks.
The FIREWALL ADD POLICY command controls whether traffic is
blocked/allowed for all of the validators that belong to a policy. There are two
options:
• allow only traffic to and/or from the IP address(es) set in the FIREWALL ADD
VALIDATOR command. All other traffic is blocked by the Firewall.
• block only traffic to and/or from the IP address(es) set in the FIREWALL ADD
VALIDATOR command. All other traffic is allowed through the Firewall.
It's possible to set a Firewall security level that contains default policies using the
FIREWALL SET SECURITYLEVEL command. Then, it's possible to customize the
Firewall by adding specific portfilters and validators.

If the allowonly-val or blockonly-val option is not specified, the blockonly-val option

is considered as the default option value.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the policy.
name It can be made up of one or more letters or a N/A
combination of letters and digits, but it
148 Chapter 7 – Security & Firewall

cannot start with a digit.

EXTERNAL- A connection between the external network

INTERNAL interface and the internal network interface.
A connection between the external network
EXTERNAL-
DMZ interface and the de-militarized zone N/A
(DMZ).
A connection between the de-militarized
DMZ-
INTERNAL zone (DMZ) and the internal network
interface.
Allows only traffic to and/or from the IP
ALLOWONLY- address(es) set in the FIREWALL ADD
VAL VALIDATOR command. All other traffic is
blocked.
blockonly-val
Blocks only traffic to and/or from the IP
BLOCKONLY- address(es) set in the FIREWALL ADD
VAL VALIDATOR command. All other traffic is
allowed.

Example --> firewall add policy ext-dmz external-dmz blockonly-val

See also FIREWALL SET SECURITYLEVEL

FIREWALL ADD PORTFILTER
FIREWALL ADD VALIDATOR

FIREWALL ADD PORTFILTER

Syntax FIREWALL ADD PORTFILTER <name> <policyname> {PROTOCOL <number>}
{INBOUND|OUTBOUND|BOTH}

FIREWALL ADD PORTFILTER <name> <policyname> {TCP|UDP} <startport>

<endport> {INBOUND|OUTBOUND|BOTH}

FIREWALL ADD PORTFILTER <name> <policyname>

{FTP|HTTP|ICMP|SMTP|TELNET} {INBOUND|OUTBOUND|BOTH}

Description This command adds a portfilter to an existing firewall policy.

Portfilters are individual rules that determine what kind of traffic (based on type of
protocol or type of transport or type of application) can pass between the two
interfaces specified in the FIREWALL ADD POLICY command.
There are three ways that a portfilter can be defined, depending on the type of
protocol that must be managed by the portfilter:
• specify the number of a non-TCP or non-UDP protocol (for more information, see
http://www.ietf.org/rfc/rfc1700.txt)
• specify TCP or UDP protocol, together with an application's start/end port
numbers
AT-RG 600 Residential Gateway – Software Reference Manual 149

• specify one of the listed protocols, applications or services. These are provided by
the Firewall as popular examples that you can use. You do not need to specify the
portnumber - the Firewall does this for you.

It is VERY IMPORTANT to understand that when portfilters are created for TCP or
UDP, then the effect of the filter is to allow/disallow packets that are starting a
UDP or TCP session. Once a session has been established, the firewall recognizes
subsequent packets in the session as belonging to an established session, and
allows then through. This is because this is a Stateful firewall, and so is aware of
the states of UDP/TCP sessions.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the
portfilter. It can be made up of one or more
name N/A
letters or a combination of letters and digits,
but it cannot start with a digit.
A name that identifies an existing firewall
policyname policy. To display policy names, use the N/A
FIREWALL LIST POLICIES command.
The number of a non-TCP or non-UDP
number protocol. Protocol numbers can be found at N/A
http://www.ietf.org/rfc/rfc1700.txt.
The start of the port range for a TCP or UDP
startport N/A
protocol.
The end of the port range for a TCP or UDP
endport N/A
protocol.
Allows transport of packets of the specified
protocol, application or service from an
INBOUND outside interface to an inside interface. N/A
Outbound transport of the packets is not
allowed.
Allows transport of packets of the specified
protocol, application or service from an
OUTBOUND inside interface to an outside interface. N/A
Inbound transport of the packets is not
allowed.
Allows inbound and outbound transport of
packets of the specified protocol,
BOTH N/A
application or service between inside and
outside interfaces.

Examples - specifying a protocol <number>

150 Chapter 7 – Security & Firewall

The following example allows IGMP (Internet Group Management Protocol)

packets inbound from the external interface to the DMZ interface. IGMP is protocol
number 2 (see http://www.ietf.org/rfc/rfc1700.txt).
First, we need to create a policy:

--> firewall add policy ext-dmz external-dmz

Then we can add the portfilter to it:

--> firewall add portfilter pf1 ext-dmz protocol 2 inbound

- specifying a TCP/UDP protocol

The following example allows DNS (Domain Name Service) sessions to be
established in an outbound direction from the internal interface to the external
interface. DNS uses UDP port 53 (see http://www.ietf.org/rfc/rfc1700.txt).
First, we need to create a policy:

--> firewall add policy ext-int external-internal

Then we can add the portfilter to it:

--> firewall add portfilter pf2 ext-int udp 53 53 outbound

- using a provided protocol, application or service

The following example allows SMTP (Simple Mail Transfer Protocol) sessions to be
created in both the inbound and outbound directions between the internal interface
and the DMZ interface. This is a popular protocol that is provided by the Firewall.
You do not need to specify the portnumber - the Firewall does this for you.
First, we need to create a policy:

--> firewall add policy dmz-int dmz-internal

Then we can add the portfilter to it:

--> firewall add portfilter pf3 dmz-int smtp both

See also FIREWALL LIST POLICIES

See the Well Known Port Numbers section of RFC 1700 for a list of port numbers
and protocols for particular services (see http://www.ietf.org/rfc/rfc1700.txt).

FIREWALL ADD VALIDATOR

Syntax FIREWALL ADD VALIDATOR <name> <policyname> {INBOUND|OUTBOUND|BOTH}
<ipaddress> <hostipmask>

Description This command adds a validator to an existing Firewall policy. A validator

allows/blocks traffic based on the source/destination IP address and netmask.
The command allows you to specify:
• the IP address(es) and netmask(s) of the IP frames that are allowed to pass the
firewall or that must be blocked by the firewall
AT-RG 600 Residential Gateway – Software Reference Manual 151

• the direction of traffic that must be allowed/blocked

Once a validator is added to a policy, specifying the IP address and direction values,
the same validator can be reused adding the validator to other policies.

In order to add validators to a Firewall policy, the policy must have been
previously created, which defines how traffic is allowed/blocked, using the
allowonly-val or blockonly-val options in the FIREWALL ADD POLICY
command:

allowonly-val: only traffic based on the direction setting and the IP address(es)
specified in the FIREWALL ADD VALIDATOR command is allowed. All other
traffic is blocked.

blockonly-val: only traffic based on the direction and the IP address(es) specified
in the FIREWALL ADD VALIDATOR command is blocked. All other traffic is
allowed.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the
portfilter. It can be made up of one or more
name N/A
letters or a combination of letters and digits,
but it cannot start with a digit.
A name that identifies an existing firewall
policyname policy. To display policy names, use the N/A
FIREWALL LIST POLICIES command.
Validator acts on traffic originated from
and/or directed to the IP addresses defined
by the ipaddress and hostipmask fields in the
following directions (depending on the
INBOUND N/A
interfaces involved by the policy):
from External to Internal
from External to DMZ
from DMZ to Internal
Validator acts on traffic originated from
and/or directed to the IP addresses defined
by the ipaddress and hostipmask fields in the
following directions (depending on the
OUTBOUND N/A
interfaces involved by the policy):
from Internal to External
from DMZ to External
from Internal to DMZ
Validator acts on traffic originated from
BOTH and/or directed to the IP addresses defined N/A
by the ipaddress and hostipmask fields in the
152 Chapter 7 – Security & Firewall

following directions (depending on the

interfaces involved by the policy):
from External to Internal and viceversa
from External to DMZ and viceversa
from DMZ to Internal and viceversa
The IP address (or base address of the range
of IP addresses) to which validator will
apply. The address is in the IPv4 format
ipaddress N/A
(e.g. 192.168.102.3).
The ipaddress value can represent either
Source or Destination IP address.
The netmask defining the range of IP
addresses managed by the validator in the
IPv4 format (e.g. 255.255.255.0).
For example, if the validator is to apply to a
hostipmask whole class-c range then use the hostipmask N/A
255.255.255.0.
If the validator is to apply to just a single IP
address, use the specific IP mask
255.255.255.255

Example In the following example, a policy is created, then a validator added to block
inbound and outbound traffic from/to the IP address stated. All other traffic is
allowed.

--> firewall add policy ext-int external-internal blockonly-val

--> firewall add validator v1 ext-int both 192.168.102.3 255.255.255.255

FIREWALL CLEAR POLICIES

Syntax FIREWALL CLEAR POLICIES

Description This command deletes all existing policies from the firewall configuration. Any
portfilters associated with the policies are also deleted by this command.

Example --> firewall clear policies

See also FIREWALL ADD POLICY

FIREWALL DELETE POLICY

FIREWALL CLEAR PORTFILTERS

Syntax FIREWALL CLEAR PORTFILTERS <policyname>

Description This command deletes all portfilters that were added to an existing firewall policy
using the FIREWALL ADD PORTFILTER command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 153

Option Description Default Value

A name that identifies an existing firewall
policyname policy. To display policy names, use the N/A
FIREWALL LIST POLICIES command.

Example --> firewall clear portfilters ext-int

See also FIREWALL DELETE PORTFILTER

FIREWALL LIST POLICIES

FIREWALL DELETE POLICY

Syntax FIREWALL DELETE POLICY <name>

Description This command deletes a single existing policy from the firewall configuration. All
portfilters associated with the policy are also deleted by this command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing firewall

name policy. To display policy names, use the N/A
FIREWALL LIST POLICIES command.

Example --> firewall delete policy ext-dmz

See also FIREWALL CLEAR POLICIES

FIREWALL LIST POLICIES

FIREWALL DELETE PORTFILTER

Syntax FIREWALL DELETE PORTFILTER <name> <policyname>

Description This command deletes a single portfilter that was added to a firewall policy using
the FIREWALL ADD PORTFILTER command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing portfilter.
name To display portfilter names, use the N/A
FIREWALL LIST PORTFILTER command.
A name that identifies an existing firewall
policyname N/A
policy. To display policy names, use the
154 Chapter 7 – Security & Firewall

FIREWALL LIST POLICIES command.

Example --> firewall delete portfilter pf3 ext-int

See also FIREWALL LIST POLICIES

FIREWALL LIST PORTFILTERS
FIREWALL CLEAR PORTFILTERS

FIREWALL DELETE VALIDATOR

Syntax FIREWALL DELETE VALIDATOR <name> <policyname>

Description This command deletes a single validator from a named policy.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing validator.

name To display validator names, use the N/A
FIREWALL LIST VALIDATORS command.
A name that identifies an existing firewall
policyname policy. To display policy names, use the N/A
FIREWALL LIST POLICIES command.

Example --> firewall delete validator v1 ext-int

FIREWALL ENABLE|DISABLE
Syntax FIREWALL {ENABLE | DISABLE}

Description This command enables/disables the entire Firewall module except for the IDS
portion of the module (see the command FIREWALL ENABLE|DISABLE IDS).

Security module must be also enabled (using the command SECURITY

ENABLE) in order to use the features of the Firewall module.

When the Firewall is enabled, all IP traffic on existing security interfaces that are
NOT included in a Firewall policy is blocked. For details on setting default
policy security levels on security interfaces, see the FIREWALL SET
SECURITYLEVEL command.

If the Firewall module is disabled during a session, any configuration changes

made when the Firewall was enabled remain in the Firewall, so that it's possible
re-enable them later in the session.

If the system must be rebooted and the Firewall configuration must be saved
between sessions, use the SYSTEM CONFIG SAVE command.
AT-RG 600 Residential Gateway – Software Reference Manual 155

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

ENABLE Enables the Firewall module N/A
DISABLE Disables the Firewall module. N/A

Example --> firewall enable

See also FIREWALL ENABLE|DISABLE IDS

FIREWALL SET SECURITYLEVEL
SYSTEM CONFIG SAVE

FIREWALL ENABLE|DISABLE IDS

Syntax FIREWALL {ENABLE | DISABLE} IDS

Description This command enables or disables the IDS (Intrusion Detection Service) portion of
the Firewall.

This module must be enabled in order to activate the settings specified in the
FIREWALL IDS commands.

This module depends on the Security module, which must be enabled before the
enabling of the IDS can take effect.

It's not necessary to enable the Firewall module in order for the IDS to be active.

If the IDS is disabled during a session, any configuration changes made when
IDS was enabled remain, and can be re-enabled later in the session.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Enables the IDS portion of the Firewall
ENABLE
module.
disable
Disables the IDS portion of the Firewall
DISABLE
module.

Example --> firewall enable IDS

See also FIREWALL ENABLE|DISABLE

156 Chapter 7 – Security & Firewall

FIREWALL ENABLE|DISABLE BLOCKINGLOG

Syntax FIREWALL {ENABLE | DISABLE} BLOCKINGLOG

Description This command enables/disables whether Firewall blocking activity is logged.

To display logging information, the SYSTEM LOG feature must be enabled.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

ENABLE The blocking log is displayed enable
DISABLE The blocking log is not displayed enable

Example --> firewall enable blocking log

See also FIREWALL ENABLE|DISABLE

FIREWALL ENABLE|DISABLE INTRUSIONLOG

Syntax FIREWALL {ENABLE | DISABLE} INTRUSIONLOG

Description This command enables/disables whether details of attempted Firewall intrusion

activity are logged.

To display logging information, the SYSTEM LOG feature must be enabled.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

ENABLE The intrusion log is displayed.
disable
DISABLE The intrusion log is not displayed.

Example --> firewall enable intrusionlog

See also FIREWALL ENABLE|DISABLE BLOCKINGLOG

FIREWALL ENABLE|DISABLE SESSIONLOG

FIREWALL ENABLE|DISABLE SESSIONLOG

Syntax FIREWALL {ENABLE | DISABLE} SESSIONLOG
AT-RG 600 Residential Gateway – Software Reference Manual 157

Description This command enables/disables whether Firewall session events are logged.

To display logging information, the SYSTEM LOG feature must be enabled.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

ENABLE The log of session events is displayed
enable
DISABLE The log of session events is not displayed.

Example --> firewall enable sessionlog

See also FIREWALL ENABLE|DISABLE BLOCKINGLOG

FIREWALL LIST POLICIES

Syntax FIREWALL LIST POLICIES

Description This command lists the following information about policies that were added to the
firewall using the FIREWALL ADD POLICY command:
• Policy ID number
• Policy name
• Interface Type 1 and Interface Type 2 - the two interface types between which a
policy exists (external - internal, external - DMZ or internal - DMZ)
• Validator Allow Only status - true means that allowonly-val was set when the
policy was created. False means that either blockonly-val was set, or no validator
status was set (blockonly-val is the default setting if no status is specified).

Example --> firewall list policies

Firewall Policies:

ID | Name | Type 1 | Type 2 | validator allow only

--------------------------------------------------------
1 | ext-dmz | external | dmz | true
--------------------------------- ----------------------

See also FIREWALL SHOW POLICY

FIREWALL LIST PORTFILTERS

Syntax FIREWALL LIST PORTFILTERS <policyname>

Description This command lists portfilters that were added to a firewall policy using the
FIREWALL ADD PORTFILTER command. It displays the following information:
• Portfilter ID number
158 Chapter 7 – Security & Firewall

• Portfilter name
• Type - port number range or specified port number
• Port range used by the specified TCP or UDP protocol (e.g., 53 for DNS, 25 for
SMTP). For non-TCP/UDP protocols, the port range is set to 0-0.
• In - displays the inbound permission setting (true or false)
• Out - displays the outbound permission setting (true or false)
• Raw - displays whether or not the portfilter uses a non-TCP/UDP protocol (true
or false)
• TCP - displays whether or not the portfilter uses a TCP protocol (true or false)
• UDP - displays whether or not the portfilter uses a UDP protocol (true or false)

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing firewall
policyname policy. To display policy names, use the N/A
FIREWALL LIST POLICIES command.

Example --> firewall list portfilters ext-int

Firewall Port Filters:

ID | Name | Type | Port Range | In | Out | Raw | TCP | UDP

----------------------------------------------------------------------
1 | pf3 | 6 | 25 - 25 |true |true |false |true |false
2 | pf2 | 17 | 53 - 53 |false |true |false |false |true
3 | pf1 | 2 | 0 - 0 |true |false |true |false |false
-----------------------------------------------------------------------

See also FIREWALL LIST POLICIES

FIREWALL SHOW PORTFILTER
For a list of the port numbers and/or numbers assigned to protocols, see
http://www.ietf.org/rfc/rfc1700.txt.

FIREWALL LIST VALIDATORS

Syntax FIREWALL LIST VALIDATORS <policyname>

Description This command lists the following information about validators added to a policy
using the FIREWALL ADD VALIDATOR command:
• Validator ID number
• Validator name
• Direction (inbound, outbound or both)
• Host IP address
AT-RG 600 Residential Gateway – Software Reference Manual 159

• Host mask address

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing firewall

policyname policy. To display policy names, use the N/A
FIREWALL LIST POLICIES command.

Example --> firewall list validators ext-int

Firewall Host Validators:
ID | Name | Direction | Host IP | Mask
-------------------------------------------------------------
2 | v1 | both | 192.168.103.2 | 255.255.255.0
1 | v2 | inbound | 192.168.103.1 | 255.255.255.0

See also FIREWALL ADD VALIDATOR

FIREWALL SHOW VALIDATOR

FIREWALL SET IDS DOSATTACKBLOCK

Syntax FIREWALL SET IDS DOSATTACKBLOCK <duration>

Description This command sets, in the Intrusion Detection Setting (IDS), the duration of the
block that is put in place when a DOS (Denial of Service) is detected. A DOS attack
is an attempt by an attacker to prevent legitimate users from using a service. If a
DOS attack is detected, all hosts that seem to be causing the attack are blocked by
the firewall for a set time limit. This command allows you to specify the duration of
the block.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The length of time (in seconds) for which
the firewall blocks suspicious hosts once a
duration 1800 (30 minutes)
DOS attack attempt has been detected by
the firewall.

FIREWALL SET IDS MAXICMP

Syntax FIREWALL SET IDS MAXICMP <max>

Description This command sets the maximum number of ICMP packets per second that are
allowed by the Firewall before an ICMP Flood is detected. An ICMP Flood is a DOS
160 Chapter 7 – Security & Firewall

(Denial of Service) attack. An attacker tries to flood the network with ICMP packets
in order to prevent transportation of legitimate network traffic.
Once the maximum number of ICMP packets per second is reached, an attempted
ICMP Flood is detected. The firewall blocks the suspected attacker for the time limit
specified in the FIREWALL SET IDS DOSATTACKBLOCK command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The number of ICMP packets per second
max which is deemed to be the threshold for a N/A
ICMP flood attack.

Example --> firewall set IDS MaxICMP 200

FIREWALL SET IDS MAXPING

Syntax FIREWALL SET IDS MAXPING <max>

Description This command sets the maximum number of pings per second that are allowed by
firewall before an Echo Storm is detected. Echo Storm is a DOS (Denial of Service)
attack. An attacker sends oversized ICMP datagrams to the system using the `ping'
command. This can cause the system to crash, freeze or reboot, resulting in denial of
service to legitimate users.
Once the maximum number of pings per second is reached, an attempted DOS
attack is detected. The firewall blocks the suspected attacker for the time limit
specified in the FIREWALL SET IDS DOSATTACKBLOCK command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The maximum number (per second) of
max pings that are allowed before an Echo Storm 15
attempt is detected.

Example --> firewall set IDS MaxPING 25

FIREWALL SET IDS MAXTCPOPENHANDSHAKE

Syntax FIREWALL SET IDS MAXTCPOPENHANDSHAKE <max>

Description This command sets the maximum number of unfinished TCP handshaking sessions
per second that are allowed by firewall before a SYN Flood is detected. SYN Flood
is a DOS (Denial of Service) attack. When establishing normal TCP connections,
three packets are exchanged:
AT-RG 600 Residential Gateway – Software Reference Manual 161

• A SYN (synchronize) packet is sent from the host to the network server
• A SYN/ACK packet is sent from the network server to the host
• An ACK (acknowledge) packet is sent from the host to the network server
If the host sends unreachable source addresses in the SYN packet, the server sends
the SYN/ACK packets to the unreachable addresses and keeps resending them. This
creates a backlog queue of unacknowledged SYN/ACK packets. Once the queue is
full, the system will ignore all incoming SYN requests and no legitimate TCP
connections can be established.
Once the maximum number of unfinished TCP handshaking sessions is reached, an
attempted DOS attack is detected. The firewall blocks the suspected attacker for the
time limit specified in the FIREWALL SET IDS DOSATTACKBLOCK command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The maximum number (per second) of
unfinished TCP handshaking sessions that
max 100
are allowed before a SYN Flood attempt is
detected.

Example --> firewall set IDS MaxTCPopenhandshake 150

FIREWALL SET IDS SCANATTACKBLOCK

Syntax FIREWALL SET IDS SCANATTACKBLOCK <duration>

Description This command allows you to set, in the Intrusion Detection System (IDS), the
duration of the blaock that is put in place when a scan attack is detected. The
firewall detects when the system is being scanned by a suspicious host attempting
to identify any open ports. If scan activity is detected, all hosts that are seen to be
making attacks are blocked by the firewall for a set time limit. This command allows
you to specify the duration of the block.

This CLI command is case-sensitive. You must type the command attributes
exactly as they appear in the command description on this page. If you do not
use the same case-sensitive syntax, the command fails and the CLI displays a
syntax error message.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The length of time (in seconds) that the

86400
duration firewall blocks all suspicious hosts for, after
(one day)
it has detected scan activity on the Firewall.
162 Chapter 7 – Security & Firewall

Example --> firewall set IDS SCANattackblock 43200

FIREWALL SET IDS BLACKLIST

Syntax FIREWALL SET IDS BLACKLIST {ENABLE | DISABLE | CLEAR}

Description This command sets the blacklist IDS (Intrusion Detection Setting). Blacklisting
denies an external host access to the system if IDS has detected certain types of
intrusion from that host. Access to the network is denied for ten minutes.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Enables blacklisting of an external host if
ENABLE IDS has detected an intrusion from that
host.
Disables blacklisting of an external host if disable
DISABLE IDS has detected an intrusion from that
host.
CLEAR Clears blacklisting of an external host.

Example --> firewall set IDS blacklist enable

FIREWALL SET IDS VICTIMPROTECTION

Syntax FIREWALL SET IDS VICTIMPROTECTION {ENABLE <duration> | DISABLE}

Description This command enables/disables the victim protection Intrusion Detection Setting
(IDS). Enabling this command protects the victim from an attempted spoofing
attack.
Web spoofing allows an attacker to create a `shadow' copy of the World Wide Web.
All access to the shadow Web goes through the attacker's machine, so the attacker
can monitor all of the victim's activities and send false data to or from the victim's
machine.
If victim protection is enabled, packets destined for the victim host of a spoofing
style attack are blocked. The command allows you to specify the duration of the
block.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Enables victim protection and blocks
ENABLE
packets destined for the victim host. disable
DISABLE Disables victim protection.
AT-RG 600 Residential Gateway – Software Reference Manual 163

The length of time (in seconds) that the

600
duration firewall blocks packets destined for the
(10 minutes)
victim of a spoofing style attack.

Example --> firewall set IDS victimprotection enable 800

FIREWALL SET SECURITYLEVEL

Syntax FIREWALL SET SECURITYLEVEL {NONE | HIGH | MEDIUM | LOW |
USERDEFINED <slevel>}

Description This command allows you to set which security level is used by the Firewall. There
are three default security levels (high, medium and low) that contain different
security configuration information for each interface connection. Once you have
selected a security level, all IP traffic except the default policies specified will be
blocked by the Firewall.
The security level none blocks all IP traffic for every security interface. The
userdefined option allows you to select a security configuration that you have
previously created. There are three types of interface connections:

• Between the external interface and internal interface

• Between the external interface and the de-militarized zone (DMZ)
• Between the DMZ and the internal interface
Selecting a security level deletes the previous security level, and any policies or
portfilters set, and replaces them with the newly selected level.
You can add your own security policies using the FIREWALL ADD POLICY
command.

Options The following tables describes the default policies enabled in the firewall for each of
the high, medium and low security levels. The tables tell you whether a certain
service can be accepted in or allowed out by a specific policy:

HIGH External < > External < > DMZ < >
SECURITY LEVEL Internal DMZ Internal
Service Port In Out In Out In Out
http 80 x ✓ ✓ ✓ ✓ ✓
dns 53 x ✓ x ✓ x ✓
telnet 23 x x x x x x
smtp 25 x ✓ ✓ ✓ ✓ ✓
pop3 110 x ✓ ✓ ✓ ✓ ✓
nntp 119 x x x x x x
real audio/video 7070 x x x x x x
icmp N/A x ✓ x ✓ x ✓
H.323 1720 x x x x x x
T.120 1503 x x x x x x
SSH 22 x x x x x x
164 Chapter 7 – Security & Firewall

MEDIUM External < > External < > DMZ < >
SECURITY LEVEL Internal DMZ Internal
Service Port In Out In Out In Out
http 80 x ✓ ✓ ✓ ✓ ✓
dns 53 x ✓ ✓ ✓ ✓ ✓
telnet 23 x ✓ x ✓ x ✓
smtp 25 x ✓ ✓ ✓ ✓ ✓
pop3 110 x ✓ ✓ ✓ ✓ ✓
nntp 119 x ✓ ✓ ✓ ✓ ✓
real audio/video 7070 ✓ x x ✓ x ✓
icmp N/A x ✓ x ✓ x ✓
H.323 1720 x ✓ x ✓ x ✓
T.120 1503 x ✓ x ✓ x ✓
SSH 22 x ✓ x ✓ x ✓

LOW External < > External < > DMZ < >
SECURITY LEVEL Internal DMZ Internal
Service Port In Out In Out In Out
http 80 x ✓ ✓ ✓ ✓ ✓
dns 53 ✓ ✓ ✓ ✓ ✓ ✓
telnet 23 x ✓ ✓ ✓ ✓ ✓
smtp 25 x ✓ ✓ ✓ ✓ ✓
pop3 110 x ✓ ✓ ✓ ✓ ✓
nntp 119 x ✓ ✓ ✓ ✓ ✓
real audio/video 7070 ✓ x ✓ ✓ ✓ ✓
icmp N/A ✓ ✓ ✓ ✓ ✓ ✓
H.323 1720 ✓ ✓ ✓ ✓ ✓ ✓
T.120 1503 ✓ ✓ ✓ ✓ ✓ ✓
SSH 22 ✓ ✓ ✓ ✓ ✓ ✓

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable):

Option Description Default Value

Your system blocks all IP traffic between

NONE
interfaces.
Your system uses the high firewall security
HIGH level, providing a high level of firewall
security between interfaces.
Your system uses the medium firewall
MEDIUM security level, providing a medium level of none
firewall security between interfaces.
Your system uses the low firewall security
LOW level, providing a low level of firewall
security between interfaces.
Your system uses a security configuration
USERDEFINED
that you have previously created.
AT-RG 600 Residential Gateway – Software Reference Manual 165

The name of the security configuration level

slevel N/A
that you have previously created.

Example --> firewall set securitylevel medium

See also FIREWALL ADD POLICY

For more information on ports assigned to protocols, see
http://www.ietf.org/rfc/rfc1700.txt

FIREWALL SHOW IDS

Syntax FIREWALL SHOW IDS

Description This command displays the following information about the Firewall IDS settings:
• IDS enabled status (true or false)
• Blacklist status (true or false)
• Use Victim Protection status (true or false)
• DOS attack block duration (in seconds)
• Scan attack block duration (in seconds)
• Victim protection block duration (in seconds)
• Maximum TCP open handshaking count allowed (per second)
• Maximum ping count allowed (per second)
• Maximum ICMP count allowed (per second)

Example --> firewall show IDS

Firewall IDS:

IDS Enabled: true

Use Blacklist: true
Use Victim Protection: true
Dos Attack Block Duration: 1800
Scan Attack Block Duration: 10
Victim Protection Block Duration: 600
Max TCP Open Handshaking Count: 100
Max PING Count: 20
Max ICMP Count: 100

FIREWALL SHOW POLICY

Syntax FIREWALL SHOW POLICY <name>

Description This command displays information about a single policy that was added to the
firewall using the FIREWALL ADD POLICY command.
A policy exists between two interface types that were set using the FIREWALL ADD
POLICY command. This command displays what these interface types are, and the
allow only validator status; true means that allowonly-val was set when the policy
166 Chapter 7 – Security & Firewall

was created; false means that either blockonly-val was set, or no validator status was
set (blockonly-val is the default setting if no status is specified).

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing firewall

name policy. To display policy names, use the N/A
FIREWALL LIST POLICIES command.

Example --> firewall show policy p2

Firewall Policy: ext-dmz

Interface Type 1: external

Interface Type 2: dmz

See also FIREWALL LIST POLICIES

FIREWALL SHOW PORTFILTER

Syntax FIREWALL SHOW PORTFILTER <name> <policyname>

Description This command displays information about a single portfilter that was added to a
firewall policy using the FIREWALL POLICY ADD PORTFILTER command. The
following portfilter information is displayed:
• Portfilter name
• Transport type used by the protocol (e.g., 6 for SMTP)
• Start of the port range
• End of the port range
• Inbound permission (true or false)
• Outbound permission (true or false)
• Raw IP - whether the portfilter uses a non-TCP/UDP protocol (true or false)
• TCP permission - whether the portfilter uses a TCP protocol (true or false)
• UDP permission - whether the portfilter uses a UDP protocol (true or false)

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing portfilter.

name To display portfilter names, use the N/A
FIREWALL LIST PORTFILTERS command.
AT-RG 600 Residential Gateway – Software Reference Manual 167

A name that identifies an existing firewall

policyname policy. To display policy names, use the N/A
FIREWALL LIST POLICIES command.

Example --> firewall show portfilter pf3 ext-int

Firewall Port Filter: pf3

Transport type: 6
Port number start: 25
Port number end: 25
Inbound permission: true
Outbound permission: true
Raw IP: false
TCP permission: true
UDP permission: false

See also FIREWALL LIST POLICIES

FIREWALL LIST PORTFILTERS

FIREWALL SHOW VALIDATOR

Syntax FIREWALL SHOW VALIDATOR <name> <policyname>

Description This command displays information about a single validator that was added to
firewall policy using the FIREWALL ADD VALIDATOR command. The following
validator information is displayed:
• Validator name
• Direction (inbound, outbound or both)
• Base IP address of the range to which the validator applies
• Netmask defining the range of addresses to which the validator applies

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing validator. To
name display validator names, use the FIREWALL N/A
LIST VALIDATORS command.
A name that identifies an existing firewall policy.
policyname To display policy names, use the FIREWALL N/A
LIST POLICIES command.

Example --> firewall show validator v1

Firewall Host Validator: v1

Direction: both
Host IP: 192.168.103.2
Host Mask: 255.255.255.0
168 Chapter 7 – Security & Firewall

See also FIREWALL ADD VALIDATOR

FIREWALL LIST VALIDATORS

FIREWALL STATUS
Syntax FIREWALL STATUS

Description This command displays the following information about the Firewall:
• Firewall status (enabled or disabled)
• Security level setting (none, high, low or medium)
• Firewall logging status:
• session logging (enabled or disabled)
• blocking logging (enabled or disabled)
• intrusion logging (enabled or disabled)

Example --> firewall status

Firewall enabled.
Firewall security level: medium.
Firewall session logging enabled.
Firewall blocking logging enabled.
Firewall intrusion logging disabled.

See also FIREWALL ENABLE|DISABLE

FIREWALL SET SECURITYLEVEL
FIREWALL ENABLE|DISABLEBLOCKINGLOG
FIREWALL ENABLE|DISABLE SESSIONLOG
AT-RG 600 Residential Gateway – Software Reference Manual 169

Chapter 8

Network Address Translation - NAT

Network Address Translation

NAT stands for Network Address Translation. In short, it is a mechanism by which
the IP addresses of packets are changed as they go through a routing device. The
reason for doing such a translation is to enable a device to appear to have one
address to hosts on one side of the NATing router, and another address to hosts on
the other side of the NATing router.
At first glance, it might seem a very strange thing to want to change the addresses
inside IP packets. However, there are some useful applications for this, briefly
explained in the following.

Address conservation
The most common application of NAT is to make better use of the increasingly scant
resource that is the public IP address. As the number of people connecting to the
Internet has exploded, it has reached the stage where there are just not enough IP
addresses available to give an individual address to every Internet-connected
device. So, a prime purpose of NAT is to enable a whole network to access the
Internet using just a single public IP address (see figure 10).
170 Chapter 8 – Network Address Translation - NAT

10.0.0.3

10.0.0.2 24.2.249.4
Internet

AT-RG6xx

(Router with NAT)

10.0.0.1

10.0.0.4

Figure 10. Address Conservation using NAT

Security
The security provided by NAT is really a by-product of the address conservation
purpose. The fact is that NAT aims to translate the source addresses of packets
originating from within the local private network; when reply packets come back
from the Internet, they can be passed back to the hosts on the Private network as the
NAT process keeps an internal table that enables it to know which replies are
actually destined to which private hosts.
So, if a packet comes from the Internet that is not a reply to a packet sent from the
inside, then that NAT process does not know who to forward it to, and has to drop
it.
So, this makes it very difficult for devices on the Internet to initiate incoming
sessions to hosts on the private network; when the packet that is trying to initiate
the session arrives at the NAT device, it gets dropped.
In addition, because the NAT process has to process all the packets passing through
it, in order to pass them to the right internal host, it is quite easy to build in an
ability to look for attacks – SYN floods, Pings of Death, IP Spoofing etc are quite
easy to recognize as packets are being examined on the way through the NAT
device.

How does NAT work?

The trick to NAT is to make use of the Port fields in TCP and UDP.
In TCP and UDP packets, there are 4 fields that identify a particular session:

The particular value of the source port number in a session is not important, so the
NAT device is free to change the source port numbers in packets. This freedom to
change the source port number is the central key to NAT. This enables it to make
AT-RG 600 Residential Gateway – Software Reference Manual 171

sure that every TCP or UDP session that it sends out to the Internet has a UNIQUE
source port number.
Consider the problem that would occur if the NAT device was not free to change the
source port number; only the source address:
If two hosts on the private LAN happened to create sessions using the same source
port number, and same destination address and same destination port number, then
the only thing that would be different between the packets in one session and those
in the other session would be the source IP addresses. However, once the NAT
device had changed the source IP addresses to the global IP address, there would be
nothing to differentiate the packets. The host at the other end of the connection
would think that all the packets were from the same session, which would cause
chaos.
So, it is very important that the NAT device is also able to change the source port
number, so that the problem described above will never happen.
Therefore the NAT device can intercept TCP and UDP sessions coming from Private
hosts, change the source addresses AND source port numbers in the packets, and
store away the original IP address and port number in a table, along with the newly
substituted port number (so that the original values can be restored in the reply
packet when it comes).
So, the process that occurs is:
• the NAT device receives the packet
• changes the source IP address in the packets to the global IP address
• looks up in its table for an entry containing the source port number and original
source address of the packet
• if it finds an entry, it takes the substitution port number in the table entry,
and changes the source port number of the packet to this substitution
number
• if it does not find an entry, it generates a new substitution port number, and
creates a new table entry containing the original source IP address of the
packet, its original source port number, and the newly generated
substitution port number. Changes the source port number of the packet to
this substitution number.

• Sends the packet on out the public interface.

• the packet goes off to the destination host, which sends a reply, in which source
and destination IP address are swapped, and source and destination port number
are swapped
• the reply packet arrives back at the NAT device, which receives it
• the destination port number is looked for in the table
• if it is found, the packet is recognized as being a reply for an existing
session, and the source IP and source Port number in the table entry are put
into the destination IP address and destination port number fields of the
packet, and the packet is then sent onto the private LAN.
• If it is not found, then it is not clear where the packet should be sent, and so
it is dropped.
172 Chapter 8 – Network Address Translation - NAT

What about protocols other than UDP and TCP?

The description above involves a lot of use of port numbers. Unfortunately, the
port-number fields are only present in TCP and UDP packets. For other IP protocols,
like ICMP, OSPF, GRE, IPSEC, etc other methods have to be used.
In the case of ICMP, things are a little more complicated. For Ping packets, there is
an identifier field in the packet, that uniquely identifies each ping – NAT can make
use of this field in a similar way to the UDP/TCP port number. For other ICMP
information messages (port unreachable, host unreachable, etc) there are often IP
addresses of the hosts inside the data section of the packet - there is extra work
required for the NAT device to look inside the ICMP packet, and translate these
addresses as necessary.
For most other IP protocols, though, there usually is not a field in the packet that can
uniquely identify a communication session (and therefore, which host on the LAN
to send the replies to). So, usually, a static mapping (probably user configured) has
to be used – e.g. a mapping like ‘all GRE packets arriving at the public interface,
with a particular destination address, will be sent to a particular address on the
private LAN’.
So, there typically just is not the flexibility with the other protocols that there is with
TCP and UDP.

How can you let sessions into servers on the private

LAN?
Up until now, we have been looking at the situation where a host on the private
LAN initiates a session to some external host. So, the NAT device intercepts the
packets on the way out, and is associating source port numbers with internal IP
addresses.
However, what about the case where an external host wants to connect a host on the
Private LAN? This session will, of course, be initiated by an incoming packet
arriving at the public interface. It has been stated above that in general, such a
packet will have to be dropped – if it is not a reply to an outgoing packet, there is no
information about which internal host to forward it to.
However, you may wish to actually make it possible for incoming sessions to access
certain hosts on the private LAN. This has to be done by configuring specific static
port mappings. For example, a mapping can be configured such that any TCP
session coming into port 80 on the public interface is forwarded to a particular host
on the private LAN; and any TCP session coming into port 25 on the public interface
is forwarded to another (or maybe the same) host on the private LAN, and so on.
In this way, servers on the private LAN can be made available for connections from
external hosts. Of course, for any given port number, only one mapping is possible –
so it is only possible to make one Web Server, one Mail Server, one FTP server, etc
available.
In the diagram below, we see a case of allowing external access to an FTP server and
a WWW server. This would be achieved by have two static mappings on the NAT
device:
Incoming sessions to TCP port 21 are mapped to internal IP address 192.168.0.3
Incoming sessions to TCP port 80 are mapped to internal IP address 192.168.0.2
AT-RG 600 Residential Gateway – Software Reference Manual 173

FTP Server IP:

ftp://24.x.x.x (port 21) 192.168.0.3

WAN IP
24.10.2.45

Internet
AT-RG6xx

http://24.x.x.x (port 80)

Web Server IP:
192.168.0.2

Figure 11. External access to an FTP server

NAT support on AT-RG6xx Residential Gateway

series
AT-RG613, AT-RG623 and AT-RG656 NAT module is designed to provide the
following features:
• global IP address pools
• reserved mappings
• application level gateways (ALGs)
NAT services are available between External security interface and Internal Security
interfaces.
In order to access NAT services, the NAT module must be enabled between a a pair
of interfaces by using the NAT ENABLE command and assigning an arbitrary name
to this relationship.

Before enabling NAT, the Security module must be already enabled using
SECURITY ENABLE command.

See Security section for details regarding security interfaces.

Global IP Address Pools

A Global Address Pool is a pool of addresses seen from the external network. By
default, each external interface creates a Global Address Pool with a single address –
the address assigned to that interface.
For outbound sessions, an address is picked from a pool by hashing the source IP
address for a pool index and then hashing again for an address index. For inbound
174 Chapter 8 – Network Address Translation - NAT

sessions to make use of the global pool, it is necessary to create a reserved mapping.
See below for more information on reserved mappings.

Reserved Mappings
Reserved mapping is used to support NAT traversal.
NAT traversal is a mechanism that makes a service (listening port) on an internal
computer accessible to external computers. NAT traversal operates by having the
NAT listen for incoming messages on a selected port on its external interface. When
the NAT receives a message, it uses its internal interface to forward the packet to the
same port number on a selected internal computer (And any responses from the
internal computer are forwarded to the requesting external computer).
Reserved mappings can also be used so that different internal hosts can share a
global address by mapping different ports to different hosts.
For example, Host A is an FTP server and Host B is a web server.
By choosing a particular IP address in the global address pool, and mapping the
FTP port on this address to the FTP port on Host A and the HTTP port on the global
address to the HTTP port on Host B, both internal hosts can share the same global
address.
To add a reserved mapping rule to an existing NAT relation, use NAT ADD
RESVMAP INTERFACE command.
With this command it is possible set a mapping rule based on port number or
protocol number.
Setting the protocol number to 255(0xFF) means that the mapping will apply to all
protocols. Setting the port number to 65535(0xFFFF) for TCP or UDP protocols
means that the mapping will apply to all port numbers for that protocol.

Application Level Gateways (ALGs)

Some applications embed address and/or port information in the payload of the
packet.
The most notorious of these is FTP. For most applications, it is sufficient to create a
trigger with address replacement enabled. However, there are 3 applications for
which a specific ALG is provided: FTP, NetBIOS and DNS.

Interactions of NAT and other security features.

Firewall filters and reserved mappings.

So far, the NAT reserved mappings have been considered independently of the
firewall.
If the firewall is not enabled, then all that is required to enable NAT to allow in TCP
sessions to a certain port number is to create a reserved mapping for that particular
TCP port number.
However, if the firewall is enabled, there is a matter of precedence to consider if
reserved mapping has been created for a particular TCP port but the firewall is not
configured to allow in TCP data for that port.
AT-RG 600 Residential Gateway – Software Reference Manual 175

In this case the blocking by the firewall will take precedence

So, when the firewall has been enabled, care must be taken to ensure that when
NAT reserved mapping are created, the firewall is also configured to allow in the
traffic for which the reserve mapping is defined.

NAT and Dynamic Port Opening

The description of Dynamic Port Opening (see Security section) discussed that
feature in the context of the firewall – ie the Dynamic Port Opening feature was
presented as being required to allow secondary sessions in through the firewall.
It should be noted that, by default, incoming sessions are not allowed through by
NAT either. So, if NAT is enabled, even if the firewall is not enabled, then if you
wish to be able to access services that involve incoming secondary sessions, then
you will need to create Dynamic Port Opening definitions for those services.
So, for example, if you have NAT enabled on the router, and wish for users on the
LAN to be able to successfully access external RealServers, it will be necessary to
create a dynamic port opening definition.

NAT and secondary IP addresses

NAT services work also with secondary IP addresses.
In this case it's necessary create a secondary IP address using IP INTERFACE ADD
SECONDARYIPADDRESS command and then create a security interface based on
this secondary IP interface.
Then a global pool must be added and a reserved mapping configured. If using
PPPoE encapsulation, secondary IP addresses in the global pool must be on a
separate subnet. If the secondary IP addresses are on the same subnet as the external
IP address, the addresses are not visible to the external network.
176 Chapter 8 – Network Address Translation - NAT

NAT Command Reference

This section describes the commands available on AT-RG613, AT-RG623 and AT-
RG656 residential Gateway to enable, configure and manage NAT module.

NAT CLI commands

The table below lists the nat commands provided by the CLI:

Command

NAT ADD GLOBALPOOL

NAT ADD RESVMAP GLOBALIP
NAT ADD RESVMAP INTERFACENAME
NAT CLEAR GLOBALPOOLS
NAT CLEAR RESVMAPS
NAT DELETE GLOBALPOOL
NAT DELETE RESVMAP
NAT DISABLE
NAT ENABLE
NAT IKETRANSLATION
NAT LIST GLOBALPOOLS
NAT LIST RESVMAPS
NAT SHOW GLOBALPOOL
NAT SHOW RESVMAP
NAT STATUS

NAT ADD GLOBALPOOL

Syntax NAT ADD GLOBALPOOL <name> <interfacename> {INTERNAL|DMZ} <ipaddress>
{SUBNETMASK <mask>|ENDADDRESS <address>}

Description The nat enable command creates an IP address for the external security interface.
However, you may want to use more than one external IP address. For example, if
your ISP provides multiple IP addresses, you might want to map one external
address to your internal web server, and map another external address to your
internal mail server.
This command creates a pool of external network addresses. A network address
pool is a range of IP addresses that is visible outside your network. NAT translates
packets between the external addresses and the internal addresses that each address
is mapped to.
AT-RG 600 Residential Gateway – Software Reference Manual 177

There are two ways to specify a range of IP addresses:

• specify the interfacename IP address and a subnet mask
• specify the interfacename IP address that represents the first address in the range,
then specify the last address in the range
If you want to map IP addresses to individual hosts on an internal interface, you can
use the command NAT ADD RESVMAP.

Before adding a global address pool, the NAT module must be enabled using
the command NAT ENABLE.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies a global

network address or pool of addresses. It can
name be made up of one or more letters or a N/A
combination of letters and digits, but it
cannot start with a digit.
The name of an existing security interface
(external or DMZ) created and connected to
an internal interface (DMZ or internal)
interfacename N/A
using the NAT ENABLE command. To
display security interfaces, use the
SECURITY LIST INTERFACES command.
Maps the global IP addresses to hosts on the
INTERNAL N/A
network attached to the internal interface.
Maps the global addresses to hosts on the
DMZ N/A
network attached to the DMZ interface.
The IP address of the interfacename that is
ipaddress N/A
visible outside the network.
The subnet mask that defines the range of
mask N/A
addresses in the pool.
The last IP address in the range of addresses
endaddress N/A
that make up the global address pool.

Example 1 This example creates a network address pool that allows NAT to translate packets
between the external interface and the DMZ interface type.
First, NAT is enabled between the external interface and the DMZ interface type:

--> nat enable n1 extinterface dmz

Then the global address pool is created, by defining IP address and netmask:
178 Chapter 8 – Network Address Translation - NAT

--> nat add globalpool gp1 extinterface dmz 192.168.102.3

subnetmask 255.255.255.0

Example 2 This example creates a network address pool that allows NAT to translate packets
between the external interface and the internal interface type.
First NAT is enabled between the external interface and the internal interface type:

--> nat enable n2 extinterface internal

Then the global pool is created, by defining the start and end addresses of the pool:
--> nat add globalpool gp2 extinterface internal 192.168.103.2
endaddress 192.168.103.50

See also NAT ENABLE

NAT STATUS
SECURITY LIST INTERFACES
Once you have created an address pool, packets received on a specific IP address
can be mapped to individual hosts inside the network. See NAT ADD RESVMAP.

NAT ADD RESVMAP GLOBALIP

Syntax NAT ADD RESVMAP <name> GLOBALIP <interfacename> <globalip> <internalip> {TCP
<portno>|UDP <portno> | ICMP | IGMP | IP| EGP| RSVP| OSPF| IPIP| ALL }

Description This command maps an IP address from a global pool (created using the NAT ADD
GLOBALPOOL command) to an individual IP address inside the network. NAT
translates packets between the external IP address and the individual host based on
the transport information given in this command.

Note: Before you can add a reserved mapping, you must create a NAT
relationship using the command NAT ENABLE.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies a reserved
mapping configuration. It can be made up
name of one or more letters or a combination of N/A
letters and digits, but it cannot start with a
digit.
The name of an existing security interface
(external or DMZ) created and connected to
an inside interface (DMZ or internal) using
interfacename N/A
the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.
AT-RG 600 Residential Gateway – Software Reference Manual 179

An external IP address that is a member of a

globalip global address pool created using the ADD N/A
GLOBALPOOL command.
The IP address of an individual host inside
internalip the network (attached to the internal or N/A
DMZ interface).
The TCP port number that you want to use
(TCP) portno N/A
in your reserved mapping configuration.
The UDP port number that you want to use
(UDP) portno N/A
in your reserved mapping configuration.
Internet Control Message Protocol (ICMP)
packets are to be translated. ICMP messages
ICMP are used for out-of-band messages related N/A
to network operation or mis-operation. See
http://www.ietf.org/rfc/rfc0792.txt.
Internet Group Management Protocol
(IGMP) is set as the transport type. Allows
IGMP N/A
Internet hosts to participate in multicasting.
See http://www.ietf.org/rfc/rfc1112.txt.
Internetwork Protocol (IP). Provides all of
the Internet's data transport services.
IP N/A
http://www.ietf.org/rfc/rfc791.txt and
http://www.ietf.org/rfc/rfc919.txt.
Exterior Gateway Protocol (EGP) packets
are to be translated. This is a protocol for
EGP exchanging routing information between N/A
autonomous systems. See
http://www.ietf.org/rfc/rfc904.txt.
Resource Reservation Protocol (RSVP
packets are to be translated. Supports the
RSVP reservation of resources across an IP N/A
network. See
http://www.ietf.org/rfc/rfc2205.txt.
Open Shortest Path First (OSPF) packets are
OSPF to be translated. A link-state routing N/A
protocol. See http://www.ietf.org/rfc/rfc1583.
IP-within-IP Encapsulation packets are to be
translated. This protocol encapsulates an IP
IPIP N/A
datagram within a datagram. See
http://www.ietf.org/rfc/rfc2896.txt.
All traffic is translated between the global
ALL IP address and the specified inside address N/A
that it is mapped to.

Example --> nat add resvmap rm1 globalip extinterface 192.168.68.68

10.10.10.10 tcp 25
180 Chapter 8 – Network Address Translation - NAT

See also NAT ENABLE

NAT LIST GLOBALPOOLS
NAT STATUS
SECURITY LIST INTERFACES

NAT ADD RESVMAP INTERFACE NAME

Syntax NAT ADD RESVMAP <name> INTERFACENAME <interfacename> <internalip> {TCP
<portno>|UDP <portno>|ICMP|IGMP|IP|EGP|RSVP|OSPF|IPIP|ALL}

Description This command maps an external IP security interface (included in a NAT

relationship created using the NAT ENABLE command) to an individual IP address
inside the network. NAT translates packets between the external IP address and the
individual host based on the transport information given in this command.

Note: Before you can add a reserved mapping, you create a NAT relationship
using the command NAT ENABLE.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies a reserved
mapping configuration. It can be made up
name of one or more letters or a combination of N/A
letters and digits, but it cannot start with a
digit.
The name of an existing security interface
(external or DMZ) created and connected to
an inside interface (DMZ or internal) using
interfacename N/A
the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.
The IP address of an individual host inside
internalip the network (connected to the internal or N/A
DMZ interfaces).
The TCP port number that you want to use
(TCP) portno N/A
in your reserved mapping configuration.
The UDP port number that you want to use N/A
(UDP) portno
in your reserved mapping configuration.
Internet Control Message Protocol (ICMP)
packets are to be translated. ICMP messages
ICMP are used for out-of-band messages related N/A
to network operation or mis-operation. See
http://www.ietf.org/rfc/rfc0792.txt.
AT-RG 600 Residential Gateway – Software Reference Manual 181

Internet Group Management Protocol

(IGMP) packets are to be translated. Allows
IGMP N/A
Internet hosts to participate in multicasting.
See http://www.ietf.org/rfc/rfc1112.txt.
Internetwork Protocol (IP). Provides all of
the Internet's data transport services.
IP N/A
http://www.ietf.org/rfc/rfc791.txt and
http://www.ietf.org/rfc/rfc919.txt.
Exterior Gateway Protocol (EGP) packets
are to be translated. Protocol for exchanging
EGP N/A
routing information between autonomous
systems. See http://www.ietf.org/rfc/rfc904.txt.
Resource Reservation Protocol (RSVP
packets are to be translated. Supports the
RSVP reservation of resources across an IP N/A
network. See
http://www.ietf.org/rfc/rfc2205.txt.
Open Shortest Path First (OSPF packets are
OSPF to be translated. A link-state routing N/A
protocol. See http://www.ietf.org/rfc/rfc1583.
IP-within-IP Encapsulation packets are to be
translated. This protocol encapsulates an IP
IPIP N/A
datagram within a datagram. See
http://www.ietf.org/rfc/rfc2896.txt.
All traffic is translated between the global
ALL IP address and the specified inside address N/A
that it is mapped to.

Example --> nat add resvmap rm1 interfacename extinterface 10.10.10.10

tcp 25

See also NAT ENABLE

SECURITY LIST INTERFACES

NAT CLEAR GLOBALPOOLS

Syntax NAT CLEAR GLOBALPOOLS <interfacename>

Description This command deletes all address pools that were added to a specific outside
interface using the NAT ADD GLOBALPOOL command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The name of an existing security interface
interfacename N/A
(external or DMZ) created and connected to
182 Chapter 8 – Network Address Translation - NAT

an inside interface (DMZ or internal) using

the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.

Example --> nat clear globalpools extinterface

See also NAT ADD GLOBALPOOL

SECURITY LIST INTERFACES

NAT CLEAR RESVMAPS

Syntax NAT CLEAR RESVMAPS <interfacename>

Description This command deletes all NAT reserved mappings that were added to an outside
security interface using the NAT ADD RESVMAP command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The name of an existing security interface
(external or DMZ) created and connected to
an inside interface (DMZ or internal) using
interfacename N/A
the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.

Example --> nat clear resvmaps extinterface

See also NAT DELETE RESVMAP

SECURITY LIST INTERFACES

NAT DELETE GLOBALPOOL

Syntax NAT DELETE GLOBALPOOL <name> <interfacename>

Description This command deletes a single address pool that was added to a specific external
interface using the NAT ADD GLOBALPOOL command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

name A name that identifies an existing global IP
address. To display global IP addresses, use N/A
the NAT LIST GLOBALPOOLS command.
AT-RG 600 Residential Gateway – Software Reference Manual 183

The name of an existing security interface

(external or DMZ) created and connected to
an inside interface (DMZ or internal) using
interfacename N/A
the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.

Example --> nat delete globalpool gp1 extinterface

See also NAT ADD GLOBALPOOL

NAT LIST GLOBALPOOLS
SECURITY LIST INTERFACES

NAT DELETE RESVMAP

Syntax NAT DELETE RESVMAP <name> <interfacename>

Description This command deletes a single NAT reserved mapping that was added to an
external security interface using the NAT ADD RESVMAP command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing global IP
name address. To display global IP addresses, use N/A
the NAT LIST RESVMAPS command.
The name of an existing security interface
(external or DMZ) created and connected to
an inside interface (DMZ or internal) using
interfacename N/A
the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.

Example --> nat delete resvmap rm1 extinterface

See also NAT ENABLE

NAT LIST RESVMAPS
SECURITY LIST INTERFACES

NAT DISABLE
Syntax NAT DISABLE <name>

Description This command disables a NAT relationship that was previously enabled between a
a security interface and another generic interface type, using the NAT ENABLE
command. NAT is disabled between the security interface and all the interfaces that
belong to the chosen interface type.
184 Chapter 8 – Network Address Translation - NAT

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The name of an existing NAT relationship
created between a security interface and an
name interface type using the NAT ENABLE N/A
command. To display enabled NAT objects,
use the NAT STATUS command.

Example --> nat disable nat1

See also NAT ENABLE

NAT STATUS

NAT ENABLE
Syntax NAT ENABLE <name> <interfacename> {INTERNAL|DMZ}

Description This command enables NAT between an existing security interface and a network
interface type. NAT is enabled between the security interface and all the interfaces
that belong to the chosen network interface type.

Note - You must enable the Security package using the command SECURITY
ENABLE if you want to use the NAT module.

An interface is either an inside or outside interface. The network attached to an inside

interface needs to be protected from the network attached to an outside interface.
For example, the network attached to an internal interface (inside) needs to be
protected from the network attached to a DMZ (outside). Also, you can only enable
NAT between two different interface types. For example, if interfacename is an
external interface type, you can enable NAT between the interfacename and the
internal or the DMZ interface type, but not the external interface type. The following
interface combinations are the only ones that you can use:
• external (outside) and internal (inside)
• external (outside) and DMZ (inside)
• DMZ (outside) and internal (inside)
The existing security interface must be an outside interface. NAT translates packets
between the outside interface and the inside interface type. In this way, the IP
address of a host on a network attached to an inside interface is hidden from a host
on a network attached to an outside interface.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

 AT-RG 600 Residential Gateway – Software Reference Manual 185

An arbitrary name that identifies a NAT

object enabled between a security interface
and an interface type. It can be made up of
name N/A
one or more letters or a combination of
letters and digits, but it cannot start with a
digit.
The name of an existing security interface
(external or DMZ) that was added to the
Security package using the SECURITY ADD
interfacename N/A
INTERFACE command. To display security
interfaces, use the SECURITY LIST
INTERFACES command.
Allows NAT to be enabled/disabled
INTERNAL between the interface interfacename and all N/A
interfaces of the internal interface type.
Allows NAT to be enabled/disabled
between the interface interfacename and all
DMZ interfaces of the DMZ interface type. The N/A
interfacename must be an external interface
type.

Example --> nat enable nat1 extinterface internal

See also NAT DISABLE

NAT STATUS
SECURITY LIST INTERFACES
SECURITY ADD INTERFACE

NAT IKETRANSLATION
Syntax NAT IKETRANSLATION {COOKIES | PORTS}

Description This command supports NAT IPSec traversal. It allows you to specify how Internet
Key Exchange (IKE) packets are translated.

IKE establishes a shared security policy and authenticates keys for services that require keys, such as IPSec.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Source port will not be translated for IKE
COOKIES packets; IKE cookies are used to identify ports
IKE sessions.
Source port will be translated for IKE
PORTS ports
packets.

Example --> nat iketranslation cookies

186 Chapter 8 – Network Address Translation - NAT

NAT LIST GLOBALPOOLS

Syntax NAT LIST GLOBALPOOLS <interfacename>

Description This command lists the following NAT address pool information for a specific
outside interface:
• Address pool identification number
• Address pool name
• Type of inside interface (internal or DMZ)
• Subnet configuration status (true if the network pool was set using a subnet mask,
false if it was set using a range of IP addresses)
• IP address - the outside network IP address or the first address in the range of
network pool addresses
• Mask/End Address - the outside subnet mask of the outside network IP address
or the last address in the range of network pool addresses

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 187

Option Description Default Value

The name of an existing security interface
(external or DMZ) created and connected to
an inside interface (DMZ or internal) using
interfacename N/A
the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.

Example
--> nat list globalpools extinterface
NAT global address pool:

ID | Name | Type | Subnet | IP address | Mask/End Address

----------------------------------------------------------------------
1 | gp1 | dmz | true | 192.168.102.3 | 255.255.255.0
2 | g2 | internal | false | 192.168.103.2 | 192.168.103.50
----------------------------------------------------------------------

See also SECURITY LIST INTERFACES

NAT SHOW GLOBALPOOL

NAT LIST RESVMAPS

Syntax NAT LIST RESVMAPS <interfacename>

Description This command lists the following reserved mapping information for a specific
outside security interface:
• Reserved mapping identification number
• Reserved mapping name
• Global address - the IP address of the outside security interface that is mapped to
the inside IP address
• Internal address - the IP address inside the network that the global IP address is
mapped to
• Transport type (IGMP, IPIP etc.)
• Port - TCP or UDP port used by the transport type. If a non-TCP/UDP protocol is
used, the port is set to 0.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

188 Chapter 8 – Network Address Translation - NAT

The name of an existing security interface

(external or DMZ) created and connected to
an inside interface (DMZ or internal) using
interfacename N/A
the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.

Example
--> nat list resvmaps extinterface
NAT reserved mappings:
ID | Name | Global Address | Internal Address | Type | Port
-----------------------------------------------------------------------
1 | rm2 | 192.168.103.2 | 10.10.10.10 | tcp | 25
2 | rm1 | 192.168.103.15 | 20.20.20.20 | udp | 21
-----------------------------------------------------------------------

See also SECURITY LIST INTERFACES

NAT SHOW GLOBALPOOL

Syntax NAT SHOW GLOBALPOOL <name> <interfacename>

Description This command displays information about a single network address pool that has
been added to an outside interface:
• Type of inside interface (internal or DMZ)
• Subnet configuration status (true if the network pool was set using a subnet mask,
false if it was set using a range of IP addresses)
• IP address - the outside network IP address or the first address in the range of
addresses
• Subnet Mask or End Address - the subnet mask used to define the global address
range or the last address in the range of addresses

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing global IP

name address. To display global IP addresses, use N/A
the NAT LIST GLOBALPOOLS command.
The name of an existing security interface
(external or DMZ) created and connected to
an inside interface (DMZ or internal) using
interfacename N/A
the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.

Example --> nat show globalpool gpl extinterface

NAT global address pool: gp1
AT-RG 600 Residential Gateway – Software Reference Manual 189

Interface type: dmz

Subnet configuration: true
IP address: 192.168.102.3
Subnet mask or End Address: 255.255.255.0

See also NAT LIST GLOBALPOOLS

SECURITY LIST INTERFACES

NAT SHOW RESVMAP

Syntax NAT SHOW RESVMAP <name> <interfacename>

Description This command displays the following information about a single reserved mapping
configuration that has been added to an outside security interface:
• Global IP address
• Internal IP address
• Transport type
• Port number

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing global
name pool. To display global pool names, use the N/A
NAT LIST RESVMAPS command.
The name of an existing security interface
(external or DMZ) created and connected to
an inside interface (DMZ or internal) using
interfacename N/A
the NAT ENABLE command. To display
security interfaces, use the SECURITY LIST
INTERFACES command.

Example --> nat show resvmap rm1 extinterface

NAT reserved mapping: rm1

Global IP address: 192.168.103.15

Internal IP address: 20.20.20.20
Transport type: tcp
Port number: 25

See also NAT LIST RESVMAPS

SECURITY LIST INTERFACES

NAT STATUS
Syntax NAT STATUS
190 Chapter 8 – Network Address Translation - NAT

Description This command lists the outside security interfaces and inside interface types that
NAT is currently enabled between. It displays the following information:
• NAT object identification number
• NAT object name
• Outside security interface name
• Inside interface type

Example --> nat status

NAT enabled on:
ID | Name | Interface | Type
------------------------------------------
1 | n2 | ip2 | internal
2 | n1 | if1 | internal
------------------------------------------

See also NAT ENABLE

AT-RG 600 Residential Gateway – Software Reference Manual 191

Chapter 9

IGMP snooping and IGMP proxy

Multicasting Overview
Multicasting is a technique developed to send packets from one location in the
Internet to many other locations, without any unnecessary packet duplication. In
multicasting, one packet is sent from a source and is replicated as needed in the
network to reach as many end-users as necessary.
The concept of a group is crucial to multicasting. Every multicast requires a
multicast group; the sender (or source) transmits to the group address, and only
members of the group can receive the multicast data. A group is defined by a Class
D address.
Multicasting is useful because it conserves bandwidth by replicating packets as
needed within the network, thereby not transmitting unnecessary packets.
Multicasting is the most economical technique for sending a packet stream (which
could be audio, video, or data) from one location to many other locations on the
Internet simultaneously.
Of course, multicasting has to be a connectionless process. The server simply sends
out its multicast UDP packets, with no idea who will be receiving them, and
whether they get received. It would be quite impossible for the server to have to
wait for ACKs from all the recipients, and remember to retransmit to those
recipients from whom it does not receive ACKs. Apart from anything else the server
does not know who the recipients are, or how many there are.

Multicasting principles

Group addresses
A multicast stream is a stream of data whose destination address is a multicast
address – ie an IP address with the first byte having a value of 224 to 240. The
destination address used by a stream is referred to as its Group address. These
Group Addresses, like all IP addresses, are a limited resource, and there are all sorts
of rules about who may use addresses from which address ranges.
192 Chapter 9 – IGMP snooping and IGMP proxy

Anyway, a server sends out its stream to a group multicast address but the way it is
routed to the hosts that actually want to receive it is a very different process to
routing unicast packets. With unicast packets, the destination address of the packet
uniquely identifies the host who should receive the packet and all the routers along
the path just need to look in their routing tables to work out which is the correct
route to send the packet down.
However, in the case of multicast, the stream is simply being sent out, with no
particular knowledge of who wants to receive it, and where the recipients are. One
approach would be for every router that receives a multicast stream on one interface
to just retransmit that stream out ALL its other interfaces. In that way it would be
guaranteed to eventually reach every host that might be interesting in receiving it.
However, that would be an inefficient use of bandwidth, as a lot of the time the
routers would sending the streams out along paths that do not contain any hosts
that want to receive them. Given that the main reason for having multicasting is to
make efficient use of bandwidth, this would not be a good approach.
So, a more efficient approach is needed. This is where IGMP comes in.

IGMP
IGMP (Internet Group Management Protocol) is the protocol whereby hosts indicate
that they are interested in receiving a particular multicast stream. When a host
wants to receive a stream (in multicast jargon, this is called ‘joining a group’) it
sends to its local router an IGMP packet containing the address of the group it
wants to join – this is called an IGMP Membership report (sometimes called a Join
packet).
Now, the local router is generally going to be a long way from the server that is
generating the stream. So, having received the IGMP join packet, the router then
knows that it has to forward the multicast stream onto its LAN (if it is not doing so
already). However, if the router is not already receiving the multicast stream from
the server (probably many hops away) what does the router do next in order to
ensure that the multicast stream gets to it? This is achieved by elaborate process
involving multicast routing protocols like PIM, DVMRP, MOSPF
The IGMP packet exchange proceeds as follows:
At a certain period (default is 125 seconds), the router sends an IGMP query
message onto the local LAN. The destination address of the query message is a
special “all multicast groups” address. The purpose of this query is to ask “are there
any hosts on the LAN that wish to remain members of Multicast Groups?”
Hosts on the LAN receive the query, if any given host wishes to remain in a
Multicast group, it sends a new IGMP Membership report (Join message) for that
group (of course some hosts may be members of more than one group – so they will
send join messages for all the groups that they are members of).
The router looks at the responses it receives to its query, and compares these to the
list of Multicast streams that it has currently registered to receive. If there are any
items in that list for which it has not received query responses, it will send a
message upstream, asking to no longer receive that stream – ie to be ‘pruned’ from
the tree through which that stream is flowing.
In IGMP version 2, the IGMP leave message was added. So, a host can now
explicitly inform its router that it wants to leave a particular multicast group. So, the
AT-RG 600 Residential Gateway – Software Reference Manual 193

router keeps a table of how many hosts have joined particular groups, and removes
hosts from the table when it receives leave messages, then it can know straight away
when there are no hosts on its LAN that are still members of a given group. So, it
can ask to be pruned from that tree straight away, rather than having to wait until
the next query interval.

Multicast MAC addresses

Multicast IP addresses are Class D IP addresses. So, all IP addresses from 224.0.0.0
to 239.255.255.255 are multicast IP addresses. They are also referred to as Group
Destination Addresses (GDA).
For each GDA there is an associated MAC address. This MAC address is formed by
01-00-5e, followed by the last 23 bits of the GDA translated in hex. Therefore:
230.20.20.20 corresponds to MAC 01-00-5e-14-14-14
224.10.10.10 corresponds to MAC 01-00-5e-0a-0a-0a
Consequently, this is not a one-to-one mapping, but a one-to-many mapping:
224.10.10.10 corresponds to MAC 01-00-5e-0a-0a-0a
226.10.10.10 corresponds to MAC 01-00-5e-0a-0a-0a, as well.
It is required that when an IP multicast packet is sent onto an Ethernet, the
destination MAC address of the packet must be the MAC address that corresponds
to the packet’s GDA. So, it is possible, from the destination MAC address of a
multicast packet, to know the set of values that its GDA must fall within.

IGMP snooping
IGMP snooping is a filtering process that AT-RG613, AT-RG623 and AT-RG656
residential gateways perform at layer 2 to reduce the amount of multicast traffic on
a LAN.
It is designed to solve the problem when a multicast traffic is received from a layer 2
switch due to join requests performed by hosts connected to some of the switch
ports.
If individual hosts on the LAN (ie hosts connected to ports on the switches) wish to
receive multicast streams, then they will send out IGMP joins, which will get up to
the multicast router; and the router will join into the appropriate multicast trees;
and the multicast flows will then reach the router, and it will forward them into the
LAN.
By default, when a switch receives a multicast packet, it must forward it out all its
ports (except the port upon which it was received). So, considering the example
where only host number 1 actually requests to join a particular multicast group,
what will happen is that all the hosts on the LAN will start receiving the multicast
packets, as all the switches will forward the multicast packets to all their ports.
This is rather a waste of bandwidth, and the purpose of multicasting is to make
efficient use of bandwidth.
The solution to this problem is to make the layer-2 switch aware of the IGMP
packets that are being passed around. That is, although the IGMP packets are
destined for the router, the layer-2 switch needs to ‘snoop’ them as they go past.
194 Chapter 9 – IGMP snooping and IGMP proxy

Then the layer-2 switch can be aware which hosts have asked to join which
multicast groups, and so will only forward the multicast data to the places where it
really needs to go.

IGMP snooping on AT-VP6x3 product family

IGMP snooping is activated using the IGMP SNOOPING ENABLE command.
When IGMP snooping is enabled, it works separately for each VLAN. All multicast
traffic as well as multicast signaling generated within a VLAN is kept within VLAN
boundaries.
IGMP snooping on Residential Gateway is designed in order to allow AT-RG613,
AT-RG623 and AT-RG656 models to work in a network environment where both
multicast router(s) and multicast host(s) are present.
Basically the Residential Gateway tries to construct an internal view of the multicast
network based on the IGMP messages received both from multicast router(s) and
multicast host(s).
The following is a description of the IGMP snooping behavior that the Residential
Gateway implements at layer 2.

Multicast Router Port Discovery

The system listens for IGMP Membership General Query packets sent to the
address 01-00-5e-00-00-01 and records the port(s) where any such message has been
received.
In this way the Residential Gateway knows where multicast routers are located in
order to forward report and leave messages only to the correct port(s).

Note that multiple VLANs can be present in the system and therefore more than
one multicast router can be present. The command IGMP SNOOPING SHOW
reports the multicast router IP address discovered for each VLAN and the
physical port where it has been detected.

Multicast Hosts Port Discovery

The system listens for unsolicited IGMP Report messages that hosts send to join a
multicast group and records the port where each message has been received. The
action that the RG6x3 performs after having received an IGMP report depends on
the circumstances in which the packet is received. To understand this, let us
consider two possible scenarios:
• First Scenario: Host A is the first host in its Ethernet segment to join a group.
Host A sends an unsolicited IGMP Membership report.
The Residential Gateway intercepts the IGMP membership report sent Host A
and creates a multicast entry for the group that host A was requesting and links
this entry to the port on which it has received the report.
It also resets a local Timeout timer to the Timeout Interval value (default 270secs).
This timer is used to refresh the local multicast membership table periodically
(see later in the description).
AT-RG 600 Residential Gateway – Software Reference Manual 195

The Residential Gateway forwards the IGMP report on to the multicast router
detected on the VLAN where host is attached. In this way the router will also
receive the IGMP report and will update its multicast routing table accordingly.
Immediately multicast traffic for the requested group address is forwarded only
to the port where the report from Host A has been received.
• Second Scenario: another host, host B, on the same Ethernet segment as host A,
sends an IGMP report to join the same multicast group as host A.
Host B sends an unsolicited IGMP Membership report.
The Residential Gateway intercepts the IGMP membership report sent by Host B.
As a multicast entry for this group already exists, the Residential Gateway simply
adds the port to the already existing entry for that multicast group and resets the
Timeout timer to the Timeout Interval.
The command IGMP SNOOPING SHOW will report only the last host joined the
group and the new value of the Timeout timer.
If another host joins another multicast group or the same multicast group, the same
procedures described in the first and second scenarios are performed, respectively.
A new Group entry will be added whenever a new group has been joined.

Note: In order to maintain group membership, the multicast router sends IGMP
queries periodically. This query is intercepted by the Residential Gateway and
forwarded to all ports on the switch. All hosts that are members of the group
will answer that query. The IGMP protocol was designed in such a way that
only one member of any group on any VLAN would have to respond to any
given query. But, because the Residential Gateway intercepts the reports, the
hosts do not see each other’s reports, and thus, all hosts send a report (instead of
one per group). The Residential Gateway then forwards on to the router only
one report per group from among all received responses.

Leaving a Group
When a host wants to leave group it sends an IGMP Leave message specific for the
group it wants to leave.
The Residential Gateway captures the IGMP Leave message and immediately sends
an IGMP Group Specific Query on the port where it received the Leave message.
The Leave Time value is used in the query message to request a fast response from
other hosts which may be present on the same Ethernet segment.
If no answer is received to the Query, and if no other ports have hosts joined to the
same multicast group, then the leave messages is forwarded to the multicast router.
In this way the multicast traffic the router is asked to stop sending any multicast
data for that particular group.
If other ports have hosts joined to the same multicast group, the IGMP Group
Specific Query is also sent to all those ports.
196 Chapter 9 – IGMP snooping and IGMP proxy

Only if no answers are received on all the ports within the Leave Time period, the
leave message is forwarded to the multicast router.
To change the Leave Time value, use the IGMP SNOOPING SET LEAVETIME
command.

Note: If the Leave Time period is set to 0 secs (see IGMP SNOOPING SET
LEAVETIME command) and only one port has hosts joined the multicast group,
the Residential Gateway immediately forwards the leave message to the
multicast router and removes the multicast membership record without sending
any IGMP Specific Query message.

If more than one port has hosts joined the multicast group and Leave Time
period is set to 0 secs the Residential Gateway removes the port from the
multicast membership record without sending any IGMP Specific Query
message and without forwarding the leave message to the multicast router.

Timeout interval expiring

When the Timeout Interval expires, the Residential Gateway sends an IGMP Specific
Group Query to discover if there is any host on the port that is member of a
particular multicast group.
If no answer is received, the Residential Gateway sends a leave message specific for
the multicast group to the multicast router.

IGMP proxy
Independently of IGMP snooping, the AT-RG613, AT-RG623 and AT-RG656
residential gateways also support IGMP proxy.
IGMP proxy is a layer-3 feature that allows multicast traffic to be routed between
multiple IP interfaces.
As noted in the previous section, by default, multicast traffic is limited to the VLAN
where it is received. If a host joins a multicast group but multicast traffic is received
on another VLAN to which the host is not connected, the multicast traffic will never
reach the host.
IGMP proxy overrides this limitation, with the only constraint that multicast traffic
must be received only on one IP interface called the upstream interface.
In this case, when a host joins a multicast group, the IP interface attached to the
transport (VLAN) where the host is located, becomes a downstream interface. It will
receive all the multicast traffic related to the group that the host has joined.
To define the upstream IP interface use the IGMP PROXY SET
UPSTREAMINTERFACE command.
To show the multicast groups currently registeredwith the IGMP proxy on the
Residential Gateway use the IGMP PROXY SHOW STATUS command.
AT-RG 600 Residential Gateway – Software Reference Manual 197

IGMP Snooping Command Reference

This section describes the commands available on AT-RG613, AT-RG623 and AT-
RG656 Residential Gateway to enable, configure and manage the IGMP snooping
feature.

IGMP snooping CLI commands

The table below lists the igmp snooping commands provided by the CLI:
Command
IGMP SNOOPING DISABLE
IGMP SNOOPING ENABLE
IGMP SNOOPING SET LEAVETIME
IGMP SNOOPING SET QUERYINTERVAL
IGMP SNOOPING SET TIMEOUT
IGMP SNOOPING SHOW

IGMP SNOOPING DISABLE

Syntax IGMP SNOOPING DISABLE

Description This command disables the layer- 2 IGMP snooping feature previously enabled
with the IGMP SNOOPING ENABLE command.

Example --> igmp snooping disable

See also IGMP SNOOPING ENABLE

IGMP SNOOPING ENABLE

Syntax IGMP SNOOPING ENABLE

Description This command enables the layer-2 IGMP snooping feature.

Default timeout values are used:
leavetime 10secs
queryinterval 125secs
timeout 270secs

Example --> igmp snooping enable.

See also IGMP SNOOPING DISABLE

IGMP SNOOPING SET
198 Chapter 9 – IGMP snooping and IGMP proxy

IGMP SNOOPING SET LEAVETIME

Syntax IGMP SNOOPING SET LEAVETIME <leavetime>

Description This command sets the duration of the Leave Period timer for the IGMP snooping
process. The timer controls the maximum allowed time before hosts must send a
response to Query message issued by the Residential Gateway.
When IGMP snooping is enabled, by default this value is set to 10 secs.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The leavetime value expressed in seconds.
leavetime 10
Valid values are from 0 to 65535.

Example --> igmp snooping set leavetime 50

See also IGMP SNOOPING ENABLE

IGMP SNOOPING SET QUERYINTERVAL

Syntax IGMP SNOOPING SET QUERYINTERVAL <queryinterval>

Description This command sets the time interval, in seconds, at which IGMP Host Membership
Queries are sent. When IGMP snooping is enabled, by default this value is set to 125
secs.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The Query Interval value expressed in

queryinterval seconds. 125
Valid values are from 1 to 65535.

Example --> igmp snooping set queryinterval 110

See also IGMP SNOOPING ENABLE

IGMP SNOOPING SET TIMEOUT

Syntax IGMP SNOOPING SET TIMEOUT <timeout>

Description This command sets the longest interval, in seconds, for which a group will remain
AT-RG 600 Residential Gateway – Software Reference Manual 199

in the local multicast group database without the Residential Gateway receiving a
Host Membership Report for this multicast group.
When IGMP snooping is enabled, by default this value is set to 270 secs.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The timeout interval value expressed in
timeout seconds. 270
Valid values are from 1 to 65535.

Example --> igmp snooping set timeout 125

See also IGMP SNOOPING ENABLE

IGMP SNOOPING SHOW

Syntax IGMP SNOOPING SHOW

Description This command show IGMP snooping status.

The following information are reported:
Query Interval Interval at which Host Membership Queries are
sent.
Timeout Interval Interval after which entries will be removed
from the group database.
Interface Name VLAN reference.
Multicast Router Recognized Multicast route.
Group List Membership list for this VLAN.
Group The group multicast address. “Multicast Filter”
highlights members useful to stop

Port Port where the member is attached.

Last Adv The last host to advertise the membership
report or query.
Refresh time The time interval (in seconds) until the
membership group will be deleted.

See also IGMP SNOOPING ENABLE

200 Chapter 9 – IGMP snooping and IGMP proxy

IGMP Proxy Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the IGMP proxy
feature.

IGMP proxy CLI commands

The table below lists the IGMP PROXY commands provided by the CLI:
Command
IGMP PROXY SET
IGMP PROXY SHOW

IGMP PROXY SET UPSTREAMINTERFACE

Syntax IGMP PROXY SET UPSTREAMINTERFACE {<ip_interface> | NONE}

Description This command enables the residential gateway's IGMP Proxy, and sets one of the
existing IP interfaces as the upstream interface; all other interfaces are designated
downstream interfaces. The upstream interface implements the Host portion of the
IGMP protocol, and the downstream interfaces implement the Router portion of the
IGMP protocol. The IGMP Proxy may be disabled by setting upstream interface to
none.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The name of an existing interface that you
ip_interface N/A
want to set as the upstreaminterface.
NONE Disables IGMP proxy N/A

Example --> igmp proxy set upstreaminterface ip0

See also IGMP PROXY SHOW STATUS

IGMP PROXY SHOW UPSTREAMINTERFACE

Syntax IGMP PROXY SHOW UPSTREAMINTERFACE

Description This command displays the status of the upstream interface. If an upstream
interface has been set using the IGMP PROXY SET UPSTREAMINTERFACE
command, this command displays the current setting.

Example --> igmp proxy show upstreaminterface

IGMP Proxy configuration
AT-RG 600 Residential Gateway – Software Reference Manual 201

Upstream If : ip0

See also IGMP PROXY SET UPSTREAMINTERFACE

IGMP PROXY SHOW STATUS

Syntax IGMP PROXY SHOW STATUS

Description This command displays the following information about the status of IGMP proxy:
• IGMP Proxy group membership per interface details
• Interface name and querier status
• Group address

Example --> igmp proxy show status

Multicast group membership:

Interface (querier) | Group address
---------------------|-----------------
eth0 (yes) | 239.255.255.250
---------------------------------------

See also IGMP PROXY SHOW UPSTREAMINTERFACE

202 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

Chapter 10

Dynamic Host Configuration Protocol - DHCP

Introduction
The Dynamic Host Configuration Protocol (DHCP) is defined in RFC 1541 and
provides a mechanism for passing configuration information to hosts on a TCP/IP
network.
DHCP is based on the Bootstrap Protocol (BOOTP) defined in RFC 1542, but adds
automatic allocation of reusable network addresses and additional configuration
options.
DHCP is based on a client–server model, where the server is the host that allocates
network addresses and initialization parameters, and the client is the host that
requests these parameters from the server.
There are a number of parameters that a DHCP server can supply to clients in
addition to assigning IP addresses. They can supply addresses of DNS server, WINS
Server, Cookie server etc… Also, they can supply the gateway address for the LAN.
DHCP supports three mechanisms for IP address allocation
• In the automatic allocation mechanism, DHCP assigns a permanent IP address to a
host.
• In the dynamic allocation mechanism, DHCP assigns an IP address to a host for a
limited period of time, or until the host explicitly relinquishes the address.
• In the manual allocation mechanism, the network administrator assigns a host’s IP
address, and DHCP is used simply to convey the assigned address to the host. A
particular network will use one or more of these mechanisms, depending on the
policies of the network administrator.
Dynamic allocation is the only one of the three mechanisms that allows automatic
reuse of an address that is no longer needed by the host to which it was assigned.
Dynamic allocation is particularly useful for assigning an address to a host that will
be connected to the network only temporarily, or for sharing a limited pool of IP
addresses among a group of hosts that do not need permanent IP addresses.
AT-RG 600 Residential Gateway – Software Reference Manual 203

Dynamic allocation may also be a good choice for assigning an IP address to a new
host being permanently connected to a network where IP addresses are sufficiently
scarce that it is important to reclaim them when old hosts are retired.

DHCP support on AT-RG6xx Residential Gateway

series
The AT-RG613, AT-RG623 and AT-RG656 are able to act both as DHCP server and
as DHCP client.
Typically, DHCP server features are activated on the internal network to assign IP
address to hosts connected to the internal interfaces. The DHCP client function,
instead, is used on the external interface to get IP addresses from the ISP.
The AT-RG613, AT-RG623 and AT-RG656 also support DHCP relay functionality. In
this case the Residential Gateway picks up DHCP requests sent by hosts connected
to the internal interfaces, and forwards their requests to an external DHCP server
and then routes back to the hosts the replies that are received from the server.

DHCP server
The DHCP protocol allows a host which is unknown to the network administrator
to be automatically assigned a new IP address out of a pool of IP addresses for its
network. In order for this to work, the network administrator allocates address
pools for each available subnet and enters them into the dhcpd.conf file.
On startup, the DHCP server software reads the dhcpd.conf file and stores a list of
available addresses on each subnet. When a client requests an address using the
DHCP protocol, the server allocates an address for it.
Each client is assigned a lease, which expires after an amount of time chosen by the
administrator (by default, 12 hours). Some time before the leases expire, the clients
to which leases are assigned are expected to renew them in order to continue to use
the addresses. Once a lease has expired, the client to which that lease was assigned
is no longer permitted to use the leased IP address and must resort back to the
DHCPDISCOVER mechanism ( see RFC 2131) to request a new lease.
In order to keep track of leases across system reboots and server restarts, the server
keeps a list of leases it has assigned in the dhcpd.leases file (stored in ISFS)
Before a lease is granted to a host, it records the lease in this file. Upon startup, after
reading the dhcpd.conf file, the DHCP server reads the dhcpd.leases file to gain
information about which leases had been assigned before reboot.
New leases are appended to the end of the lease file.
In order to prevent the file from becoming arbitrarily large, the server periodically
creates a new dhcp.leases file from its lease database in memory.
If the system crashes in the middle of this process, only the lease file present in flash
memory can be restored. This gives a window of vulnerability whereby leases may
be lost.
BOOTP support is also provided by this server. Unlike DHCP, the BOOTP protocol
does not provide a protocol for recovering dynamically-assigned addresses once
204 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

they are no longer needed. It is still possible to dynamically assign addresses to

BOOTP clients, but some administrative process for reclaiming addresses is
required. By default, leases are granted to BOOTP clients in perpetuity, although the
network administrator may set an earlier cut-off date or a shorter lease length for
BOOTP leases if that makes sense.

Example:
This paragraph provides a guide to configuring the DHCP server using commands
available on the CLI.
Let's assuming that in the system there has been defined an internal interface (where
the DHCP Server module will run) with the following IP address and netmask:
192.168.219.1 255.255.255.
The following DHCP server configuration will create a range of 10 available IP
addresses in the 192.168.219.0 subnet:

dhcpserver add subnet mysubnet 192.168.219.0 255.255.255.0 192.168.219.10

192.168.219.20
dhcpserver set subnet mysubnet
dhcpserver set subnet mysubnet
dhcpserver subnet mysubnet add
dhcpserver subnet mysubnet add
dhcpserver subnet mysubnet add
dhcpserver subnet mysubnet add
defaultleasetime 1800
maxleasetime 86000
option domain-name-servers 192.168.220.30
option routers 192.168.221.40
option irc-server 10.5.7.20
option auto-configure 1

• Default lease time and maximum lease time are set to 1800 seconds and 86000
seconds, respectively.
• Four DHCP options are configured, in addition to the usual IP address and
subnet mask:
• DNS server address of 192.168.220.30;
• default gateway address of 192.168.221.40;
• IRC server address of 10.5.7.20;
• and the “auto-configure” option, which will allow use of address auto-
configuration by clients on the network.

Instead of specifying the "domain-name-servers" and "routers" options manually,

the following commands could have been used which provide automatic values for
these options:
dhcpserver set subnet mysubnet hostisdnsserver enabled
dhcpserver set subnet mysubnet hostisdefaultgateway enabled
This will result in the DHCP server taking the IP address of the IP interface it is
running on, and supplying that address to DHCP clients as the DNS server and
default gateway, respectively. This is especially useful in a deployment that utilizes
the DNS relay on the residential gateway.

Note that for DHCP clients using DHCPINFORM, the above declarations mean
that the server would supply the given configuration options to any client that
is on the 192.168.219.x subnet. This even includes clients that are not included in
the available address ranges – this is sensible, since ideally the DHCP server
AT-RG 600 Residential Gateway – Software Reference Manual 205

should not have addresses available to give out that may already belong to
hosts on the same subnet.

The CLI can also be used to define fixed host/IP address mappings. For example, the
command:

dhcpserver add fixedhost myhost 192.168.219.5 00:20:2b:01:02:03

Will add a fixed mapping of the IP address 192.168.219.5 to a host whose ethernet
MAC address is 00:20:2b:01:02:03.

Note that fixed IP mappings cannot overlap with dynamic IP ranges on a

subnet, and vice-versa (you will receive an error message if you try to do this).

Note that you will still need to have a suitable subnet declaration – for example,
a subnet 192.169.219.0 with netmask 255.255.255.0, as shown earlier. Any
configuration options you define in this subnet will also be offered to every
fixed host you have added which is also on the given subnet.

It is also possible to assign a maximum lease duration to fixed DHCP clients as

follows:

dhcpserver set fixedhost myhost maxleasetime 7200

In this context, a fixed lease duration would normally be used to allow DHCP
clients to see changes in offered options quickly. The IP address itself is always
guaranteed to be available for assignment to the specific host (unless there are other
DHCP servers on the same network that are deliberately configured to conflict).
You might see the following message if you have ever turned off the DHCP server:

Note the DHCP server is not currently enabled.

If you see this, issue the following command:

dhcpserver enable
The final step is to tell the system to update the DHCP server software with the new
IP interface and configuration that has been defined. To do this, issue the following
command:

dhcpserver update

NOTE: NO configuration changes that you have made on the DHCP server will
take effect until you enter the DHCPSERVER UPDATE command.
206 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCP client
A DHCP client uses the facilities of the IP stack to transmit and receive DHCP
packets. This information is processed by the client and passed back to the IP stack
to complete interface configuration for the lease duration.
A DHCP client is created on a given interface by using the IP SET INTERFACE
command with the parameter dhcp enabled. After this, the IP settings are discovered
for the interface (It's possible define one or more interfaceconfig rules to customize
the option that must be requested).
This section describes how these settings are discovered.
Firstly, the interface is disabled for all non-DHCP traffic. This will reset the IP
address and subnet mask of each nominated interface to 0.0.0.0.
The DHCP client learns its required configuration details via a DHCPDISCOVER
request.
If configuration details are not successfully obtained using DHCP, the DHCP client
will retry indefinitely in order to learn them, as described in RFC2131 (unless the
interface is disabled). Retry characteristics can be defined using DHCPCLIENT SET
RETRY command.
Once the DHCP client has accepted a suitable configuration for the interface, it has
to configure the IP stack appropriately. This involves allocating the new IP address
to the interface and configuring the subnet for the interface.
Addresses allocated by DHCP expire after the specified lease time runs out. If this
happens, the DHCP client must relearn its configuration by repeating the process
described above. The client will attempt to initiate renewal of a held lease well
before it is due to expire (approximately half way through the total duration of the
lease). This avoids the problem of an active interface being unexpectedly disabled
and dropping normal IP traffic.
The DHCP client on the AT-RG613, AT-RG623 and AT-RG656 DHCP conforms to
most of the specification given in RFC2131. A subset of the DHCP options described
in RFC2132 is supported.
The residential Gateway DHCP client accepts and makes use of the following
information:
• IP address
• Subnet mask
• Default route (one only)
• Domain name servers (up to two can be usefully supported by DNS relay)
• Host name or dhcp-client-identifier. This option can be used to specify a client
identifier in a host declaration, so that a DHCP server can find the host record by
matching against the client identifier. This option can be useful when attempting
to operate the DHCP client with a Microsoft DHCP server.

Note: When attempting to use a DHCP client with a Microsoft DHCP server,
then “send dhcpclient-identifier” is mandatory, and must be specifically set to
AT-RG 600 Residential Gateway – Software Reference Manual 207

the MAC address of the device upon which the client is running; otherwise
DHCP will not work at all.

Lease requirements and requests

The DHCP protocol allows the client to request that the server send it specific
information, and not send it other information that it is not prepared to accept. The
protocol also allows the client to reject offers from servers if they do not contain
information the client needs, or if the information provided is not satisfactory.
Using the DHCPCLIENT INTERFACE CONFIG ADD REQUESTED OPTION
command causes the client to request that any server responding to the client send
the client its values for the specified options. Only the option names should be
specified in the request statement - not option parameters.
Using the DHCPCLIENT INTERFACE CONFIG ADD REQUIRED OPTION
command configures a lists of options that must be sent in order for an offer to be
accepted. Offers that do not contain all the listed options will be ignored.
Using the DHCPCLIENT INTERFACE CONFIG ADD SENT OPTION command
causes the client to send the specified options to the server with the specified values.
Options that are always sent in the DHCP protocol should not be specified here,
except that the client can specify a requested-lease-time option other than the default
requested lease time, which is two hours. The other obvious use for this statement is
to send information to the server that will allow it to differentiate between this client
and other clients or kinds of clients.

Support for AutoIP

The DHCP client supports also IP address auto-configuration, to b e referred to as
“AutoIP” in this manual . This includes support for RFC2563, which allows network
administrators to configure DHCP servers to deny this auto-configuration capability
to clients.
In summary, AutoIP will be engaged after a DHCP client fails to contact a DHCP
server and cannot obtain a lease. A pseudo-random algorithm invents an IP address
on the 169.254 subnet. Collisions are avoided by issuing ARP requests for the
suggested IP address, abandoning the address if it is already active on the network.
Additionally, the suggested address will be abandoned if any other host on the
network issues an ARP probe (i.e. the host issuing the ARP has source address
0.0.0.0) for that IP address.
Having auto-configured an IP address, the DHCP client will periodically check that
it still cannot contact a DHCP server. If the client finds it can now obtain a legitimate
lease from a DHCP server, this lease will supercede any auto-configured IP address.
To turn on the AutoIP feature use DHCPCLIENT SET INTERFACECONFIG
AUTOIP ENABLED command
To prevent the DHCP client from using AutoIP, USE DHCPCLIENT SET
INTERFACECONFIG AUTOIP DISABLED command.
208 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

Additional DHCP client modes

There are two additional DHCP client modes for more fine control of how
configuration parameters are accepted and propagated. The first mode allows you
to choose how DNS servers are to be used; the second mode allows you to use
parameters received on a DHCP client interface to automatically set up a DHCP
server on another interface in the system.

Propagating DNS server information

You can tell the DHCP client what to do with received DNS server addresses. The
pertinent attributes are giveDnsToRelay and giveDnsToClient. As is evident from the
parameter names, the effect of these settings is to cause the DHCP process to pass to
the DNS relay and client processes the DNS server address(es) it has learnt, which
they are then able to use for DNS queries.
By default, DNS server addresses are only given to the DNS relay, if present.
For example, to set this up via the CLI, the following command sequence can be
used:

dhcpclient add interfaceconfig client1 eth0

dhcpclient interfaceconfig 1 add requested option domain-name-servers
dhcpclient set interfaceconfig client1 givednstorelay enabled
dhcpclient set interfaceconfig client1 givednstoclient enabled

Automatically setting up a DHCP server

It is possible to tell the DHCP client to use parameters it has obtained to
automatically set up a DHCP server.
If you choose this mode, you must tell DHCP client how large an IP address lease
pool you would like the new server to have, and which IP interface you want the
new DHCP server to bind to.
If you do not supply any interface information, the DHCP client will try to place the
DHCP server on the first LAN interface it finds (the DHCP client will regard an IP
interface as being a LAN interface)
The new DHCP server’s address pool will start one IP address after the IP address
of the interface upon which the DHCP server has been set up. That is, if the DHCP
client is configured to set up the DHCP server on an IP interface named "uplink",
with address 192.168.219.2, the address range will commence from address
192.168.219.3.
At present, the new DHCP server will give out any DNS server addresses received
by the DHCP client. It will then advertise its own host IP address as being the
default gateway.
To set this up via the CLI, the following command sequence can be used:

dhcpclient add interfaceconfig client1 eth0

dhcpclient interfaceconfig 1 add requested option domain-name-servers
dhcpclient set interfaceconfig client dhcpserverpoolsize 30
dhcpclient set interfaceconfig client1 dhcpserverinterface uplink
AT-RG 600 Residential Gateway – Software Reference Manual 209

Example
This paragraph provides a guide to setting up a DHCP client using commands
available in the CLI.
Let's assume that the system has been configured wirh an interface named eth0. The
first step is to enable the dhcp flag on this interface:

ip set interface eth0 dhcp enabled

DHCP client configuration is optional. You do not need to perform these steps
unless you have special requirements, such as specifying whether the use of AutoIP
is allowed, specific requirements for which options are to be negotiated from a
DHCP server, or specific requirements about what to do with option values when
they are received.

dhcpclient add interfaceconfig mycfg eth0

dhcpclient set interfaceconfig mycfg requestedleasetime 3600
dhcpclient set interfaceconfig mycfg clientid 00:20:2b:01:02:03
dhcpclient set interfaceconfig mycfg autoip enabled
dhcpclient set interfaceconfig mycfg givednstorelay enabled
dhcpclient interfaceconfig mycfg add requested option domain-name-servers
dhcpclient interfaceconfig mycfg add required option routers
dhcpclient interfaceconfig mycfg add sent option host-name ’"galapagos"’

Note: For options with string-type values associated with them, the option
value must be in double-quotes ("). Also, the entire string including the double
quotes must be inside single quotes (') to ensure that the CLI treats the double
quotes literally.

These commands create a new DHCP client interface configuration related to the IP
interface you defined earlier. Let us consider, line by line, what the above
configuration does:
• A lease time of one hour is requested.
• A client identifier of 00:20:2b:01:02:03 is specified.
• In the event of a DHCP server being unavailable, the DHCP client will
automatically assign an address using AutoIP.
• Any DNS server addresses received from a server will be passed to the DNS
relay. (There is also an analogous option to pass the addresses to the DNS client).
• For this to occur, the DHCP client must request DNS server addresses from a
server (maps onto the "request" directive).
• The DHCP client will insist that a default gateway parameter is present in any
lease offer (maps onto the "require" directive).
• Finally, the DHCP client will send out "galapagos" as the value of the host name
option – this can be used by some ISPs as part of a simple authentication process
(maps onto the "send" directive).
The final step is to tell the Residential Gateway to update the DHCP client software
with the new IP interface and configuration that has been defined. To do this, issue
the following command:
210 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

dhcpclient update

NOTE: NO configuration changes that you have made on the DHCP client will
take effect until you enter the DHCPCLIENT UPDATE command.

DHCP Relay
A DHCP relay uses the facilities of the IP stack to transmit and receive DHCP
packets.
From a DHCP client’s point of view, the relay acts as a de-facto DHCP server, and
this operation is transparent. This is useful where a network administrator only
wishes to have one DHCP server across several physical and logical sub-networks.
The relay works by forwarding all broadcasted client requests to one or more
known DHCP servers.
Server replies are then either broadcast or unicast back to the client via the DHCP
relay.

Note DHCP Server and DHCP relay cannot coexist simultaneously

AT-RG 600 Residential Gateway – Software Reference Manual 211

DHCP Server Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage DHCP Server
module.

DHCP server CLI commands

The table below lists the DHCP server commands provided by the CLI:
Command
DHCPSERVER ADD FIXEDHOST
DHCPSERVER ADD SUBNET
DHCPSERVER CLEAR FIXEDHOST
DHCPSERVER CLEAR SUBNETS
DHCPSERVER DELETE FIXEDHOST
DHCPSERVER DELETE SUBNET
DHCPSERVER ENABLE|DISABLE
DHCPSERVER LIST FIXEDHOST
DHCPSERVER LIST OPTIONS
DHCPSERVER LIST SUBNETS
DHCPSERVER SET ALLOWUNKNOWNCLIENTS
DHCPSERVER SET BOOTP
DHCPSERVER SET DEFAULTLEASETIME
DHCPSERVER SET FIXEDHOST IPADDRESS
DHCPSERVER SET FIXEDHOST MACADDRESS
DHCPSERVER SET FIXEDHOST MAXLEASETIME
DHCPSERVER SET MAXLEASETIME
DHCPSERVER SET SUBNET DEFAULTLEASETIME
DHCPSERVER SET SUBNET HOSTISDEFAULTGATEWAY
DHCPSERVER SET SUBNET HOSTISDNSSERVER
DHCPSERVER SET SUBNET MAXLEASETIME
DHCPSERVER SET SUBNET SUBNET
DHCPSERVER SHOW
DHCPSERVER SHOW SUBNET
DHCPSERVER SUBNET ADD IPRANGE
DHCPSERVER SUBNET ADD OPTION
DHCPSERVER SUBNET CLEAR IPRANGES
212 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCPSERVER SUBNET CLEAR OPTIONS

DHCPSERVER SUBNET DELETE IPRANGE
DHCPSERVER SUBNET DELETE OPTION
DHCPSERVER SUBNET LIST IPRANGES
DHCPSERVER SUBNET LIST OPTIONS
DHCPSERVER UPDATE

DHCPSERVER ADD FIXEDHOST

Syntax DHCPSERVER ADD FIXEDHOST <name> <ipaddress> <macaddress>

Description This command creates a new fixed host mapping in the DHCP server.
The commands informs the DHCP server to assign a specific IP address to a specific
DHCP client based on the client’s MAC address.
If a DHCPDISCOVER or DHCPREQUEST is received from the DHCP client with
that MAC address, it will have the specified fixed IP address assigned to it.
It's necessary to also create a suitable DHCP subnet definition in order for fixed host
mapping to work.

Note: It's not possible to create a fixed host mapping with an IP address that is
already present inside a configured, dynamic IP range on a subnet. The reverse
is also forbidden; it's not possible add addresses into a dynamic IP range that
are already configured as fixed host addresses.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the fixed host
mapping. It can be made up of one or more
name N/A
letters or a combination of letters and digits, but
it cannot start with a digit.

The IP address that is assigned to a DHCP client

ipaddress based on the client’s MAC address, displayed in N/A
the IPv4 format (e.g. 192.168.102.3)

A MAC address displayed in the following

macaddress format: N/A
##:##:##:##:##:##

Example The example below creates a fixed host mapping:

--> dhcpserver add fixedhost myhost 192.168.219.1 00:20:2b:01:02:03

AT-RG 600 Residential Gateway – Software Reference Manual 213

The example below creates a suitable subnet for the above fixed host mapping. Note
that the IP address used above is within the subnet, but is not within the range of IP
addresses that constitute the server’s dynamic pool (192.168.219.10 – 192.168.219.20):

--> dhcpserver add subnet mysubnet 192.168.219.0 255.255.255.0

192.168.219.10 192.168.219.20

See also DHCPSERVER DELETE FIXEDHOST

DHCPSERVER LIST FIXEDHOST

DHCPSERVER ADD SUBNET

Syntax DHCPSERVER ADD SUBNET <name> <ipaddress> <netmask> [<startaddr> <endaddr>]

Description This command defines a subnet that requests will be received from, and a pool of
addresses within that subnet. The DHCP server can allocate IP addresses from this
pool to clients on request.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies subnet. It
can be made up of one or more letters or a
name N/A
combination of letters and digits, but it
cannot start with a digit.
The base IP address of the subnet, displayed
ipaddress N/A
in the IPv4 format (e.g. 192.168.102.0)
The netmask of the subnet, for example:
netmask N/A
255.255.255.0
The first IP address in the pool of addresses.
startaddr The IP address is displayed in the IPv4 N/A
format (e.g. 192.168.102.3)
The last IP address in the pool of addresses.
endaddr The IP address is displayed the IPv4 format N/A
(e.g. 192.168.102.3)

Example
-->dhcpserver add subnet sub1 239.252.197.0 255.255.255.0 239.252.197.10
239.252.197.107

See also DHCPSERVER LIST SUBNETS

DHCPSERVER CLEAR FIXEDHOST

Syntax DHCPSERVER CLEAR FIXEDHOSTS

Description This command deletes all DHCPserver fixedhosts that were created using the
214 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCPSERVER ADD FIXEDHOST commands.

Example --> dhcpserver clear fixedhosts

See also DHCPSERVER DELETE FIXEDHOST

DHCPSERVER ADD FIXEDHOST

DHCPSERVER CLEAR SUBNETS

Syntax DHCPSERVER CLEAR SUBNETS

Description This command deletes all DHCP server subnets that were created using the
DHCPSERVER ADD SUBNET commands.

Example --> dhcpserver clear subnets

See also DHCPSERVER DELETE SUBNET

DHCPSERVER DELETE FIXEDHOST

Syntax DHCPSERVER DELETE FIXEDHOST <name>

Description This command deletes a single fixed host mapping in the DHCP server that was
created using the DHCPSERVER ADD FIXEDHOST command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing fixed host. To
display fixed host names, use the
name N/A
DHCPSERVER LIST FIXEDHOSTS
command.

Example --> dhcpserver delete fixedhost myhost

See also DHCPSERVER ADD FIXEDHOST

DHCPSERVER LIST FIXEDHOST
DHCPSERVER CLEAR FIXEDHOST

DHCPSERVER DELETE SUBNET

Syntax DHCPSERVER DELETE SUBNET {<name>|<number>}

Description This command deletes a single DHCP server subnet. The pool of IP addresses in the
subnet are also deleted.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 215

Option Description Default Value

A name that identifies an existing subnet.
name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.

Example --> dhcpserver delete subnet sub1

See also DHCPSERVER CLEAR SUBNETS

DHCPSERVER ENABLE|DISABLE
Syntax DHCPSERVER {enable|disable}

Description This command enables/disables the DHCP server.

Note: DHCP server must be enabled in order to carry out any DHCP server
configuration.

DHCP server and DHCP relay cannot be enabled at the same time.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

ENABLE Enables configuration of the DHCP server
enable
DISABLE Disables configuration of the DHCP server.

Example --> dhcpserver enable

See also DHCPRELAY ENABLE|DISABLE

DHCPSERVER LIST FIXEDHOST

Syntax DHCPSERVER LIST FIXEDHOST

Description This command lists the following information about existing DHCP fixed host
mappings:
• fixed host ID number
• fixed host name
• IP address
• MAC address
216 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

• Max lease time

Example
--> dhcpserver list fixedhosts
DHCP server fixed host mappings:

ID | Name | IP address | MAC address | Max Lease Time

-----|---------|-----------------|--------------------|---------------
1 | myhost | 192.168.219.0 | 00:20:2b:01:02:03 | 86400
----------------------------------------------------------------------

See also DHCPSERVER ADD FIXEDHOST

DHCPSERVER SET FIXEDHOST IPADDRESS
DHCP SET FIXEDHOST MACADDRESS
DHCPSERVER FIXEDHOST MAXLEASETIME

DHCPSERVER LIST OPTIONS

Syntax DHCPSERVER LIST OPTIONS

Description This command lists the option data types available for DHCP server.
These options are detailed in RFC2132.
It's possible to configure the DHCP server to use any of the options listed.

Example
--> dhcpserver list options
subnet-mask
time-offset
routers
time-servers
ien116-name-servers
domain-name-servers
log-servers
cookie-servers
lpr-servers
impress-servers
resource-location-servers
host-name
boot-size
merit-dump
domain-name
swap-server
root-path
extensions-path
ip-forwarding
non-local-source-routing
policy-filter
max-dgram-reassembly
default-ip-ttl
path-mtu-aging-timeout
path-mtu-plateau-table
interface-mtu
all-subnets-local
broadcast-address
perform-mask-discovery
mask-supplier
AT-RG 600 Residential Gateway – Software Reference Manual 217

router-discovery
router-solicitation-address
static-routes
trailer-encapsulation
arp-cache-timeout
ieee802-3-encapsulation
default-tcp-ttl
tcp-keepalive-interval
tcp-keepalive-garbage
nis-domain
nis-servers
ntp-servers
vendor-encapsulated-options
netbios-name-servers
netbios-dd-server
netbios-node-type
netbios-scope
font-servers
x-display-manager
dhcp-requested-address
dhcp-lease-time
dhcp-option-overload
dhcp-message-type
dhcp-server-identifier
dhcp-parameter-request-list
dhcp-message
dhcp-max-message-size
dhcp-renewal-time
dhcp-rebinding-time
dhcp-class-identifier
dhcp-client-identifier
option-62
option-63
nisplus-domain
nisplus-servers
tftp-server-name
bootfile-name
mobile-ip-home-agent
smtp-server
pop-server
nntp-server
www-server
finger-server
irc-server
streettalk-server
streettalk-directory-assistance-server
user-class
option-78
option-79
option-80
option-81
option-82
option-83
option-84
nds-servers
nds-tree-name
nds-context
option-88
option-89
...(more options down to)
option-115
218 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

auto-configure
option-117
...(more options down to)
option-254
option-end

See also DHCPSERVER SUBNET ADD OPTION

For information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt

DHCPSERVER LIST SUBNETS

Syntax DHCPSERVER LIST SUBNETS

Description This command lists the following information about existing DHCP server subnets:
• subnet number
• subnet name
• subnet IP address
• subnet netmask
• default lease time (in seconds)
• maximum lease time (in seconds)
• whether the host is a DNS server (true or false)

Example
--> dhcpserver list subnets
DHCP Server subnets:
Default Max Host is
ID | IP Address | Netmask | Lease time | Lease time | DNS svr
---|----------------|---------------|------------|------------|--------
1 | 192.168.102.0 | 255.255.255.0 | 43200 | 86400 | false
-----------------------------------------------------------------------

See also DHCPSERVER SHOW SUBNET

DHCPSERVER SET ALLOWUNKNOWNCLIENTS

Syntax DHCPSERVER SET ALLOWUNKOWNCLIENTS {ENABLE|DISABLE}

Description This command enables/disables the dynamic assignment of addresses to unknown

clients.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Allows IP addresses to be dynamically enable

ENABLE
assigned to unknown clients.
AT-RG 600 Residential Gateway – Software Reference Manual 219

Does not allow IP addresses to be

DISABLE
dynamically assigned to unknown clients.

Example --> dhcpserver set allowunknownclients disable

See also DHCPCLIENT SET INTERFACECONFIG CLIENTID

DHCPSERVER SET BOOTP

Syntax DHCPSERVER SET BOOTP {ENABLE|DISABLE}

Description This command determines whether or not DHCP server can respond to BOOTP
requests.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

ENABLE DHCP server responds to BOOTP queries.
enable
DHCP server does not respond to BOOTP
DISABLE
queries.

Example --> dhcpserver set bootp disable

DHCPSERVER SET DEFAULTLEASETIME

Syntax DHCPSERVER SET DEFAULTLEASETIME <defaultleasetime>

Description This command sets the global default lease time for DHCP server. To retrieve the
current DEFAULTLEASETIME value, use the DHCPSERVER SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The default time (in seconds) that is
assigned to a lease if the client requesting
defaultleasetime 43200
the lease does not ask for a specific expiry
time.

Example --> dhcpserver set defaultleasetime 50000

See also DHCPSERVER SET SUBNET MAXLEASETIME

220 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCPSERVER SET FIXEDHOST IPADDRESS

Syntax DHCPSERVER SET FIXEDHOST <host name> IPADDRESS <ipaddress>

Description This command sets the IP address that will be allocated to a DHCP client by the
fixed host mapping. To retrieve the current FIXEDHOST IPADDRESS values, use
the DHCPSERVER LIST FIXEDHOST command.

Note: It's not valid to create a fixed host mapping with an IP address that is
already within a configured, dynamic IP range on a subnet. The reverse is also
forbidden; it's not possible to add addresses into a dynamic IP range that are
already configured as fixed host addresses.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing fixedhost. To
display fixedhost names, use the
hostname N/A
DHCPSERVER LIST FIXEDHOSTS
command.

The IP address that is assigned to a DHCP client

ipaddress based on the client’s MAC address, displayed in N/A
the IPv4 format (e.g. 192.168.102.3)

Example --> dhcpserver set fixedhost myhost ipaddress 192.168.219.2

See also DHCPSERVER LIST FIXEDHOST

DHCPSERVER SET FIXEDHOST MACADDRESS

DHCPSERVER SET FIXEDHOST MACADDRESS

Syntax DHCPSERVER SET FIXEDHOST <host name> MACADDRESS <macaddress>

Description This command sets the MAC address for an existing fixed host mapping. To
retrieve the current FIXEDHOST MACADDRESS values, use the DHCPSERVER
LIST FIXEDHOST command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing fixedhost. To
display fixedhost names, use the
hostname N/A
DHCPSERVER LIST FIXEDHOSTS
command.
AT-RG 600 Residential Gateway – Software Reference Manual 221

A MAC address displayed in the following

mac address format: N/A
##:##:##:##:##:##

Example --> dhcpserver set fixedhost myhost macaddress

00:20:2b:01:02:03

See also DHCPSERVER LIST FIXEDHOST

DHCPSERVER SET FIXEDHOST IPADDRESS

DHCPSERVER SET FIXEDHOST MAXLEASETIME

Syntax DHCPSERVER SET FIXEDHOST <host name> MAXLEASETIME <maxleasetime>

Description This command sets the maximum lease time for an existing fixed host mapping.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The maximum time (in seconds) that is
assigned to a lease if the client requesting
maxleasetime 86400
the lease does not ask for a specific expiry
time.

Example --> dhcpserver set fixedhost myhost maxleasetime 90000

See also DHCPSERVER LIST FIXEDHOST

DHCPSERVER SET MAXLEASETIME

Syntax DHCPSERVER SET MAXLEASETIME <maxleasetime>

Description This command sets the global maximum lease time for DHCP server. To retrieve the
current MAXLEASETIME value, use the DHCPSERVER SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The maximum time (in seconds) that is
assigned to a lease if the client requesting
maxleasetime 86400
the lease does not ask for a specific expiry
time.

Example --> dhcpserver set maxleasetime 90000

See also DHCPSERVER SET DEFAULTLEASETIME

222 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCPSERVER SET SUBNET DEFAULTLEASETIME

Syntax DHCPSERVER SET SUBNET {<name>|<number>} DEFAULTLEASETIME
<defaultleasetime>

Description This command sets the default lease time for an existing subnet. This command
setting overrides the global default lease time setting for this particular subnet. To
retrieve the current SUBNET DEFAULTLEASETIME value, use the DHCPSERVER
SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.

name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.
The default time (in seconds) that a subnet
defaultleasetime assigns to a lease if the client requesting the 43200
lease does not ask for a specific expiry time.

Example --> dhcpserver set subnet sub1 defaultleasetime 30000

See also DHCPSERVER SHOW SUBNET

DHCPSERVER SET SUBNET

HOSTISDEFAULTGATEWAY
Syntax DHCPSERVER SET SUBNET {<name>|<number>} HOSTISDEFAULTGATEWAY
{ENABLED | DISABLED}

Description This command tells the DHCP server to give out its own interface IP address (ie the
IP address on the interface via which the DHCP lease is allocated to the client) as
the default gateway address. To retrieve the current settings, use the DHCPSERVER
SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
AT-RG 600 Residential Gateway – Software Reference Manual 223

A number that identifies an existing subnet.

number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.
Allows DHCP server to give out its own
ENABLED interface IP address as the default gateway disabled
address.

DHCPSERVER SET SUBNET HOSTISDNSSERVER

Syntax DHCPSERVER SET SUBNET {<name>|<number>} HOSTISDNSSERVER {ENABLED |
DISABLED}

Description This command tells the DHCP server to give out its own interface IP address (ie the
IP address on the interface via which the DHCP lease is allocated to the client) as
the DNS server address. This is useful when combined with DNS Relay. To retrieve
the current settings, use the DHCPSERVER SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
Name To display subnet names, use the N/A
dhcpserver list subnets command.
A number that identifies an existing subnet.
Number To display subnet numbers, use the N/A
dhcpserver list subnets command.
Allows DHCP server to give out its own
ENABLED interface IP address as the DNS server
address.
disabled
Disallows DHCP server from giving out its
DISABLED own interface IP address as the DNS server
address.

Example - -> dhcpserver set subnet sub1 hostisdnsserver enabled

See also DHCPSERVER LIST SUBNETS

DHCPSERVER SET SUBNET MAXLEASETIME

Syntax DHCPSERVER SET SUBNET {<name>|<number>} MAXLEASETIME <maxleasetime>

Description This command sets the maximum lease time for an existing subnet. This command
setting overrides the global maximum lease time setting for this particular subnet.
To retrieve the current settings, use the DHCPSERVER SHOW command.
224 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
Name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
Number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.
The maximum time (in seconds) that a
subnet assigns to a lease if the client
maxleasetime 86400
requesting the lease does not ask for a
specific expiry time.

Example --> dhcpserver set subnet sub1 maxleasetime 70000

See also DHCPSERVER SHOW SUBNET

DHCPSERVER SET SUBNET SUBNET

Syntax DHCPSERVER SET SUBNET {<name>|<number>} SUBNET <ip address> <netmask>

Description This command allows you to change the IP address and netmask that define the IP
subnet used by an existing DHCP server subnet.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.
The new IP address for the subnet,
ip address displayed in the IPv4 format (e.g. N/A
192.168.102.3)
The new netmask for the subnet, for
netmask example: N/A
255.255.255.0

Example
--> dhcpserver set subnet sub1 subnet 239.252.197.0 255.255.255.0

See also DHCPSERVER SUBNET ADD IPRANGES

AT-RG 600 Residential Gateway – Software Reference Manual 225

DHCPSERVER SUBNETS CLEAR IPRANGES

DHCPSERVER SHOW
Syntax DHCPSERVER SHOW

Description This command displays the following global configuration information about the
DHCP server:
• status of the server (enabled/disabled)
• global default lease time
• global maximum lease time
• allow bootp requests setting (enable/disable)
• allow unknown clients setting (enable/disable)

Example --> dhcpserver show

Global DHCP Server Configuration:

Status: ENABLED

Default lease time: 43200 seconds

Max. lease time: 86400 seconds

Allow BOOTP requests: true

Allow unknown clients: true

See also DHCPSERVER SHOW SUBNET

DHCPSERVER SHOW SUBNET

Syntax DHCPSERVER SHOW SUBNET {<name>|<number>}

Description This command displays the following information about an existing subnet:
• subnet name
• subnet IP address
• subnet netmask
• subnet maximum lease time
• subnet default lease time

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
226 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

A number that identifies an existing subnet.

number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.

Example --> dhcpserver show subnet sub1

DHCP Server Subnet: sub1

Subnet: 192.168.103.0
Netmask: 255.255.255.0
Max. lease time: 70000 seconds
Default lease time: 30000 seconds

See also DHCPSERVER SHOW

DHCPSERVER SUBNET ADD IPRANGE

Syntax DHCPSERVER SUBNET {<name>|<number>} ADD IPRANGE <startaddr> <endaddr>

Description This command adds a pool of IP addresses to an existing subnet. The DHCP server
can allocate IP addresses from this pool to clients on request.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.
The first IP address in the pool of addresses.
startaddr The IP address is displayed in the IPv4 N/A
format (e.g. 192.168.102.3)
The last IP address in the pool of addresses.
endaddr The IP address is displayed in the IPv4 N/A
format (e.g. 192.168.102.3)

Example
--> dhcpserver subnet sub1 add iprange 239.252.197.0 239.252.197.107

See also DHCPSERVER ADD SUBNET

DHCPSERVER LIST SUBNETS
DHCPSERVER SUBNET LIST IPRANGES

DHCPSERVER SUBNET ADD OPTION

Syntax DHCPSERVER SUBNET {<name>|<number>} ADD OPTION <identifier> <value>
AT-RG 600 Residential Gateway – Software Reference Manual 227

Description This command allows you to configure the DHCP server to send options detailed in
RFC2132. To display a list of available options, use the command DHCPSERVER
LIST OPTIONS.
The heading of each option in the list contains the option identifier and the required
value (in italics) for that specific option. The following is an extract from the option
list, given as an example of the nature of the options:

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.
A text string that identifies a DHCP server
identifier N/A
configuration option.
The value associated with the option
value N/A
identifier.

Example --> dhcpserver subnet sub1 add option auto-configure 1

See also DHCPCLIENT SET INTERFACECONFIG AUTOIP ENABLED|DISABLED

For information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt

DHCPSERVER SUBNET CLEAR IPRANGES

Syntax DHCPSERVER SUBNET {<name>|<number>} CLEAR IPRANGES

Description This command deletes all of the IP ranges set for an existing subnet.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.

Example --> dhcpserver subnet sub1 clear ipranges

228 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

See also DHCPSERVER SUBNET LIST IPRANGES

DHCPSERVER SUBNET DELETE IPRANGE

DHCPSERVER SUBNET CLEAR OPTIONS

Syntax DHCPSERVER SUBNET {<name>|<number>} CLEAR OPTIONS

Description This command deletes the options set for an existing subnet.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.

Example --> dhcpserver subnet sub1 clear options

See also DHCPSERVER LIST SUBNETS

DHCPSERVER SUBNET DELETE OPTION

DHCPSERVER SUBNET DELETE IPRANGE

Syntax DHCPSERVER SUBNET {<name>|<number>} DELETE IPRANGE <range-id>

Description This command deletes a single IP range from an existing subnet.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.

name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an IP range. To list
the existing range-ids for a subnet, use the
range-id N/A
DHCPSERVER SUBNET LIST IPRANGES
command.

Example --> dhcpserver subnet sub1 delete iprange 1

AT-RG 600 Residential Gateway – Software Reference Manual 229

See also DHCPSERVER LIST SUBNETS

DHCPSERVER SUBNET LIST IPRANGES

DHCPSERVER SUBNET DELETE OPTION

Syntax DHCPSERVER SUBNET {<name>|<number>} DELETE OPTION <option number>

Description This command deletes a single option that was added using the DHCPSERVER
SUBNET ADD OPTION command. Once deleted, the option will no longer be given
out by the DHCP server.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.

name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing option.
To list all existing options, use the
option number N/A
DHCPSERVER SUBNET LIST OPTIONS
command.

Example --> dhcpserver subnet sub1 delete option 2

See also DHCPSERVER CLEAR SUBNETS

DHCPSERVER LIST SUBNETS
DHCPSERVER SUBNET LIST OPTIONS

DHCPSERVER SUBNET LIST IPRANGES

Syntax DHCPSERVER SUBNET {<name>|<number>} LIST IPRANGES

Description This command lists the IP range(s) for an existing subnet that have been added
using the DHCPSERVER ADD SUBNET command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

230 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

A name that identifies an existing subnet.

name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.

Example --> dhcpserver subnet sub1 list ipranges

IP Ranges for subnet: sub1
ID | Start Address | End Address
-----|------------------|------------------
1 | 192.168.102.0 | 192.168.102.100
2 | 192.168.102.200 | 192.168.102.300
-------------------------------------------

See also DHCPSERVER LIST SUBNETS

DHCPSERVER SUBNET LIST OPTIONS

Syntax DHCPSERVER SUBNET {<name>|<number>} LIST OPTIONS

Description This command lists the options for an existing subnet that has been added using the
DHCPSERVER ADD SUBNET command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing subnet.
name To display subnet names, use the N/A
DHCPSERVER LIST SUBNETS command.
A number that identifies an existing subnet.
number To display subnet numbers, use the N/A
DHCPSERVER LIST SUBNETS command.

Example --> dhcpserver subnet sub1 list options

Options for subnet: sub1

ID | Identifier | Value
-----|------------------|------------------
1 | ip-forwarding | false
2 | subnet-mask | 255.255.255.0
-------------------------------------------

See also DHCPSERVER LIST SUBNETS

DHCPSERVER UPDATE
Syntax DHCPSERVER UPDATE
AT-RG 600 Residential Gateway – Software Reference Manual 231

Description This command updates the DHCP server configuration. Changes made to the server
configuration will not take effect until this command has been entered.

Example --> dhcpserver update

dhcpserver: Reset request acknowledged. Reset imminent.
232 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCP Client Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the DHCP Client
module.

DHCP client CLI commands

The table below lists the dhcpclient commands provided by the CLI:
Command
DHCPCLIENT ADD INTERFACECONFIG
DHCPCLIENT CLEAR INTERFACECONFIGS
DHCPCLIENT DELETE INTERFACECONFIG
DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION
DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION
DHCPCLIENT INTERFACECONFIG ADD SENT OPTION
DHCPCLIENT INTERFACECONFIG CLEAR REQUESTED OPTIONS
DHCPCLIENT INTERFACECONFIG CLEAR SENT OPTIONS
DHCPCLIENT INTERFACECONFIG DELETE REQUESTED OPTIONS
DHCPCLIENT INTERFACECONFIG DELETE SENT OPTIONS
DHCPCLIENT INTERFACECONFIG LIST REQUESTED OPTIONS
DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS
DHCPCLIENT LIST INTERFACECONFIGS
DHCPCLIENT SET BACKOFF
DHCPCLIENT SET INTERFACECONFIG AUTOIP
DHCPCLIENT SET INTERFACECONFIG CLIENTID
DHCPCLIENT SET INTERFACECONFIG DEFAULTROUTE
DHCPCLIENT SET INTERFACECONFIG DHCPINFORM
DHCPCLIENT SET INTERFACECONFIG DHCPSERVERPOOLSIZE
DHCPCLIENT SET INTERFACECONFIG DHCPSERVERINTERFACE
DHCPCLIENT SET INTERFACECONFIG GIVEDNSTOCLIENT
DHCPCLIENT SET INTERFACECONFIG GIVEDNSTORELAY
DHCPCLIENT SET INTERFACECONFIG INTERFACE
DHCPCLIENT SET INTERFACECONFIG NOCLIENTID
DHCPCLIENT SET INTERFACECONFIG REQUESTEDLEASETIME
DHCPCLIENT SET INTERFACECONFIG SERVER
DHCPCLIENT SET REBOOT
AT-RG 600 Residential Gateway – Software Reference Manual 233

DHCPCLIENT SET RETRY

DHCPCLIENT SHOW
DHCPCLIENT UPDATE

DHCPCLIENT ADD INTERFACECONFIG

Syntax DHCPCLIENT ADD INTERFACECONFIG <name> <ipinterface>

Description This command configures DHCP client parameters for negotiation over an existing
IP interface. This command can only be applied to IP interfaces have DHCP enabled
(see IP SET INTERFACE DHCP command).

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the name

via which the DHCP config on the
corresponding IP interface will be
name N/A
identified. It can be made up of one or more
letters or a combination of letters and digits,
but it cannot start with a digit.
An IP address or a name that identifies an
existing IP interface. The interface must
ipinterface have DHCP enabled. To display interface N/A
names, use the IP LIST INTERFACES
command.

Example --> dhcpclient add interfaceconfig config1 ip1

See also DHCPCLIENT LIST INTERFACECONFIGS

IP LIST INTERFACES
IP SET INTERFACE DHCP

DHCPCLIENT CLEAR INTERFACECONFIGS

Syntax DHCPCLIENT CLEAR INTERFACECONFIGS

Description This command deletes all existing DHCP client interface configurations.

Example --> dhcpclient clear interfaceconfigs

See also DHCPCLIENT LIST INTERFACECONFIGS

234 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCPCLIENT DELETE INTERFACECONFIG

Syntax DHCPCLIENT DELETE INTERFACECONFIG {<name>|<number>}

Description This command deletes a single DHCP client interface configuration.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.

Example --> dhcpclient delete interfaceconfig config1

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT INTERFACECONFIG ADD REQUESTED

OPTION
Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} ADD REQUESTED OPTION
<option>

Description This command tells the DHCP client on a specific interface to request a specified
option from a DHCP server. The requested option is not compulsory - if the option
is not included in a lease offered by DHCP server, the DHCP client will still accept
the offer.
Options are detailed in RFC 2132.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
AT-RG 600 Residential Gateway – Software Reference Manual 235

A number that identifies an existing DHCP

client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A text string that identifies a DHCP server
option N/A
configuration option.

Example
--> dhcpclient interfaceconfig client1 add requested option irc-server

See also DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION

For information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt

DHCPCLIENT INTERFACECONFIG ADD REQUIRED

OPTION
Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} ADD REQUIRED OPTION
<option>

Description This command tells the DHCP client on a particular interface that it requires a
specified option from DHCP server. The required option is compulsory - if the
option is not included in a lease offered by DHCP server, the DHCP client will
ignore the offer.
Options are detailed in RFC 2132.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP

client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A text string that identifies a DHCP server
option N/A
configuration option.

Example
--> dhcpclient interfaceconfig client1 add required option domain-name

See also DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTIONS

DHCPCLIENT INTERFACECONFIG LIST REQUESTED OPTIONS
For information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt
236 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCPCLIENT INTERFACECONFIG ADD SENT

OPTION
Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} ADD SENT OPTION
<option> <value>

Description This command tells the DHCP client on a particular interface to send a value for the
given DHCP configuration option to a DHCP server. The DHCP server’s response
depends on the type of option being sent out

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP client
interface. To display client interface names, use
name N/A
the DHCPCLIENT LIST
INTERFACECONFIGS command
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A text string that identifies a DHCP server
option N/A
configuration option.

value The value associated with the option identifier. N/A

Example To tell the DHCP client to send the DHCP host-name option to the DHCP server
with the value “vancouver” use the following command:

--> dhcpclient interfaceconfig client1 add sent option host-name '"vancouver"'

Note: For options with string-type values associated with them, the option
value must be in double-quotes ("). Also, the entire string including the double
quotes must be inside single quotes (') to ensure that the CLI treats the double
quotes literally.

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS
for information on RFC 2132, see http://www.ietf.org/rfc/rfc2132.txt

DHCPCLIENT INTERFACECONFIG CLEAR

REQUESTED OPTIONS
Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>}CLEAR REQUESTED
AT-RG 600 Residential Gateway – Software Reference Manual 237

OPTIONS

Description This command deletes all options that were previously added to an interfaceconfig
using the DHCPCLIENT INTERFACECONFIG ADD REQUESTED/REQUIRED
OPTION commands

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.

Example --> dhcpclient interfaceconfig client1 clear requested options

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION
DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION
DHCPCLIENT INTERFACECONFIG DELETE REQUESTED OPTION
DHCPCLIENT INTERFACECONFIG DELETE REQUIRED OPTION

DHCPCLIENT INTERFACECONFIG CLEAR SENT

OPTIONS
Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>}CLEAR SENT OPTIONS

Description This command deletes all options that were previously added to an interfaceconfig
using the DHCPCLIENT INTERFACECONFIG ADD SENT OPTION commands

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
238 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

A number that identifies an existing DHCP

client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.

Example --> dhcpclient interfaceconfig client1 clear sent options

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS
DHCPCLIENT INTERFACECONFIG ADD SENT OPTIONS
DHCPCLIENT INTERFACECONFIG DELETE SENT OPTIONS

DHCPCLIENT INTERFACECONFIG DELETE

REQUESTED OPTION
Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>}DELETE REQUESTED
OPTION <option number>

Description This command deletes a single option that was previously added to an
interfaceconfig using the DHCPCLIENT INTERFACECONFIG ADD OPTION
REQUESTED/REQUIRED commands.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an option that is
requested/required from the DHCP server
by the DHCP client. To display option
option number N/A
numbers, use the DHCPCLIENT
INTERFACECONFIG LIST OPTIONS
command.

Example
--> dhcpclient interfaceconfig client1 delete requested option 1

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION
DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION
AT-RG 600 Residential Gateway – Software Reference Manual 239

DHCPCLIENT INTERFACECONFIG DELETE SENT

OPTION
Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>}DELETE SENT OPTION
<option number>

Description This command deletes a single option that was previously added to an
interfaceconfig using the DHCPCLIENT INTERFACECONFIG ADD SENT
OPTION command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an option that is
requested/required from the DHCP server
by the DHCP client. To display option
option number N/A
numbers, use the DHCPCLIENT
INTERFACECONFIG LIST SENT OPTIONS
command.

Example --> dhcpclient interfaceconfig client1 delete sent option 1

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS
DHCPCLIENT INTERFACECONFIG ADD SENT OPTIONS

DHCPCLIENT INTERFACECONFIG LIST REQUESTED

OPTIONS
Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} LIST REQUESTED
OPTIONS

Description This command lists the options that the DHCP client requests and/or requires from
the DHCP server. These options were set using the DHCPCLIENT
INTERFACECONFIG ADD REQUESTED/REQUIRED OPTION commands.
The following information are displayed:
• Option identification number
240 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

• Option identifier (name)

• Requirement status - true for options that were added using the DHCPCLIENT
INTERFACECONFIG ADD REQUIRED OPTION command, false for options
added using the DHCPCLIENT INTERFACECONFIG ADD REQUESTED
OPTION command.
Options and their values are detailed in RFC2132.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP

client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.

Example
--> dhcpclient interfaceconfig client1 list requested options

DHCP client requested options: client1

ID | Identifier | Is option required?

-----|--------------------|---------------------
1 | host-name | false
2 | domain-name | true
------------------------------------------------

See also DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION

DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION
DHCPSERVER SUBNET ADD OPTION

DHCPCLIENT INTERFACECONFIG LIST SENT

OPTIONS
Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} LIST SENT OPTIONS

Description This command displays a list of the options that the DHCP client sends to the
DHCP server. These options were set using the DHCPCLIENT
INTERFACECONFIG ADD SENT OPTION command.
The following information are displayed:
• Option identification number
AT-RG 600 Residential Gateway – Software Reference Manual 241

• Option identifier (name)

• Suggested value
Options and their values are detailed in RFC2132.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.

Example
--> dhcpclient interfaceconfig client1 list sent options

DHCP client requested options: client1

ID | Identifier | Suggested value

-----|--------------------|---------------------
1 | host-name | vancouver
2 | domain-name | alliedtelesyn
------------------------------------------------

See also DHCPCLIENT INTERFACECONFIG ADD SENT OPTIONS

DHCPCLIENT INTERFACECONFIG CLEAR SENT OPTIONS
DHCPSERVER SUBNET ADD OPTION

DHCPCLIENT LIST INTERFACECONFIGS

Syntax DHCPCLIENT LIST INTERFACECONFIGS

Description This command lists the following information about existing DHCP client
interfaces:
• interface identification number
• interface name
• IP interface configured by the client interface
• requested lease time (in seconds)
• client identifier (if set)
• Status of IP address auto-configuration (true or false)

Example
--> dhcpclient list interfaceconfigs
DHCP Client Declarations:
242 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

Requested
ID | Name | Interface | Lease Time | Client ID | AutoIP
-----|------------|------------|------------|-------------------|--------
1 | client1 | ip1 | 9000 | 00:11:22:33:44:5a | true

See also DHCPCLIENT SHOW

DHCPCLIENT SET INTERFACECONFIG REQUESTEDLEASETIME
DHCPCLIENT SET INTERFACECONFIG CLIENTID
DHCPCLIENT SET INTERFACECONFIG AUTOIP

DHCPCLIENT SET BACKOFF

Syntax DHCPCLIENT SET BACKOFF <backofftime>

Description This command sets the global maximum time (in seconds) that a DHCP client
interface will `back off' between issuing individual DHCP requests. This prevents
many clients trying to configure themselves at the same time, and sending too many
requests at once.

To retrieve the current settings, use the DHCPCLIENT SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The maximum number of seconds that the
backofftime DHCP client can pause for between 120
unsuccessful DHCP negotiations.

Example --> dhcpclient set backoff 200

See also DHCPCLIENT SHOW

DHCPCLIENT SET INTERFACECONFIG AUTOIP

Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} AUTOIP {ENABLED |
DISABLED}

Description This command enables/disables IP address auto-configuration (Auto-IP).

Auto-IP automatically configures an IP address when a DHCP client fails to contact
a DHCP server and cannot obtain a lease. An IP address in the 169.254.0.0 subnet is
automatically created, and ARP requests are issued for the suggested IP address.
The address is abandoned if it already exists on the network or if any other host on
the network issues an ARP probe for that IP address.
Once an IP address has been automatically configured, the DHCP client continues to
check whether or not it can contact a DHCP server. If the client can contact a DHCP
server and obtain a legitimate lease, the legitimate lease will supersede the auto-
configured IP address.
AT-RG 600 Residential Gateway – Software Reference Manual 243

To retrieve the current settings, use the DHCPCLIENT SHOW command.

Note: Even if Auto-IP has been enabled using this command, IP address auto-
configuration will not be carried out if a DHCP server on the same network
does not allow it. See the DHCPSERVER SUBNET ADD OPTION command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
ENABLED Enables Auto-IP on a specified dhcp client.
enabled
DISABLED Disables Auto-IP on a specified dhcp client.

Example --> dhcpclient set interfaceconfig mycfg autoip enabled

See also DHCPSERVER SUBNET ADD OPTION (see the specific example given for this
command)
For further information on the RFC standard for DHCP IP address auto-
configuration, see http://www.ietf.org/rfc/rfc2563.txt.

DHCPCLIENT SET INTERFACECONFIG CLIENTID

Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} CLIENTID <clientid>

Description This command sets a unique client identifier that the DHCP server uses to identify
the client.

To retrieve the current settings, use the DHCPCLIENT SHOW

INTERFACECONFIG command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP

client interface. To display client interface
Name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
244 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

A number that identifies an existing DHCP

client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A unique identifier that DHCP server can
use to identify the client. For Microsoft
DHCP servers, the client ID should be the
Client id MAC address of the system that DHCP is N/A
running on. For other DHCP servers, the
client ID can be a MAC address or a text
string such as the hostname.

Example
--> dhcpclient set interfaceconfig client1 clientid 00:11.22.33.44.5a

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT SET INTERFACECONFIG

DEFAULTROUTE
Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} DEFAULTROUTE
{ENABLED|DISABLED}

Description This command enables/disables whether the DHCP client makes use of default
gateway information received from a DHCP server. If no DHCP interfaceconfigs
have been added to the system, by default the DHCP client will use default gateway
information received from a DHCP server.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
DHCP client uses default gateway
ENABLED
information it receives from DHCP server.
enabled
DHCP client does not use default gateway
DISABLED
information it receives from DHCP server.

Example
--> dhcpclient set interfaceconfig client1 defaultroute disabled
AT-RG 600 Residential Gateway – Software Reference Manual 245

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT SET INTERFACECONFIG

DHCPINFORM
Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} DHCPINFORM
{ENABLED|DISABLED}

Description This command enables/disables whether a DHCP client uses the dhcpinform message
type. This DHCP message type is used whenever a client has obtained an IP address
or subnet mask (for example, the address has been manually configured or obtained
through PPP/IPCP), but wishes to obtain extra configuration parameters (such as
NS servers or default gateway) from a DHCP server.

To retrieve the current settings, use the DHCPCLIENT SHOW

INTERFACECONFIG command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP

client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command
Enables the dhcpinform message type. IP
ENABLED address and subnet mask will not be
disabled
negotiated if this mode is selected.
DISABLED Disables the dhcpinform message type

Example
--> dhcpclient set interfaceconfig client1 dhcpinform disabled

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT SET INTERFACECONFIG SERVER

DHCPCLIENT SET INTERFACECONFIG

DHCPSERVERPOOLSIZE
Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>}
DHCPSERVERPOOLSIZE <pool size>

Description This command tells a DHCP client to configure a DHCP server on the LAN if the
246 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

given address pool size is set to a number greater than 0. The LAN DHCP server is
configured using parameters received by a DHCP client interface on the WAN.
Information such as DNS server addresses can then be distributed to LAN clients.
The new DHCP server uses its lan IP address as the address to give out as the
default gateway address.

To retrieve the current settings, use the DHCPCLIENT SHOW

INTERFACECONFIG command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP client
interface. To display client interface names, use
name NA
the DHCPCLIENT LIST
INTERFACECONFIGS command
A number that identifies an existing DHCP client
interface. To display client interface numbers,
number NA
use the DHCPCLIENT LIST
INTERFACECONFIGS command
The number of DHCP client addresses in a pool.
The first address in the pool is the address
immediately after the LAN DHCP address. For
pool size NA
example, if the LAN DHCP address is
192.168.102.3, the first address in the pool will be
192.168.102.4.

Example
--> dhcpclient set interfaceconfig client1 dhcpserverpoolsize 20

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT SET INTERFACECONFIG

DHCPSERVERINTERFACE
Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>}
DHCPSERVERINTERFACE <interface name>

Description This command allows the user to specify an existing IP interface on which the
automatically configured DHCP server can be created. If the interface name does
not correspond with an existing IP interface, the DHCP server will be placed on the
first LAN interface that it finds.

Note: When the DHCP server is automatically configured, the

DHCPSERVERPOOLSIZE is set to 20 hosts.
AT-RG 600 Residential Gateway – Software Reference Manual 247

To retrieve the current settings, use the DHCPCLIENT SHOW

INTERFACECONFIG command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP client
interface. To display client interface names, use
name NA
the DHCPCLIENT LIST
INTERFACECONFIGS command
A number that identifies an existing DHCP client
interface. To display client interface numbers,
number NA
use the DHCPCLIENT LIST
INTERFACECONFIGS command
The name that identifies an existing IP interface.
interface name To display IP interface names, use the IP LIST NA
INTERFACES command

Example
--> dhcpclient set interfaceconfig client1 dhcpserverinterface ip2

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT SET INTERFACECONFIG DHCPSERVERPOOLSIZE

DHCPCLIENT SET INTERFACECONFIG

GIVEDNSTOCLIENT
Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} GIVEDNSTOCLIENT
{ENABLED|DISABLED}

Description This command enables/disables whether a DHCP client passes received DNS server
addresses to the DNS client. If no DHCP interfaceconfigs have been added to the
system, by default the DHCP client will not pass DNS server addresses to the DNS
client.

To retrieve the current settings, use the DHCPCLIENT SHOW

INTERFACECONFIG command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP

client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
248 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

A number that identifies an existing DHCP

client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
DHCP client passes learnt DNS server
ENABLED
addresses to the DNS client.
disabled
DHCP client does not pass learnt DNS
DISABLED
server addresses to the DNS client.

Example
--> dhcpclient set interfaceconfig client1 givednstoclient disabled

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT SET INTERFACECONFIG

GIVEDNSTORELAY
Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} GIVEDNSTORELAY
{ENABLED|DISABLED}

Description This command enables/disables whether a DHCP client passes received DNS server
addresses to the DNS relay. If no DHCP interfaceconfigs have been added to the
system, by default the DHCP client will pass DNS server addresses to the DNS
relay.

To retrieve the current settings, use the DHCPCLIENT SHOW

INTERFACECONFIG command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
DHCP client passes learnt DNS server
ENABLED
addresses to the DNS relay.
enabled
DHCP client does not pass learnt DNS
DISABLED
server addresses to the DNS relay.

Example
--> dhcpclient set interfaceconfig client1 givednstorelay disabled
AT-RG 600 Residential Gateway – Software Reference Manual 249

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPCLIENT SET INTERFACECONFIG INTERFACE

Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} INTERFACE
<ipinterface>

Description This command sets the IP interface that will have its configuration set by the DHCP
client interface. The client interface can only set the IP configuration if the IP
interface has DHCP enabled, using the IP SET INTERFACE DHCP command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP

client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A name that identifies an existing IP
interface. The interface must have DHCP
ipinterface N/A
enabled. To display interface names, use the
IP LIST INTERFACES command.

Example
--> dhcpclient set interfaceconfig client1 interface ip2

See also DHCPCLIENT LIST INTERFACECONFIGS

IP LIST INTERFACES
IP SET INTERFACE DHCP

DHCPCLIENT SET INTERFACECONFIG NOCLIENTID

Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} NOCLIENTID

Description This command deletes a client identifier from a DHCP client.

The DHCP server must have 'allowunknownclients' enabled in order to work with
DHCP clients that are not specifically named in DHCP server configuration or its
lease database.

Options The following table gives the range of values for each option which can be specifie
d with this command and a default value (if applicable).
250 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.

Example
--> dhcpclient set interfaceconfig client1 noclientid

See also DHCPCLIENT SET INTERFACECONFIG CLIENTID

DHCPSERVER SET ALLOWUNKNOWNCLIENTS

DHCPCLIENT SET INTERFACECONFIG

REQUESTEDLEASETIME
Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>}
REQUESTEDLEASETIME <requestedleasetime>

Description The DHCP client requests a specific lease time from the DHCP server for the
allocated IP addresses. This command determines the length of lease time
requested. The DHCP server will `cap' a requested lease time if it is too large.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name N/A
names, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
A number that identifies an existing DHCP
client interface. To display client interface
number N/A
numbers, use the DHCPCLIENT LIST
INTERFACECONFIGS command.
requested lease The lease time (in seconds) that a DHCP
86400
time client requests from the DHCP server.

Example
--> dhcpclient set interfaceconfig client1 requestedleasetime 70000

See also DHCPCLIENT LIST INTERFACECONFIGS

DHCPSERVER SET MAXLEASETIME
DHCPSERVER SET DEFAULTLEASETIME
AT-RG 600 Residential Gateway – Software Reference Manual 251

DHCPCLIENT SET INTERFACECONFIG SERVER

Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} SERVER <ipaddress>

Description If DHCPCLIENT SET DHCPINFORM has been set to enabled, this command will
unicast the first DHCPINFORM message to the specific DHCP server at the
specified IP address. If the first unicast fails, the DHCPINFORM will default to
broadcasting its messages.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing DHCP
client interface. To display client interface
name NA
names, use the dhcpclient list
interfaceconfigs command..
A number that identifies an existing DHCP
client interface. To display client interface
number NA
numbers, use the dhcpclient list
interfaceconfigs command
The IP address of a DHCP server that
DHCP client can use to obtain configuration
ipaddress parameters. The IP address is displayed in NA
the following format:
192.168.102.3

Example
--> dhcpclient set interfaceconfig client1 server 192.168.101.2

See also DHCPSERVER SET INTERFACECONFIG DHCPINFORM

DHCPCLIENT SET REBOOT

Syntax DHCPCLIENT SET REBOOT <reboottime>

Description When the DHCP client is restarted, it tries to reacquire the last address that it had.
This command sets the time for which the client tries to reacquire its last address. At
the expiry of this time, it gives up and tries to discover a new address.

To retrieve the current settings, use the DHCPCLIENT SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

252 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

The time (in seconds) for which a client tries

to reacquire the last IP address it had. After
reboottime 10
this time the client gives up and tries to
discover a new address.

Example --> dhcpclient set reboot 5

DHCPCLIENT SET RETRY

Syntax DHCPCLIENT SET RETRY <retrytime>

Description This command sets the time that must pass after the client has determined that no
DHCP server is present before it tries again to contact a DHCP server.

To retrieve the current settings, use the DHCPCLIENT SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The time (in seconds) that must pass after
the client has determined that no DHCP
retrytime 300
server is present before it tries again to
contact a DHCP server.

Example --> dhcpclient set retry 150

DHCPCLIENT SHOW
Syntax DHCPCLIENT SHOW

Description This command displays the following global configuration information about
DHCP client:
• reboot time
• retry time
• maximum backoff time

Example --> dhcpclient show

Global DHCP Client Configuration:

Reboot time: 10
Retry time: 300
Max. backoff time: 120

See also DHCPCLIENT SET REBOOT

DHCPCLIENT SET RETRY
DHCPCLIENT SET BACKOFF
AT-RG 600 Residential Gateway – Software Reference Manual 253

DHCPCLIENT UPDATE
Syntax DHCPCLIENT UPDATE

Description This command updates the DHCP client configuration. Changes made to the client
configuration are not actually applied until this command has been entered.

Example --> dhcpclient update

dhcpclient: Reset request acknowledged. Reset imminent.
254 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCP Relay Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage DHCP Relay
module.

DHCP relay CLI commands

The table below lists the DHCP relay commands provided by the CLI:
Command
DHCPRELAY ADD SERVER
DHCPRELAY CLEAR SERVERS
DHCPRELAY DELETE SERVER
DHCPRELAY ENABLE|DISABLE
DHCPRELAY LIST SERVERS
DHCPRELAY SHOW
DHCPRELAY UPDATE

DHCPRELAY ADD SERVER

Syntax DHCPRELAY ADD SERVER <ipaddress>

Description This command adds the IP address of a DHCP server to the DHCP relay's list of
server IP addresses. The relay can store a maximum of 10 DHCP server addresses.
Any new server IP addresses added are not actually used until the DHCPRELAY
UPDATE command has been entered.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The IP address of a DHCP server that
DHCP relay can use. The IP address is
ipaddress N/A
displayed in the IPv4 format (e.g
192.168.102.3)

Example --> dhcprelay add server 239.252.197.0

See also DHCPSERVER LIST SUBNETS

DHCPRELAY UPDATE

DHCPRELAY CLEAR SERVERS

Syntax DHCPRELAY CLEAR SERVERS
AT-RG 600 Residential Gateway – Software Reference Manual 255

Description This command deletes all DHCP server IP addresses stored in DHCP relay's list of
server IP addresses.

Example --> dhcprelay clear servers

See also DHCPRELAY DELETE SERVER

DHCPRELAY DELETE SERVER

Syntax dhcprelay delete server <number>

Description This command deletes a single DHCP server address stored in the DHCP relay's list
of server IP addresses.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
Option Description Default Value
A number that identifies the DHCP server
in the DHCP relay’s list of servers. To
number N/A
display server numbers, use the
DHCPRELAY LIST SERVERS command.

Example --> dhcprelay delete server 3

See also DHCPRELAY LIST SERVERS

DHCPRELAY CLEAR SERVERS

DHCPRELAY ENABLE|DISABLE
Syntax DHCPRELAY {ENABLE|DISABLE}

Description This command enables/disables DHCP relay.

DHCP relay must be enabled in order to carry out any DHCP relay configuration.

Note: DHCP relay and DHCP server cannot be enabled at the same time. Trying
to configure DHCP relay when DHCP server is enabled results in CLI warning
message.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

ENABLE Enables configuration of DHCP relay.
enable
DISABLE Disables configuration of DHCP relay.

Example --> dhcprelay enable

256 Chapter 10 – Dynamic Host Configuration Protocol - DHCP

See also DHCPSERVER ENABLE|DISABLE

DHCPRELAY LIST SERVERS

Syntax DHCPRELAY LIST SERVERS

Description This command displays the DHCP relay's list of DHCP server IP addresses with
their identification numbers.

Example --> dhcprelay list servers

DHCP Servers:

ID | IP Address
-----|------------------
1 | 192.168.102.3
2 | 239.252.197.0
------------------------

See also DHCPSERVER LIST SUBNETS

DHCPRELAY SHOW
Syntax DHCPRELAY SHOW

Description This command tells you whether DHCP relay is enabled or disabled.

Example --> dhcprelay show server

Global DHCP Relay Configuration:

Status: ENABLED

See also DHCPRELAY ENABLE|DISABLE

DHCPRELAY UPDATE
Syntax DHCPRELAY UPDATE

Description This command updates the DHCP relay configuration. Changes made to the relay
configuration will not take effect until this command has been entered.

Example --> dhcprelay update

dhcprelay: Reset request acknowledged. Reset imminent.
AT-RG 600 Residential Gateway – Software Reference Manual 257

Chapter 11

Domain Name System -DNS

Introduction
DNS is an abbreviation for Domain Name System, a system for naming computers
and network services that is organized into a hierarchy of domains. DNS naming is
used in TCP/IP networks, such as the Internet, to locate computers and services
through user-friendly names. When a user enters a DNS name in an application,
DNS services can resolve the name to other information associated with the name,
such as an IP address.
For example, most users prefer a friendly name such as “alliedtelesyn.com” to locate
a computer such as a mail or web server on a network. A friendly name can be
easier to learn and remember. However, computers communicate over a network by
using numeric addresses. To make use of network resources easier, name services
such as DNS provide a way to map the user-friendly name for a computer or service
to its numeric address. If you have ever used a Web browser, you have used DNS.
The following graphic shows a basic use of DNS, which is finding the IP address of
a computer based on its name.

Figure 12. Domain Name System

258 Chapter 11 – Domain Name System - DNS

In this example, a client computer queries a server, asking for the IP address of a
computer configured to use host.alliedtelesyn.com as its DNS domain name.
Because the server is able to answer the query based on its local database, it replies
with an answer containing the requested information, which is a host (A) resource
record that contains the IP address information for host.alliedtelesyn.com. The
example shows a simple DNS query between a single client and server. In practice,
DNS queries can be more involved than this and include additional steps not shown
here.

DNS Relay
The AT-RG613, AT-RG623 and AT-RG656 can act as a DNS relay. So, DNS packets
which arrive at the Residential Gateway, addressed to the Residential Gateway, will
be relayed on to a known DNS Server.
In this way, devices on the LAN can treat the Residential Gateway as though it were
the DNS Server. Only the Residential Gateway needs to know the address of the real
DNS Server looking into it's internal DNS Relay servers list.
It's possible configure the DHCP server running on the internal Residential
Gateway's IP interface in order to offer the IP address of it's internal IP interface as
DNS server's IP address for the internal hosts DNS requests.
It's also possible write a file named "dnsrelaylandb" with information about host
attributes and a domain name and IP address mask. When DNS relay will receive a
DNS request it will check if the answer to this request is in this file and in this case it
will answer to the question; if it hasn’t enough information it will forward the
request to a DNS server.
It is possible to nominate both a primary and a secondary DNS server to contact.
DNS responses received from the server are then forwarded back to the original
host making the DHCP request.
Both UDP and TCP DNS requests are supported.
The DNS relay does not bind itself to any one specific interface or interface type, but
rather will listen for traffic on all available IP interfaces. It relies on the well-known
UDP and TCP port number for a DNS server (port number 53) for receiving DNS
traffic.

DNS Client
AT-RG613, AT-RG623 and AT-RG656 are provided with an internal DNS client, to
use this function you must add DNS server addresses that will be used by the
Residential Gateway ONLY for its own lookups.
AT-RG 600 Residential Gateway – Software Reference Manual 259

DNS Relay Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the DNS
Relay module.

DNS Relay CLI commands

The table below lists the dnsrelay commands provided by the CLI:
Command
dnsrelay add server
dnsrelay clear cache
dnsrelay clear landatabase
dnsrelay clear servers
dnsrelay delete server
dnsrelay list servers
dnsrelay set landatabasefile
dnsrelay show lanaddress
dnsrelay show landomainnam
dnsrelay show landatabasefilename

DNSRELAY ADD SERVER

Syntax DNSRELAY ADD SERVER <ip-address>

Description This command adds the IP address of a DNS server to DNS relay's list of server IP
addresses. The relay can store a maximum of 10 DNS server addresses.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The IP address of a DNS server that DNS
ip-address relay can use. The IP address is displayed in 0.0.0.0
the IPv4 format (e.g. 192.168.102.3)

Example --> dnsrelay add server 10.17.90.100

See also DNSRELAY LIST SERVERS

DNSRELAY CLEAR CACHE

Syntax DNSRELAY CLEAR CACHE
260 Chapter 11 – Domain Name System - DNS

Description This command clears the DNS relay cache in the current session. DNS relay has a
small local cache of DNS entries to increase performance for lookups of frequently
used destinations.

Example --> dnsrelay clear cache

DNSRELAY CLEAR LANDATABASE

Syntax DNSRELAY CLEAR LANDATABASE

Description This command clears the DNS relay LAN database that was set using the
DNSRELAY SET LANDATABASEFILE command.

Example --> dnsrelay clear landatabase

See also DNSRELAY SET LANDATABASEFILE

DNSRELAY SHOW LANDATABASEFILENAME

DNSRELAY CLEAR SERVERS

Syntax DNSRELAY CLEAR SERVERS

Description This command deletes all DNS server IP addresses stored in DNS relay's list of
server IP addresses.

Example --> dnsrelay clear servers

See also DNSRELAY DELETE SERVER

DNSRELAY DELETE SERVER

Syntax DNSRELAY DELETE SERVER <id-number>

Description This command deletes a single DNS server address stored in DNS relay's list of
server IP addresses.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A number that identifies the DNS server in

the DNS relay list. To display server
id- number N/A
numbers, use the DNSRELAY LIST
SERVERS command
AT-RG 600 Residential Gateway – Software Reference Manual 261

Example --> dnsrelay delete server 3

See also DNSRELAY LIST SERVERS

DNSRELAY LIST SERVERS

Syntax DNSRELAY LIST SERVERS

Description This command displays the DNS relay's list of DNS server IP addresses with their
identification numbers.

Example --> dnsrelay list servers

DNS Relay Servers:

ID | IP Address
-----|------------------
1 | 239.252.197.0
------------------------

DNSRELAY SET LANDATABASEFILE

Syntax DNSRELAY SET LANDATABASEFILE <filename>

Description This command tells DNS relay which filename it should load its local database
from. The file is an ASCII file that you have created and stored in the ISFS
configuration file.
The landatabase file contains the following:
• information about local host names and IP addresses
• the domain name that the relay should use
• the IP address and netmask that the relay should use
Once the filename is set, DNS relay will load this database and use it to answer
requests for local host names and/or IP addresses. Your LAN then has its own small
DNS relay local database.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The name of an existing file that contains a
filename database of LAN host names and IP N/A
addresses.

Example --> dnsrelay set landatabasefile dnsrelaylandb

See also DNSRELAY SHOW LANDATABASEFILENAME

262 Chapter 11 – Domain Name System - DNS

DNSRELAY SHOW LANADDRESS

Syntax DNSRELAY SHOW LANADDRESS

Description This command displays the IP address and subnet mask that the DNS relay uses to
determine if a query is for an element of the local database. These information are in
collected in the LANDATABASEFILENAME file.

Example --> dnsrelay show lanaddress

LAN IP Address: 172.16.200.0
LAN IP Mask: 255.255.255.0

See also DNSRELAY SHOW LANDOMAINNAME

DNSRELAY SHOW LANDOMAINNAME

Syntax DNSRELAY SHOW LANDOMAINNAME

Description This command displays the domain name used by the DNS relay to determine if a
host name request is for the local database. These information are in collected in the
LANDATABASEFILENAME file.

Example --> dnsrelay show landomainname

LAN Domain Name: atkk.com

See also DNSRELAY SHOW LANADDRESS

DNSRELAY SHOW LANDATABASEFILENAME

Syntax DNSRELAY SHOW LANDATABASEFILENAME

Description This command displays the name of the file that was set using the DNSRELAY SET
LANDATABASEFILENAME command. The second example shows the
LANDATABASEFILENAME content.

Example --> dnsrelay show landatabasefilename

LAN Database File Name: //isfs/dnsrelaylandb

Example --> domain_name yourdomain.com.

lan_address 172.39.10.0
lan_mask 255.255.255.0

host_name host1.yourdomain.com.
address 172.39.10.10

host_name host1.yourdomain.com.
address 172.39.10.15

See also DNSRELAY SET LANDATABASEFILE

AT-RG 600 Residential Gateway – Software Reference Manual 263

DNS Client Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the DNS Client
module.

DNS Client CLI commands

The table below lists the DNSCLIENT commands provided by the CLI:
Command
dnsclient add searchdomain
dnsclient add server
dnsclient clear searchdomains
dnsclient clear servers
dnsclient delete searchdomain
dnsclient delete server
dnsclient list searchdomains
dnsclient list servers

DNSCLIENT ADD SEARCHDOMAIN

Syntax DNSCLIENT ADD SEARCHDOMAIN <searchstring>

Description This command creates a domain search list. The DNS client uses this list when a
user asks for the IP address of a host, but specifies an incomplete domain name for
the host. The search string specified replaces any previous search strings added
previously using this command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A search string used to find the IP address
for an incomplete domain name. You can
searchstring N/A
have a maximum of 6 incomplete domain
names in the search string.

Example --> dnsclient add searchdomain alliedtelesyn.com

DNSCLIENT ADD SERVER

Syntax DNSCLIENT ADD SERVER <ipaddress>

Description This command adds a server IP address to the server list. This enables you to
retrieve a domain name for a given IP address.
264 Chapter 11 – Domain Name System - DNS

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The IP address of the server that has an
unknown domain name. You can add a
maximum of 3 addresses to the server list.
ipaddress N/A
The IP address is displayed in the following
format:
192.168.102.3

Example --> dnsclient add server 192.168.219.196

DNSCLIENT CLEAR SEARCHDOMAINS

Syntax DNSCLIENT CLEAR SEARCHDOMAINS

Description This command deletes all domain names from the domain search list.

Example --> dnsclient clear searchdomains

See also DNSCLIENT ADD SEARCHDOMAIN

DNSCLIENT DELETE SEARCHDOMAIN

DNSCLIENT CLEAR SERVERS

Syntax DNSCLIENT CLEAR SERVERS

Description This command deletes all the server IP addresses to the server list.

Example --> dnsclient clear servers

See also DNSCLIENT ADD SEARCHDOMAIN

DNSCLIENT DELETE SERVER

DNSCLIENT DELETE SEARCHDOMAIN

Syntax DNSCLIENT DELETE SEARCHDOMAIN <searchstring>

Description This command deletes a single domain name from the domain search list.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A number that identifies a search string
searchstring N/A
used to find the IP address for an
AT-RG 600 Residential Gateway – Software Reference Manual 265

incomplete domain name. To list domain

search strings, use the DNSCLIENT LIST
SEARCHDOMAINS command.

Example --> dnsclient delete searchdomain 1

DNSCLIENT DELETE SERVER

Syntax DNSCLIENT DELETE SERVER <number>

Description This command deletes a single server IP addresses from the server list.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The server number that identifies an IP
address of the server that has an unknown
number domain name. To display server numbers, N/A
use the DNSCLIENT LIST SERVERS
command.

Example --> dnsclient delete server 1

DNSCLIENT LIST SEARCHDOMAINS

Syntax DNSCLIENT LIST SEARCHDOMAINS

Description This command lists the domain search strings that you have added to the DNS
client using the DNSCLIENT ADD SEARCHDOMAIN command. The DNS client
uses this list when a user asks for the IP address of a host, but specifies an
incomplete domain name for the host.

Example --> dnsclient list searchdomains

ID | Domain
-----|---------------------
1 | alliedtelesyn.com
---------------------------

DNSCLIENT LIST SERVERS

Syntax DNSCLIENT LIST SERVERS

Description This command lists the server IP addresses that you have added to the DNS client
using the DNSCLIENT ADD SERVER command. The DNS client uses this list to
retrieve a domain name for a given IP address.

Example --> dnsclient list servers

DNS Client Servers:
266 Chapter 11 – Domain Name System - DNS

ID | IP Address
----|------------------
1 | 192.168.100.7
2 | 192.168.100.1
------------------------
AT-RG 600 Residential Gateway – Software Reference Manual 267

Chapter 12

SNTP

The SNTP Version 4 client is an OSI Layer 7 application that allows the
synchronization of the AT-RG613, AT-RG623 and AT-RG656 system clock to global
sources of time-based information using UDP.
Its detailed implementation, which is described in RFC 2030, provides a complete
and simplified method to access international timeservers to receive, organize and
adjust the time-synchronization of the local system.
The SNTP client described herein is a scaled down version of the Network Time
Protocol (NTP) which is specified in RFC 1305. The main difference between an
SNTP and an NTP client is the fact that most SNTP clients will interact with, at
most, a single (S)NTP server. Also, SNTP Version 4 clients include an “anycast”
mode in addition to unicast and broadcast access modes not available in past
versions of NTP/SNTP clients

SNTP Features
The following feature are available on then AT-RG613, AT-RG623 and AT-RG656
Residential Gateway:
• Boot time and runtime synchronization of the system clock can both be
configured.
• SNTP in the AT-RG613, AT-RG623 and AT-RG656 system can function in one of
three transfer modes:
o Unicast Mode - The SNTP client sends to a server, located at a
specific previously configured address, a request for time
synchronization and expects a reply only from that particular
server.
o Broadcast /Multicast Mode - A multicast NTP server periodically
transmits a message to the local subnet broadcast address. The
client is configured to listen, and receives the synchronized time-
based information. The client then configures itself based on this
information, but sends no reply
268 Chapter 12 – SNTP

o Anycast Mode – When the client is configured in anycast mode, it

sends out a sync request to a local subnet broadcast address. One
or several anycast SNTP servers can respond with an individual
timestamp and a unicast address. The client subsequently binds
to the first response it receives and continues its operations in a
unicast mode with that particular server. Any other server
responses that are received by the client afterwards are ignored.
• 64 local time zones (which include summertime /daylight savings time)
configurations are supported (see [10]).
• Automatic periodic timeserver polling is configurable.
• Configuration of packet timeouts and retry transmissions is supported.
• Getting NTP Time Server IP Addresses via DNS lookup can be used.
The SNTP client mode session uses the standard remote UDP port 123 for all data
transfers. Port 123 will be used in both the Source Port and Destination Port fields of
the UDP header.

Time Zones and Daylight Savings (Summer Time)

Conversion
Although Daylight Savings (a.k.a. Summer Time) time zones are configurable using
the SNTP client; there is no mechanism for the automatic change to/from a standard
time/daylight savings time.
Therefore, the user must manually configure the local time zone when the change in
standard time occurs.
For example, if the client configures the system time for EDT (US Eastern Daylight
Time) which is –4h UTC, and a time change date arrives, the client will not
automatically adjust the time or time zone to US Eastern Standard Time (-5h UTC)
on any new time synchronization.
A manual time zone configuration change from the user is needed to handle this
transition.
AT-RG 600 Residential Gateway – Software Reference Manual 269

SNTP Command Reference

This section describes the commands available on AT-RG613, AT-RG623 and AT-
RG656 residential Gateway to enable, configure and manage SNTP module.

SNTP CLI commands

The table below lists the SNTPCLIENT commands provided by the CLI:
Command

SNTPCLIENT SET CLOCK

SNTPCLIENT SET MODE
SNTPCLIENT SET POLL-INTERVAL
SNTPCLIENT SET RETRIES
SNTPCLIENT SET SERVER
SNTPCLIENT SET TIMEOUT
SNTPCLIENT SET TIMEZONE
SNTPCLIENT SHOW ASSOCIATION

SNTPCLIENT SET CLOCK

Syntax SNTPCLIENT SET CLOCK <yyyy:mm:dd:hh:mm:ss>

Description This command sets the system clock to a specific time and date. This command can
be used as an alternative to synchronizing the local system clock via internal or
external timeservers.

Example The following command sets the system clock to 11:10:13pm, 2nd November 2001:

--> sntpclient set clock 2001:11:02:23:10:13

SNTPCLIENT SET MODE

Syntax SNTPCLIENT SET MODE {UNICAST|BROADCAST|ANYCAST} {ENABLE|DISABLE}

Description This command enables/disables a particular access mode for the STNP client. There
are three modes to choose from, and each mode can be separately enabled or
disabled:
• Unicast mode
• Enable - the mode sends unicast messages to the IP address or hostname in
the SNTP server association list. The SNTP client attempts to contact the
specific server in the association in order to receive a timestamp when the
sntpclient sync command is issued.
• Disable - the unicast server is removed from the association list.
270 Chapter 12 – SNTP

• Broadcast mode
• Enable - allows the SNTP client to accept time synchronization broadcast
packets from an SNTP server located on the network, and updates the local
system time accordingly.
• Disable - stops synchronization via broadcast mode.

• Anycast mode
• Enable - the SNTP client sends time synchronized broadcast packets to the
network and subsequently expects a reply from a valid timeserver. The
client then uses the first reply it receives to establish a link for future sync
operations in unicast mode. This server will then be added to the server
association list. The client ignores any later replies from other servers after
the first one is received. The server learnt by the anycast process takes
precedence over any entries currently in the associations list when the
sntpclient sync command is issued.
• Disable - stops synchronization via anycast mode.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Sets the time synchronous access mode to

UNICAST N/A
use the unicast server.
Sets the time synchronous access mode to
BROADCAST N/A
use the broadcast server.
Sets the time synchronous access mode to
ANYCAST N/A
use the anycast server.
Enables the selected time synchronous
ENABLE N/A
access mode.
Enables the selected time synchronous
DISABLE N/A
access mode.

Example --> sntpclient set mode anycast enable

See also SNTPCLIENT SET SERVER

SNTPCLIENT SET POLL-INTERVAL

Syntax SNTPCLIENT SET POLL-INTERVAL <0-30>

Description This command sets the SNTP client to automatically send a time synchronization
request (specific to the mode) to the network at a specific interval. If the poll-
interval is set to 0, the polling mechanism will be disabled.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 271

Option Description Default Value

Sets the polling interval (in minutes) that
0-30 SNTP client will send a time sync request. 0 (disabled)
This can be any value between 0 and 30.

Example --> sntpclient set poll-interval 10

SNTPCLIENT SET RETRIES

Syntax SNTPCLIENT SET RETRIES <0-10>

Description This command sets the number of retry attempts that will be made when no
response is received from a timeserver. If the client receives no reply to its sync
requests, it willcontinue sending request packets at a fixed interval (set by the
SNTPCLIENT SET TIMEOUT command), up to the number of retries specified in
this command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Sets the number of packet retry attempts
0-10 made when no response is received from a 2
timeserver.

Example --> sntpclient set retries 4

See also SNTPCLIENT SET TIMEOUT

SNTPCLIENT SET SERVER

Syntax SNTPCLIENT SET SERVER {IPADDRESS <ipaddress> | HOSTNAME <hostname>}

Description This command sets the dedicated unicast server with which the SNTP client can
synchronize its time. You can set the server by specifying either the IP address or
the hostname.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The IP address of the dedicated unicast
ipaddress server that SNTP can use to synchronize its N/A
time.
The hostname of the dedicated unicast
hostname server that SNTP can use to synchronize its N/A
time.
272 Chapter 12 – SNTP

Examples IP address
--> sntpclient set server ipaddress 129.6.15.28

hostname
--> sntpclient set server hostname time-a.nist.gov

SNTPCLIENT SET TIMEOUT

Syntax SNTPCLIENT SET TIMEOUT <0-30>

Description This command sets the received packet response timeout value (in seconds) upon
sync request initiation. If a response is not received within the time specified by this
command, the client will resend the request. This cycle will continue until either a
reply is received, or the cycle has been repeated for the number of times specified in
the SNTPCLIENT SET RETRIES command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

Sets the received packet response timeout
0-30 value (in seconds). This can be any value 5 seconds
between 0 and 30.

Example --> sntpclient set timeout 10

See also SNTPCLIENT SET RETRIES

SNTPCLIENT SET TIMEZONE

Syntax SNTPCLIENT SET TIMEZONE <abbreviation>

Description This command sets the local time zone. The timezone is represented by one of the
abbreviations given in a table below. Setting the timeszonecan configure the local
system to be up to + 13 hours different from Universal Time Coordinate (UTC).
64 of the worlds most prominent time zones are represented (including both
standard times and summer/daylight saving times).

Options The following table gives the 64 time zone abbreviations that you can use in this
command.
The table also contains the difference in time (in hours and minutes) from the UTC,
and a description of the area of the world (from west to east) where the time
difference is calculated from:

Abbreviation + UTC World Area of Time Zone

IDLW -1200 International Date Line West
NT -1100 Nome
AT-RG 600 Residential Gateway – Software Reference Manual 273

HST -1000 Hawaii Standard

AKST -0900 Alaska Standard
YST -0900 Yukon Standard
YDT -0800 Yukon Daylight
PST -0800 US Pacific Standard
PDT -0700 US Pacific Daylight
MST -0700 US Mountain Standard
MDT -0600 US Mountain Daylight
CST -0600 US Central Standard
CDT -0500 US Central Daylight
EST -0500 US Eastern Standard
EDT -0400 US Eastern Daylight
AST -0400 Atlantic Standard
NFST -0330 Newfoundland Standard
NFT -0330 Newfoundland
BRA -0300 Brazil Standard
ADT -0300 Atlantic Daylight
NDT -0230 Newfoundland Daylight
AT -0200 Azores
WAT -0100 West Africa
GMT +0000 Greenwich Mean
UTC +0000 Universal (Coordinated)
WET +0000 Western European
CET +0100 Central European
FWT +0100 French Winter
MET +0100 Middle European
MEWT +0100 Middle European Winter
SWT +0100 Swedish Winter
BST +0100 British Summer
EET +0200 Eastern Europe
FST +0200 French Summer
MEST +0200 Middle European Summer
SST +0200 Swedish Summer
IST +0200 Israeli Standard
274 Chapter 12 – SNTP

IDT +0300 Israeli Daylight

BT +0300 Baghdad
IT +0330 Iran
USZ3 +0400 Russian Volga
USZ4 +0500 Russian Ural
INST +0530 Indian Standard
USZ5 +0600 Russian West-Siberian
NST +0630 North Sumatra
WAST +0700 West Australian Standard
USZ6 +0700 Russian Yenisei
JT +0730 Java
CCT +0800 China Coast
WADT +0800 West Australian Daylight
ROK +0900 Korean Standard
KST +0900 Korean Standard
JST +0900 Japan Standard
CAST +0930 Central Australian Standard
KDT +1000 Korean Daylight
EAST +1000 Eastern Australian Standard
GST +1000 Guam Standard
CADT +1030 Central Australian Daylight
EADT +1100 Eastern Australian Daylight
IDLE +1200 International Date Line East
NZST +1200 New Zealand Standard
NZT +1200 New Zealand
NZDT +1300 New Zealand Daylight

Example In the example below, the time zone is set to Unites States Eastern Standard Time,
which is five hours earlier than UTC (-0500):

--> sntpclient set timezone EST

SNTPCLIENT SHOW ASSOCIATION

Syntax SNTPCLIENT SHOW ASSOCIATION

Description This command lists the server being used by the SNTP client and displays whether
or not the client is currently synchronized with this server.
AT-RG 600 Residential Gateway – Software Reference Manual 275

Examples IP address
--> sntpclient show association
Time Reference Server IP address: 129.6.15.28
** Local clock synchronized with this server.

hostname
--> sntpclient show association
Time Reference Server Hostname: time-a.nist.gov
** Local clock synchronized with this server.

See also SNTPCLIENT SET SERVER

SNTP SHOW STATUS

Syntax SNTPCLIENT SHOW STATUS

Description This command displays the SNTP client status information.

Example --> sntpclient show status

Clock Synchronized TRUE

SNTP Standard Version Number: 4
SNTP Mode(s) Configured: Unicast Broadcast
Local Time: Tuesday, 28 Aug, 2001 - 14:39:25
Local Timezone: EDT, Eastern Daylight Time
Time Difference +-VTC: -4:00
Precision: 1/16384 of a second
Root Dispersion: +0.2342 second(s)
Server Reference ID: GPS.
Round Trip Delay: 2 second(s)
Local Clock Offset: -1 second(s)
Resync Poll Interval 15 minute(s)
Packet Retry Timeout: 5 seconds
Packet Retry Attempts: 3

See also SNTPCLIENT SHOW ASSOCIATION

SNTPCLIENT SYNC
Syntax SNTPCLIENT SYNC

Description This command forces the SNTP client to immediately synchronize the local time
with the server located in the association list (if unicast) or, if anycast is enabled,
initiate an anycast sequence.

Example --> sntpclient sync

See also SNTPCLIENT SET SERVER

276 Chapter 13 – PPPoE

Chapter 13

PPPoE

Telecommunications companies offer serial communications links around the globe

right now and have done so for many years. To make TCP/IP work over these serial
links, it was necessary to create a protocol that could transmit TCP/IP packets over
serial lines. The two protocols that do this are:
• SLIP (Serial Line Internet Protocol)
• PPP

PPP is more feature rich and has largely supplanted SLIP.

When serial links that are part of the public telephone system are used, care must be
taken to ensure the authenticity of all communications. To this end PPP incorporates
user name and password security. Thus, a router or server receiving a request via
PPP where the origin of the request is not secure, would require authentication. This
authentication is part of PPP. Because of its ability to route TCP/IP packets over
serial links and its authentication capabilities, PPP is generally used by Internet
Service Providers (ISPs) to allow dial-up users to connect to the Internet.

Figure 13. PPP is used by Internet Service Providers (ISPs) to allow dial-up users
to connect to the Internet.

PPP has now been adapted to Ethernet, and is appropriately called PPP over
Ethernet (PPPoE). Since PPP was designed to do things that were either impossible
or unnecessary with Ethernet, users are often confused as to why one would want to
use PPP over Ethernet at all.
AT-RG 600 Residential Gateway – Software Reference Manual 277

If we were to compare TCP/IP traffic to vehicle traffic, the basic TCP/IP protocol
would be comparable to a network of city streets. Streets can serve many access
points. It is easy to get on to and off the street.
Additional access points can be added with little disruption. It is hard to tell how
many cars are actually using each street. PPP, on the other hand, would be
comparable to a railway. Travel is generally between two well-defined points. You
can't get on and off anywhere. It is relatively easy to count and monitor passengers.
You need a ticket to board.
If this is true, then is not PPPoE like running railway tracks down Main Street? In
fact, yes, it is. That is what tramways do. Without disturbing main street traffic, they
bring the advantages of railways. They offer speedy access between two well-
defined points and allow you to count passengers. And you need a ticket to board.

PPPoE allows ISPs to monitor the volume of traffic that their users generate.

PPP over Ethernet brings this sort of functionality to ISPs that do not use serial links
to connect their users. Serial ISPs already use PPP over modem communications.
DSL providers, on the other hand, use Ethernet, not serial communications. Because
of this, many require the added functionality of PPP over Ethernet, which allows
them to secure communications through the use of user logins and have the ability
to measure the volume of traffic each user generates.

Example of PPPoE connection.

PPPoE support on the AT-RG6xx Residential

Gateway series
In order to use the PPP stack, one IP interface must be added to the PPP stack and
attached to a PPPoE transport.
278 Chapter 13 – PPPoE

Typically PPPoE is the “way” to connect the internal device with the external
world. Each PPPoE instance must have a unique subnet and belong to a unique
VLAN.

Adding and attaching PPPoE connections

PPPoE connections are added and attached using the commands provided in the IP
and PPPoE modules respectively.
IP interfaces use typically the services provided by pppoe transports. PPPoE transport
is an abstraction layer used to classify the format of the PPPoE packets that will be
transferred through the network. The other type of transport explained above in
chapter 5 is ethernet. Packets transmitted through a pppoe connection or Ethernet
connection will have different frame formats even though they convey the same
type of information to the IP layer.
Because the system supports VLANs, the same ethernet port can be shared between
different VLANs. Therefore it's not possible map a pppoe transport directly to a
physical ethernet port.
Instead pppoe transports are mapped to VLANs that from a logical point of view act
as an ethernet port would do in a simple system without VLANs
To attach a pppoe transport to the Residential Gateway the following steps must be
performed:
• Create a VLAN on the wan port using, for example, the command

vlan add v2 vid 2

vlan add v2 port wan frame untagged

• Define the vlan as PPPoE transport using the command:

pppoe add transport v2 4

• Create an IP interface and attach the IP interface to the PPPoE using the following
command:

ip add interface ip2

ip attach ip2 v2

Negotiation of PPPoE connections

A PPPoE connection is a point-to-point connection; the “speakers” are the PPPoE
Client on the RG6xx and the PPPoE Server of the Access Concentrator on the other
end of the connection. The most relevant feature of PPP connections is the Security
provided by the PAP (Password Authentication Protocol) and CHAP (Challenge
Handshake Authentication Protocol) protocols. In fact among the negotiation
parameters there are “User Name” and “Password”, which are unique identifiers
the particular PPPoE Client.
To establish the PPP connection, it's necessary firstly negotiate which authentication
protocol (PAP or CHAP) to be use, and then send the authentication parameters
(User Name and Password) requested by the access service.
AT-RG 600 Residential Gateway – Software Reference Manual 279

To configure the authentication related parameters on a PPPoE instance the

following steps must be performed:

pppoe set transport v2 welogin ( none/auto/chap/pap)

pppoe set transport v2 username abcdef…..
pppoe set transport v2 password abcdef…

After the completion of the authentication phase of the PPP negotiation, the PPPoE
client negotiates with the Server the IP parameters for the connection:
• IP address for client and server ends of the link
• Primary DNS Server IP address
• Secondary DNS Server IP address
280 Chapter 13 – PPPoE

PPPoE Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the PPPoE
module.

PPPoE CLI commands

The table below lists the PPPoE commands provided by the CLI:
Command
PPPOE ADD TRANSPORT
PPPOE CLEAR TRANSPORTS
PPPOE DELETE TRANSPORT
PPPOE LIST TRANSPORTS
PPPOE SET TRANSPORT ACCESSCONCENTRATOR
PPPOE SET TRANSPORT AUTOCONNECT
PPPOE SET TRANSPORT AUTOCONNECT FILTER ADD
PPPOE SET TRANSPORT AUTOCONNECT FILTER DELETE
PPPOE SET TRANSPORT ENABLED/DISABLED
PPPOE SET TRANSPORT GIVEDNS CLIENT
PPPOE SET TRANSPORT GIVEDNS RELAY
PPPOE SET TRANSPORT LCPECHOEVERY
PPPOE SET TRANSPORT LCPMAXCONF
PPPOE SET TRANSPORT LCPMAXFAIL
PPPOE SET TRANSPORT LCPMAXTERM
PPPOE SET TRANSPORT STATIC_IP/DYNAMIC_IP
PPPOE SET TRANSPORT PASSWORD
PPPOE SET TRANSPORT SERVICENAME
PPPOE SET TRANSPORT USERNAME
PPPOE SET TRANSPORT WELOGIN
PPPOE SHOW TRANSPORT

PPPOE ADD TRANSPORT

Syntax PPPOE ADD TRANSPORT <name> <vlanname> [ACCESSCONCENTRATOR
<concentrator>] [SERVICENAME <servicename>]
AT-RG 600 Residential Gateway – Software Reference Manual 281

Description This command creates a PPPoE transport that performs dialout over Ethernet. It
allows you to specify the following parameters for the PPPoE client:
• the vlan used to receive and send packets belonging to the PPP interface
• the internal port that will transport data
• access concentrator (optional
• service name (optional)

Options The following table gives the range of values for each option which can be specified
with this command and a default value for each option (if applicable).

Option Description Default Value

An arbitrary name that identifies the
transport. It can be made up of one or more
name N/A
letters or a combination of letters and digits,
but it cannot start with a digit.
The vlan name used to carry PPPoE packets
vlanname N/A
of the current PPP interface.
The internal system port that used to
port distinguish PPPoE packets. Available N/A
values are from 1 to 8..
A PPPoE tag that identifies a remote access
concentrator (or PPPoE server). PPPoE will
only connect to the named access
concentrator concentrator. If no concentrator tag is set, N/A
PPPoE connects to the first access
concentrator that responds. The tag
name/number is determined by your ISP.
A PPPoE tag that identifies a specific service
that is acceptable to the PPPoE client. If set,
the PPPoE transport will connect to the first
access concentrator it finds that uses this
service. If an access concentrator is also set,
service name N/A
the PPPoE transport will connect to the
specified service on the named
concentrator.
The service name is determined by your
ISP.

Example
--> pppoe add transport pppoe1 default 1

See also PPPOE LIST TRANSPORTS

ETHERNET LIST PORTS
For more information on host unique tags, see http://www.ietf.org/rfc/rfc2516.txt
282 Chapter 13 – PPPoE

PPPOE CLEAR TRANSPORTS

Syntax PPPOE CLEAR TRANSPORTS

Description This command deletes all PPPoE transports that were created using the PPPoE
ADD TRANSPORT command.

Example --> pppoe clear transports

See also PPPOE DELETE TRANSPORT

PPPOE DELETE TRANSPORT

Syntax PPPOE DELETE TRANSPORT {<name>|<number>}

Description This command deletes a single PPPoE transport.

If an IP interface is attached to the pppoe transport, it's necessary detach the IP

interface using the IP DETACH command before removing the pppoe transport.

Options The following table gives the range of values for each option which can be specified
with this command and a default value for each option (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.

Example --> pppoe delete transport pppoe1

See also PPPOE LIST TRANSPORTS

PPPOE LIST TRANSPORTS

Syntax PPPOE LIST TRANSPORTS

Description This command lists PPPoE transports that have been created using the PPPOE ADD
TRANSPORT command. It displays the following information about the transports:
• transport identification number
• transport name
AT-RG 600 Residential Gateway – Software Reference Manual 283

Example --> pppoe list transports

PPPOE transports:

ID | Name | Port
-----|------------|-----------
1 | default | ethernet2
2 | vlan21 | ethernet2
------------------------------

See also PPPOE SHOW TRANSPORT

PPPOE SET TRANSPORT ACCESSCONCENTRATOR

Syntax PPPOE SET TRANSPORT {<name>|<number>} ACCESSCONCENTRATOR
<concentrator>

Description This command specifies the access concentrator that you want PPPoE to connect to.

If an access concentrator has been defined, to remove it, it's necessary remove
the pppoe transport where the access concentrator refers.

You can also specify a service name using the SET TRANSPORT SERVICENAME
command so that PPPoE will only accept a specific service via a specific access
concentrator.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
A PPPoE tag that identifies a remote access
concentrator (or PPPoE server). PPPoE will
only connect to the named access
concentrator concentrator. If no concentrator tag is set, Empty string
PPPoE connects to the first access
concentrator that responds. The tag
name/number is determined by your ISP.

Example --> pppoe set transport pppoe1 accessconcentrator server5

See also PPPOE LIST TRANSPORTS

284 Chapter 13 – PPPoE

PPPOE SET TRANSPORT SERVICENAME

PPPOE SHOW TRANSPORT
For more information on PPPoE and access concentrators, see RFC2516;
http://www.ietf.org/rfc/rfc2516.txt.

PPPOE SET TRANSPORT AUTOCONNECT

Syntax PPPOE SET TRANSPORT {<name>|<number>} AUTOCONNECT
{ENABLED|DISABLED }

Description This command enables/disables the PPPoE autoconnect function.

If enabled, PPPoE automatically opens the link to the access concentrator whenever
the link is down and a user needs to send TCP/IP packets to a public address.

It's possible specify one or more filters to block the autoconnect function when a
UDP or TCP connection is requested to a particular port. See PPPOE SET
TRANSPORT AUTOCONNECT ADD FILTER command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE

name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
ENABLED Enables PPPoE autoconnect.
disable
DISABLED Disables PPPoE autoconnect.

Example --> pppoe set transport pppoe1 autoconnect enable

See also PPPOE SET TRANSPORT AUTOCONNECT FILTER

PPPOE SET TRANSPORT AUTOCONNECT FILTER

ADD
Syntax PPPOE SET TRANSPORT {<NAME>|<NUMBER>} AUTOCONNECT FILTER ADD
{TCPPORT <TCPPORT>|UDPPORT <UDPPORT> }

Description This command disables the PPPoE autoconnect function when a TCP/UDP session
is requested for a specific address port.
AT-RG 600 Residential Gateway – Software Reference Manual 285

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
The destination port related to the TCP
tcpport N/A
section that must be blocked.
The destination port related to the UDP
udpport N/A
section that must be blocked.

Example --> pppoe set transport pppoe1 autoconnect filter add tcpport
23

See also PPPOE SET TRANSPORT AUTOCONNECT

PPPOE SET TRANSPORT AUTOCONNECT FILTER

DELETE
Syntax PPPOE SET TRANSPORT {<NAME>|<NUMBER>} AUTOCONNECT FILTER
DELETE {TCPPORT <TCPPORT>|UDPPORT <UDPPORT> }

Description This command removes a PPPoE filter previously added with the command PPPOE
SET TRANSPORT AUTOCONNECT FILTER ADD.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
The destination port related to the TCP
tcpport N/A
section that must be blocked.
The destination port related to the UDP
udpport N/A
section that must be blocked.
286 Chapter 13 – PPPoE

Example --> pppoe set transport pppoe1 autoconnect filter delete

tcpport 23

See also PPPOE SET TRANSPORT AUTOCONNECT

PPPOE SET TRANSPORT ENABLED/DISABLED

Syntax PPPOE SET TRANSPORT {<name>|<number>} {ENABLED|DISABLED}

Description This command explicitly enables/disables a PPPoE transport. Attaching a transport

to an interface implicitly enables it, but for cases where no attach is performed (for
example, multiple channels on an interface, a PPP session that is not attached but
needed for testing purposes) the transport must be enabled explicitly.

Options The following table gives the range of values for each option which can be specified
with this command and a default value for each option (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE

name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
ENABLED Enables a PPPoE transport.
disable
DISABLED Disables a PPPoE transport.

Example --> pppoe set transport pppoe1 enabled

See also PPPOE LIST TRANSPORTS

PPPOE SET TRANSPORT GIVEDNS CLIENT

Syntax PPPOE SET TRANSPORT {<name>|<number>} GIVEDNS CLIENT {ENABLED |
DISABLED}

Description This command controls whether the PPP Internet Protocol Control Protocol (IPCP)
can request a DNS server IP address for a remote PPP peer. Once IPCP has
discovered the DNS server IP address, it gives the address to the local DNS client so
that it can be used for DNS lookups initiated from the Residential Gateway itself.
You must have the DNS client process included in your image build in order to use
this feature.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 287

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
IPCP can request a DNS server IP address
ENABLED
and then give the address to DNS client.
enabled
A DNS server IP address learnt by IPCP
DISABLED
will not be passed to the DNS client.

Example --> pppoe set transport pppoe1 givedns client enabled

See also PPPOE SET TRANSPORT GIVEDNS RELAY ENABLED|DISABLED

PPPOE SET TRANSPORT REMOTEDNS
PPPOE SET TRANSPORT DISCOVERDNS PRIMARY
PPPOE SET TRANSPORT DISCOVERDNS SECONDARY
For more information on DNS client, see ATMOS DNS Client Functional
Specification: DO-008322-PS.
For information on DNS implementation and specification, see
http://www.ietf.org/rfc/rfc1035.txt.

PPPOE SET TRANSPORT GIVEDNS RELAY

Syntax PPPOE SET TRANSPORT {<name>|<number>} GIVEDNS RELAY {ENABLED |
DISABLED}

Description This command controls whether the PPP Internet Protocol Control Protocol (IPCP)
can request the DNS server IP address for a remote PPP peer. Once IPCP has
discovered the DNS server IP address, it gives the address to the local DNS relay so
it can be used for relayed DNS lookups.
You must have the DNS relay process included in your image build in order to use
this feature.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE

name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
number A number that identifies an existing PPPoE N/A
288 Chapter 13 – PPPoE

transport. To display transport numbers,

use the PPPOE LIST TRANSPORTS
command.
IPCP can request a DNS server IP address
ENABLED
and then give the address to DNS relay.
enabled
A DNS server IP address learnt by IPCP
DISABLED
will not be passed to the DNS relay.

Example --> PPPOE SET TRANSPORT PPPOE1 GIVEDNS RELAY ENABLED

See also PPPOE SET TRANSPORT GIVEDNS CLIENT ENABLED|DISABLED

PPPOE SET TRANSPORT REMOTEDNS
PPPOE SET TRANSPORT DISCOVERDNS PRIMARY
PPPOE SET TRANSPORT DISCOVERDNS SECONDARY

DNS RELAY CLI COMMANDS

For information on DNS implementation and specification, see
http://www.ietf.org/rfc/rfc1035.txt.

PPPOE SET TRANSPORT LCPECHOEVERY

Syntax PPPOE SET TRANSPORT {<name>|<number>} LCPECHOEVERY <interval>

Description This command tells a specified PPP transport to send an LCP (Link Control
Protocol) echo request frame at specified intervals (in seconds). If no reply is
received, the PPP connection is turned down. This functionality is also known as
`keep-alive'.
If you do not want to send LCP echo frames, specify zero (0) in the <interval>
attribute.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
The length of time (in seconds) between
LCP echo request frames being sent. If you
interval 10 seconds
do not want echo request frames to be sent,
specify `0' as the interval.

Example --> pppoe set transport pppoe2 lcpechoevery 0

AT-RG 600 Residential Gateway – Software Reference Manual 289

See also PPPOE SHOW TRANSPORT

PPPOE LIST TRANSPORTS

PPPOE SET TRANSPORT LCPMAXCONF

Syntax PPPOE SET TRANSPORT {<name>|<number>} LCPMAXCONF <lcp max configure>

Description This command sets the maximum number of Link Control Protocol (LCP)
configure requests that will be sent by an existing PPPoE transport before it decides
that the PPP peer is not responding. Upon having decided that the peer is not
responding, the transport changes from the REQ SENT state back to the STARTING
state; ie it stops trying to negotiate the link.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
Link Control Protocol; the maximum
number of configures that can be
lcp max
transmitted without reply before assuming 10
configure
that the PPP peer is unable to respond. The
LCPmaxconf can be any positive value.

Example --> pppoe set transport pppoe1 lcpmaxconf 20

See also PPPOE SHOW TRANSPORT

PPPOE LIST TRANSPORTS

PPPOE SET TRANSPORT LCPMAXFAIL

Syntax PPPOE SET TRANSPORT {<name>|<number>} LCPMAXFAIL <lcp max fail>

Description This command sets the Link Control Protocol (LCP) maximum fail number.This is
the number of configure-nak packets sent without receiving a valid configure ack
before assuming the configuration is not converging.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
290 Chapter 13 – PPPoE

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
The maximum number of consecutive LCP
negative acknowledgements (indicating
that the information received contains
lcp max fail errors) that can be transmitted before 5
assuming that parameter negotiation is not
converging. The LCPmaxfail can be any
positive value.

Example --> pppoe set transport pppoe1 lcpmaxfail 20

See also PPPOE SHOW TRANSPORT

PPPOE LIST TRANSPORTS

PPPOE SET TRANSPORT LCPMAXTERM

Syntax PPOE SET TRANSPORT {<name>|<number>} LCPMAXTERM <lcp max terminate>

Description This command sets the Link Control Protocol (LCP) maximum terminate number
for an existing PPPoE transport. When the transport has sent this number of
consecutive LCP terminate requests without receiving a reply, it will assume that
the PPP peer is unable to reply, and will simply terminate the link.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
The maximum number of consecutive LCP
Terminate Requests that will be sent
lcp max term without reply before assuming that the 2
destination address is unable to respond.
The LCPfailterm can be any positive value.
AT-RG 600 Residential Gateway – Software Reference Manual 291

Example --> pppoe set transport pppoe1 lcpmaxterm 20

See also PPPOE SHOW TRANSPORT

PPPOE LIST TRANSPORTS

PPPOE SET TRANSPORT STATIC_IP/DYNAMIC_IP

Syntax PPPOE SET TRANSPORT {<name>|<number>} {STATIC_IP <ip-address> |
DYNAMIC_IP}

Description This command tells the PPP process the local IP address to be used on this PPP
interface or sets the PPP interface to get the IP address dynamically.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
Name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
Number N/A
use the PPPOE LIST TRANSPORTS
command.
The IP address of the local `client-end' of
ip-address the PPP link, displayed in the IPv4 format: 0.0.0.0
111.222.254.4

Example --> pppoe set transport pppoe1 static_ip 192.168.103.2

See also PPPOE SHOW TRANSPORT

PPPOE LIST TRANSPORTS
PPPOE SET TRANSPORT REMOTEIP

PPPOE SET TRANSPORT PASSWORD

Syntax PPPOE SET TRANSPORT {<name>|<number>} PASSWORD <password>

Description This command sets an authentication password on a named transport. The

password is required when PPP negotiation takes place and is supplied to the
remote PPP server for authentication.

To configure correctly an authenticated pppoe connection it's necessary send

also the PPPOE SET TRANSPORT WELOGIN command and set the
292 Chapter 13 – PPPoE

authentication username using the PPPOE SET TRANSPORT USERNAME

command..

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
Name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
An arbitrary word that acts as a password
enabling you to be authenticated by the
remote end of the link. The password will
be required by the PPP server and is passed
password to the server using either the PAP or CHAP N/A
protocol. It can be made up of one or more
characters and/or digits. To display the
password, use the PPPOE SHOW
TRANSPORT command.

Example --> pppoe set transport pppoe2 password mercury

See also PPPOE LIST TRANSPORTS

PPPOE SHOW TRANSPORT
PPPOE SET TRANSPORT USERNAME

PPPOE SET TRANSPORT SERVICENAME

Syntax PPPOE SET TRANSPORT {<name>|<number>} SERVICENAME <servicename>

Description This command specifies the service name that is acceptable to the PPPoE client.

To remove a previously set servicename, it's necessary remove the pppoe

transport where the servicename was added.

You can also set the access concentrator using the SET TRANSPORT
ACCESSCONCENTRATOR command so that PPPoE will only accept a specific
service via a specific access concentrator.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 293

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
A PPPoE tag that identifies a specific service
that is acceptable to the PPPoE client. If set,
the PPPoE transport will connect to the first
access concentrator it finds that uses this
service name service. If an access concentrator is also set, Empty string
the PPPoE transport will connect to the
specified service on the named
concentrator. The service name is
determined by your ISP.

Example --> pppoe set transport pppoe1 servicename jupiter

See also PPPOE LIST TRANSPORTS

PPPOE SET TRANSPORT ACCESSCONCENTRATOR
PPPOE SHOW TRANSPORT
For more information on PPPoE and service names, see RFC2516;
http://www.ietf.org/rfc/rfc2516.txt.

PPPOE SET TRANSPORT USERNAME

Syntax PPPOE SET TRANSPORT {<name>|<number>} USERNAME <username>

Description This command sets a (dialout) username on a named transport. The username is
required when PPP negotiation takes place and is supplied to the remote PPP server
for authentication. To apply a positive authentication you must use not only this
command but moreover you also must use PPPOE SET TRANSPORT PASSWORD
and PPPOE SET TRANSPORT WELOGIN.

To configure correctly an authenticated pppoe connection it's necessary send

also the PPPOE SET TRANSPORT WELOGIN command and set the
authentication password using the PPPOE SET TRANSPORT PASSWORD
command..

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

294 Chapter 13 – PPPoE

A name that identifies an existing PPPoE

name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
A name that identifies a user. Together
with the password, this enables the PPP
client to be authenticated by the remote
end. The username will be required by the
username PPP server and will be passed to the server N/A
using the PAP or CHAP protocol. It can be
made up of one or more characters and/or
digits. To display the username, use the
PPPOE SHOW TRANSPORT command.

Example --> pppoe set transport pppoe2 username jsmith

See also PPPOE SET TRANSPORT PASSWORD

PPPOE SET TRANSPORT WELOGIN

Syntax PPPOE SET TRANSPORT {<name>|<number>} WELOGIN {NONE|AUTO|PAP|CHAP}

Description This command sets the authentication protocol used to connect to external PPP
servers (dialout).

To configure correctly an authenticated pppoe connection it's necessary set also

the login username using the PPPOE SET TRANSPORT USERNAME command
and set the authentication password using the PPPOE SET TRANSPORT
PASSWORD command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command.
AT-RG 600 Residential Gateway – Software Reference Manual 295

NONE No authentication method is used.

The authentication protocol used by the
AUTO
remote PPP server is discovered and used.
Password Authentication Protocol; the
server sends an authentication request to
PAP the remote user dialling in. PAP passes the
None
unencrypted username and password to be
verified by the server.
Challenge Handshake Authentication
Protocol; the server sends an authentication
CHAP request to the remote user dialling in.
CHAP passes the encrypted username and
password to be verified by the server.

Example --> pppoe set transport pppoe2 welogin pap

See also PPPOE SET TRANSPORT THEYLOGIN

PPPOE SHOW TRANSPORT
PPPOE LIST TRANSPORTS

PPPOE SHOW TRANSPORT

Syntax PPPOE SHOW TRANSPORT {<name>|<number>}

Description This command displays the following information about an existing PPPoE
transport:

• Description
• Interface number
• Server - dialin status
• Headers - the data format that the transport can accept or receive
• SVC status (false)

• Local IP address
• Subnet mask
• Remote IP address
• Remote DNS
• Propagate DNS to client (true or false)
• Propagate DNS to relay (true or false)

• Create route (true or false)

• Specific route (true or false)
• Route netmask
296 Chapter 13 – PPPoE

• Dialout Username
• Dialout Password
• Dialout Authentication method
• Dialin Authentication method

• LCP Max Configure

• LCP Max Failure
• LCP Max Terminate
• LCP Echo Period

• Autoconnect status (true or false)

• User Idle Timeout setting (in minutes)

• Access concentrator
• Service name

• Port name

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing PPPoE
Name transport. To display transport names, use N/A
the PPPOE LIST TRANSPORTS command.
A number that identifies an existing PPPoE
transport. To display transport numbers,
number N/A
use the PPPOE LIST TRANSPORTS
command

Example --> pppoe show transport pppoe2

PPP Transport: pppoe2

Description: pppoe2
Interface ID: 1 Server: false
Headers: learn SVC: false
Local IP: 0.0.0.0
Subnet mask: 0.0.0.0
Remote IP: 0.0.0.0
Remote DNS: 0.0.0.0
Propogate DNS to client: true To relay: true

Create route: true

Specific route: false
Route netmask: 0.0.0.0
AT-RG 600 Residential Gateway – Software Reference Manual 297

Dialout username:
Dialout password:
Dialout auth.: none
Dialin auth.: none

LCP Max. Conf.: 10

LCP Max. Failure: 5
LCP Max Terminate: 2
LCP Echo Every: 10

Autoconnect: true
User Idle Timeout: 30

Access Conc.:
Service name: y

See also PPPOE LIST TRANSPORTS

298 Chapter 14 – VoIP Analogue and Digital Access Ports

Chapter 14

VoIP Analogue and Digital access ports

Introduction
This chapter describes the telephony services available on the Residential Gateway
and the support for analog voice ports (FXS) and digital ISDN interfaces (Basic
Rate).
The AT-RG613TX(J) supports two FXS ports to connect up to 2 standard DTMF
analogue telephones. A further PSTN port (AT-RG613TXJ model only) is available
to connect the Residential Gateway to a Central Office or to an analog PBX.
The PSTN port (also named FXO port) allows a VoIP end-point to reach an external
phone connected to the PSTN network. In the opposite direction, the FXO port
allows an incoming PSTN call to reach a VoIP end-point.
The same FXO port acts like lifeline when the unit is powered off (or when no local
user is registered to a SIP server or Gatekeeper), connecting the local phones to the
PSTN operator.
The AT-RG623TX supports two ISDN Basic Rate ports to connect up to 8 ISDN
terminals to the residential gateway. In this case the two ports use the same S/T bus
and ISDN terminals can use one port or the other one independently. Up to 2
simultaneous calls can be made on the S/T bus (the limitation is due to the Basic
Rate service that support only two bearer channels of 64Kbps each).
The access port module controls both analog and digital ports:
• on FXS models it detects hardware events like off-hook and DTMF key press and
controls hardware functions like tone generation and ringing.
• on the ISDN models it implements the ISDN protocol conforming to Euro ISDN
standards (ETSI).
The access port module also performs the voiceband processing required to
interface analog or PCM voice, fax with data networks incorporating packet-based
protocols such as Internet protocol (IP).
This system incorporates a voiceband processor (VoIP DSP) that operates in
conjunction with analog interface circuitry and with the unit main processor (CPU).
AT-RG 600 Residential Gateway – Software Reference Manual 299

The unit main processor implements packet network protocol stacks and system
control, while the voice-band processor primarily performs mathematically
intensive DSP algorithms.
The following are the features available on the Voice system:

Voice Encoding/Decoding
• G.711 A-/µ-law 64 Kbps PCM Speech CODEC
• G.729A/B CS-ACELP Speech CODEC with VAD
• G.726-16Kbps, G.726-24Kbps, G.726-32Kbps and G.726-40Kbps
• T.38 support for transmission of T.30 fax signals into T.30 Intenet Fax Protocol
(IFP) packets.

Voice Quality Management

• Jitter Buffer Management
• Fixed Gain Control configurable independently on TX and RX transmission
• G.168 Line Echo Cancellation (programmable 8 ms – 32 ms tail length)
• Voice Activity Detection (VAD)
• Comfort Noise Generation (CNG)

Telecom Tones Management

• Tone Generation
• DTMF Detection

Analog Ports
On the AT-RG613TX model two FXS ports are provided.
On the AT-RG613TXJ model two FXS ports are provided plus one FXO port.
Connection from the unit to standard DTMF analogue telephones is made via two
RJ11 8-pin connectors.
The analog front-end circuit is designed to support 5REN (Ring Equivalent
Number) load on each FXS port.
An additional RJ11 connector is available as pass-through PSTN port when the unit
is not powered. In this case an internal relay connects the first FXS port to the PSTN
port, allowing the user to make external calls to a Central Office or to analog PBX.
Analog ports are able to reproduce telecom tones similar to the tones provided from
a regional central office or local exchange, simply by selecting the desired country
via the VOIP EP SET COUNTRY command.

Digital Ports
The AT-RG623TX supports two ISDN Basic Rate (BRI) ports.
300 Chapter 14 – VoIP Analogue and Digital Access Ports

A block diagram of a typical Basic Rate Access circuit is shown in Figure 14.

Analogue
Phone/FAX

TA

S/T BUS U BUS ISDN ISDN Switched ISDN

NT1 switch Nework switch
(LT) (LT)

Digital Digital
Phone/FAX Phone/FAX

Figure 14. ISDN Basic Access.

The S/T loop may be shared by a number of TEIs and TAs communicating with a
single Network Termination (NT). The U loop may be several kilometres in length and
runs between the NT and the Line Termination (LT) on the ISDN service provider's
premises. The letters S, T and U refer to reference points in the ITU-T
Recommendations defining ISDN.
With respect to a standard ISDN Basic Rate Access, the AT-RG623TX is designed to
operate like an NT (LT-S) termination offering access to a VoIP network instead of
an ISDN network.
The Basic Rate access available on the AT-RG623TX consists of 2 data channels
(called B1 and B2) of 64Kbps each; plus one signaling channel (called the D channel)
of 16Kbps. This allows two simultaneous calls (outgoing or/and incoming) to be in
operation at the same time.

ISDN BRI Physical Layer

Connection from the S/T loop to a TE is made via two RJ45 8-pin connectors. From
the system point of view they are one logical port and access a resource named
isdn0.The four centre pins on the connector are used for the transmit and receive
pairs.
Power may be transferred from the NT to TEs (or vice-versa) over the signal wires
or one of the outer pairs.
The S/T loop portion of the circuit support up to 8 ISDN terminals according to a
point-to-multipoint bus topology over a strictly limited distance and is intended for
operation within the customer premises. The S/T bus can be up to 100 meters long
using 100 ohm UTP cable (only a short passive S bus). In this case there are no
strong constraints between the minimum distance between TEs , but 10 meters
between TEs is the suggested separation.
The S/T bus must be terminated with a 100 ohm resistive load at both ends. One 100
ohm termination is already installed inside the AT-RG623TX unit. The other 100
ohm termination must be installed during network configuration.
AT-RG 600 Residential Gateway – Software Reference Manual 301

See ETS 300 012-1 Annex A - A.2.1 Point-to-multipoint - A.2.1.1 Short passive bus for
more technical details..

ISDN Layer 2 - LAPD

LAPD is the Link Access Protocol for the ISDN D channel, as defined by ITU-T
Recommendation Q.921.
It is a layer 2, or data link layer, protocol which is used for communication between
ISDN Terminal Equipment and Network Equipment (e.g. the AT-RG623). LAPD is
responsible for providing addressing, flow control, and error detection for higher
layer users of the ISDN D channel. A single D channel is able to support multiple
layer 3 entities. LAPD is not used on the ISDN B channels.
In normal operation the LAPD module will not require any configuring since the
default configuration will allow it to function fully. The default for BRI interfaces is
to operate with automatic TEI (Terminal Endpoint Identifier) assignment.

ISDN Layer 3 - Call Control

ISDN layer 3 is responsible for maintaining and controlling ISDN calls.
The call control module uses ITU-T Recommendation Q.931 to set up and tear down
ISDN calls.

Common
Port creation and configuration (if necessary) are part of the VoIP system
configuration steps required in order to receive or make calls, as illustrated in Figure
15.

Default Configuration

Signalling Protocol
Config. (SIP/H323)

Access Port Creation

Forwarding Database Users Creation

Access Port Config.

Users Binding

Incoming/
Outgoing Calls

Figure 15. VoIP subsystem configuration - basic steps.

By default, analog or digital access ports are not configured in the system when the
unit starts from a factory default configuration.
302 Chapter 14 – VoIP Analogue and Digital Access Ports

If a port is not defined, no users can be added to the port and therefore no incoming
calls can be received and no outgoing calls can be made.
On the AT-RG623, attempting to make an outgoing call through an undefined
digital port will result in a DISCONNECT message from the unit. A busy tone may
be reproduced locally on the ISDN telephone depending on phone model (typically
the busy tone is generated for few seconds and then the user is invited to replace the
handset).
On the AT-RG613, attempting to make a call through an undefined analogue port
will result in absence of any tone provided by the unit.
To create a port, use the command VOIP EP CREATE and to enable a port use the
command VOIP EP ENABLE.
Each access port has a unique identifier used during the VOIP EP CREATE
command. Depending on the model, the following ports and port identifiers can be
used:

Model VoIP port type VoIP port identifier

AT-RG613TX al-fxs-del tel1, tel2
al-fxs-del tel1, tel2
AT-RG613TXJ
al-fxo-del tel3
AT-RG623TX dl-bri-lt-s tel

To disable a port use the VOIP EP DISABLE command.

Port configuration
Port configuration is managed through the VOIP EP SET command.
It is used to configure the following subsections:
• Digit Map/Dial Mask
• Voice Coder/Decoder
• Voice Quality Management
• Telecom Tones Management

Digit Map
The Digit Map is a rule used by the access port to understand when dialing is is to
be considered completed and the dialed number is ready to be processed by the call
control layer. It works for outgoing calls (in the direction from user to VoIP
network).
A digit map is defined either by a (case insensitive) "string" or by a list of strings.
Each string in the list is an alternative numbering scheme, specified either as a set of
digits or timers, or as an expression over which the port will attempt to find a
shortest possible match. The following constructs can be used in each digit map:
DTMF: A digit from '0' to '9' or one of the symbols "A", "B", "C", "D", "#", or "*".
AT-RG 600 Residential Gateway – Software Reference Manual 303

Timer: The symbol 'T' matching the timer expiry. The symbol 'T' at the end of Digit
Map indicates that if user has not dialed a digit for a time longer than the value of
the inter-digit time, the dialed number shall be considered complete. If the symbol T
appearsi in the middle of digit map expression is not considered and skipped
during expression evaluation.
Wildcard: The symbol "x", which matches any digit ("0" to "9").
Range: One or more DTMF symbols enclosed between square brackets ("[" and "]").
Subrange: Two digits separated by a hyphen ("-") which matches any digit
between and including the two. The subrange construct can only be used inside a
range construct, i.e., between "[" and "]".
Position: A period ("."), which matches an arbitrary number, including zero,
of occurrences of the preceding construct.
Also, note that the whole Digit Map shall not exceed 128 characters.

Let’s consider an example where the user in an office wants to call a co-worker’s 3-
digit extension. The Digit Map is defined in such a way that after the user has
entered 3 digits, the called number is processed.
The command to set the Digit Map could look as follows:

voip ep analogue set prt0 digitmap xxx

This Digit Map specifies that after the user has entered any three digits, the call is
placed. It's possible to refine this Digit Map by including a range of digits. For
example, if all extensions in the user company begin with 2, 3, or 4, the
corresponding Digit Map command could look as:

voip ep analogue set prt0 digitmap [2-4]xx

If the number dialed begins with anything other than 2, 3, or 4, the call is rejected
and a busy tone is generated. Another way to achieve the same result would be:

voip ep analogue set prt0 digitmap [234]xx

It is possible to combine two or more expressions in the same Digit Map by using
the “|” operator, which is equivalent to OR. The left-most expression has
precedence over the other expressions

Let’s consider the case of a choice: the Digit Map must check if the number is
internal (an extension), or external (a local call). Assuming that dialling “9” makes
an external call, the Digit Map could be defined with the command:

voip ep analogue set prt0 digitmap ([2-4]xx|9[2-9]xxxxxx)

In this case the Digit Map checks if the number begins with 2, 3, or 4 and the
number has 3 digits
If not, it checks if the number begins with 9 and the second digit is any digit
between 2 and 9 and the number has 7 digits
It may sometimes be required that users dial the “#” or “*” to make calls.
This can be easily incorporated in a Digit Map with the command:
304 Chapter 14 – VoIP Analogue and Digital Access Ports

voip ep analogue set prt0 digitmap xxxxxxx#|xxxxxxx*

The “#” or “*” character could indicate users must dial the “#” or “*” character at the
end of their number to indicate it is complete.
When processing the outgoing call the call control layer removes any '#'', '*' and 'T'
symbols from the dialed number.

Dial Mask
The Dial Mask specifies the number of digits that must be removed from the dialed
number before checking the dialed number against the Digit Map.
When a user digits the called party number, the number of digits specified by the
dial mask parameter are removed from the selection This feature is available both
on AT-RG613TX and AT-RG623TX models.
On AT-RG613TXJ model, dial mask acts both on fxs ports and on the fxo port.
On the fxo port dial mask works only far calls in the direction PSTN to VoIP thus
only on incoming calls on fxo port.

Voice Coder/Decoder
The Voice system makes use of a specific DSP with an embedded sigma-delta
Coder/Decoder to process voice and data from/to access ports.
Different codec types are available in order to satisfy the requirements of different
environments.
It's possible to specify more than one codec type for each port using the command
VOIP EP SET CODECS.
The codec specified at the leftdmost ens of the codec list has precedence over the
other codecs.
The signaling protocol (SIP or H323) will negotiate the active codec based on the
capabilities supported by the other peer involved in the VoIP connection.
In the case of local calls, codec negotiation is performed locally by the call control
layer.
The following codecs are available on the AT-RG613, AT-RG623 and AT-RG656
units:
• g711a (G.711 A law)
• g711u (G.711 µ law)
• g729 (G.729)
• g726-16 (G.726 16kbps)
• g726-24 (G.726 24kbps)
• g726-32 (G.726 32kbps)
• g726-40 (G.726 40kbps)
• T.38
AT-RG 600 Residential Gateway – Software Reference Manual 305

A brief description of each codec is provided below, with some notes about quality
and performance.

G.711 μ/A-law 64 Kbps PCM Speech codec

The G.711 codec is specified by ITU-T and consists of two similar non-uniform pulse
code modulation (PCM) schemes called µ.law and A-law. A-law is commonly used
in Europe and µ-law is commonly used in North America and Japan.
Α-law and µ-law are waveform codecs, which logarithmically quantise each input
sample. Fine quantisation steps are used for the low level amplitudes, which occur
more frequently in speech signals. Much coarser quantisation steps are used for
large amplitude signals.
The digitised, linear PCM input signals (13 and 14 bits respectively) sampled at an 8
KHz sampling rate are converted into an 8-bit compressed floating-point PCM
representation for a total bit rate equal to 64Kbps
The G.711 codec is very simple, has very low delay, and results in high quality
speech known as "toll" quality. G.711 requires trivial processor resources but its high
bit rate generally precludes its use in systems where bandwidth or storage space is a
concern.

G.729 A/B CS-ACELP Speech codec

The G.729 codec is specified by ITU-T and consists of a Conjugate Structure
Algebraic CELP (CS-ACELP) analysis-by-synthesis algorithm that results in a
compressed bit rate of 8 kbps.
The algorithmic delay (block processing size) is 10 ms (80 samples), but the G.729
algorithm also incorporates a 5 ms look-ahead resulting in a 15 ms delay for the
encoder. The complexity is high. It results in good speech quality, with a MOS value
of 4.0.
There is a lower complexity version of the original G.729 described in G.729 Annex
A.
G.729 Annex A is interoperable with G.729, however it requires less than half the
processing requirements in terms of MIPS. The speech quality for G.729A is very
close to that of G.729 except it performs slightly worse in environments with
background noise and in the presence of bit errors. The MOS for G.729A is 3.9.
G.729 Annex B describes a voice activity detection/comfort noise generation
algorithm that can be operated in conjunction with either of the speech coders to
further reduce the bit rate during periods of silence.

G.726 ADPCM Speech codec

The G.726 codec is specified by ITU-T and is an adaptative differential pulse code
modulation (ADPCM) speech-coding algorithm capable to operate at 16kbps,
24kbps, 32 kbps and 40kbps.
For 32 kbps operation, each input voice sample is converted into a 4-bit quantized
difference signal resulting in a compression ratio (respect to a reference G711 codec)
of 2:1. For the 24kbps and 40kbps operation the quantized difference signal is 3 bits
306 Chapter 14 – VoIP Analogue and Digital Access Ports

and 5 bits, respectively. At 32kbps ADPCM has a low delay and is considered "toll-
quality", i.e. virtually indistinguishable from A-law and u-law for a single encoding.
At lower bit rates, especially below 24kbps, speech quality is dramatically reduced.

T.38 support
AT-RG613, AT-RG623 and AT-RG656 are designed to support the transmission of
T.30 fax signals using T.38 Internet Fax Protocol (IFP) packets.
Even if T.38 is reported under the codec supported list in AT-RG600 family, T.38 is
not properly a codec but is a technical solution to map FAX signals into a dedicated
IP protocol that overrides the limitations (e.g. signal distortion) that are present
when faxes are sent using codec designed for speech applications.
When T.38 support is enabled and a fax must be sent or received, the Residential
Gateway tries firstly to negotiate T.38 support with the called or calling end-point
respectively. If this fails, automatically the Residential Gateway switches to a non
compressed codec like G711u or G711a.

Voice Quality Management

To increase the voice/data quality additional parameters can be set on the voice
system DSP.
The following settings are available on both the AT-RG613, AT-RG623 and AT-
RG656 models. A brief description of each setting is provided below:

Jitter Buffer
Voice-over-packet systems require a “jitter” buffer to compensate for delay variation
due to packet queuing, network congestion, or other network phenomena.
This delay results when a complete voice packet ready for transmission cannot be
immediately transmitted. This may be because packets from other equal priority
voice channels are also ready to be transmitted or because a lower priority data
packet has started transmission and must be allowed to complete.
This delay is dependent on a number of factors including the minimum size data
packet, the number of other voice channels, which could simultaneously produce a
packet, and the willingness to reduce network packet efficiency by transmitting a
partially filled packet.
The jitter buffer is designed to prevent data starvation on the packet-receiving end,
and may dynamically adjust its buffer depth depending on network performance
characteristics.
The voice DSP make use of one shared output buffer in the encode direction. The
system is designed to zeroing the process latency for ports using the same codec
algorithm.
In the case that access ports are not using the same codec, this optimization is less
effective and some channel data could suffer a variable delay (jitter).
AT-RG 600 Residential Gateway – Software Reference Manual 307

On the decoding path (from VoIP network to access port), voice/data packets are
managed in separate jitter buffers (one for each access port) to compensate
efficiently for jitter injected by the network.
The command VOIP EP SET JITTERDELAY is used to specify the jitter delay. The
delay parameter represents the delay in milliseconds that the jitter buffer waits
before it transmits the data samples that are collected from the VoIP network.

Volume Gain Control

To adjust volume gain appropriate to the operational environment, it's possible to
set the gain on the Tx direction (from phone/user to AT-RG600/VoIP network)
separately from that in the Rx direction (from AT-RG600/VoIP network to
phone/user) to values between –48dB and +24dB.
Gain control can be set separately on each access port on AT-RG613TX(J)
modelswhile on AT-RG623 model it acts simultanously on both B1 and B2 channels.

G.168 Line Echo Cancellation (8 ms – 32 ms tail length)

International Telecommunications Union, Telecommunications sector (ITU-T) G.168
specifies the requirements for line echo cancellers.
A line echo canceller is an adaptive FIR filter, which operates upon frames of
digitised data, and is typically used in telephony applications to cancel the electrical
echo caused by 2-to-4 wire conversion hybrids. In this case an impedance mismatch
in this device will almost always result in some “talker echo”, which is a reflection
of the received analog signal back to the far-end talker on the transmission path.
The longer the delay through the system, the less the echo amplitude that can be
tolerated before being annoying to the talker. Thus, since virtually all VoIP systems
add delay to the system, line echo cancellation is almost always required.
Acceptable values for Line Echo Cancellation are 8, 16 and 32 msec.
A value of 0 for Line Echo Cancellation results is turning off the Line Echo
Cancellation feature.

Voice Activity Detection (VAD) / Comfort Noise

Generation (CNG)
Voice activity detection / comfort noise generation (VAD/CNG) are two algorithms
designed to reduce bit rates beyond the nominal values defined by the selected
codec when no speech is present.
Silence detection algorithms simply replace periods when speech is not detected
with silence, allowing the output to mute. This solution has the advantage of greatly
reducing the average bit-rate, but many listeners find it disconcerting when the
background noise is completely muted during periods when they are talking.
Therefore during periods of non-speech, it is generally preferable to produce some
amount of “comfort noise” (CNG) which sounds similar to the speaker’s
background noise.
VAD/CNG features are embedded in codec G.729 algorithms, while they are
separate proprietary algorithms when used in conjunction with the G.711 codec.
308 Chapter 14 – VoIP Analogue and Digital Access Ports

Telecom Tones Management

On analog access models (AT-RG213) the called party number is provided to the
unit through DTMF dialed digits.
On digital access models (AT-RG623) the called party number is provided to the
Residential Gateway using EnBlock mode or Multi Frame mode.
Using the EnBlock Mode, the called party number is provided to the Residential
Gateway in the Q.931 SETUP message during the call establishment phase.
Using the Multi Frame Mode, the called party number is provided to the Residential
Gateway both in the Q.931 SETUP message and in one or more INFO messages
during the call establishment phase.

DTMF Relay
DTMF Relay is a protocol dependent solution used to transfer DTMF tones when in
a call a low compressed codec is used. In this case, if tone is managed similarly to
voice, the tone may be distorted during compression and decompression phase and
therefore a specific application must be used to support DTMF transfer.
• DTMF Relay under SIP protocol
To prevent tone distortion, during call establishment, the endpoints negotiate a
specific RTP packet payload (Named Telephone Event) used only to tranfer DTMF
tones as specified in RFC 2833 (section 3).
When the Residential Gateway attempts to establish a call, it adds to the capabilities
list the RTP packet Named Telephone Event only if a compressed codec (g726 or
g729ab) has been configured for the Voice access port involved in the call.
- Then if the call is established using an uncompressed codec (i.e. g711u or
g711a), the Residential Gateway will send DTMF tone in-band (independently
if the called endpint supports or not RTP packet Named Telephone Event) on
the same path used for voice.
- If the call is established using a compressed codec, the Residential Gateway will
send DTMF tones using RTP packet Named Telephone Event only if the called
end-point supports it, otherwise it switches to the same path used for voice
(accepting DTMF distorsion).
When the Residential Gateway is going to accept a call, it adds to the capabilities list
the RTP packet Named Telephone Event only if a compressed codec (g726 or
g729ab) has been configured for the Voice access port involved in the call.
- Then if the call is established using an uncompressed codec (i.e. g711u or
g711a), the Residential Gateway will send DTMF tone in-band (independently
if the caller endpint supports or not RTP packet Named Telephone Event) on
the same path used for voice.
- If the call is established using a compressed codec, the Residential Gateway will
send DTMF tones using RTP packet Named Telephone Event only if the caller
end-point supports it, otherwise it switches to the same path used for voice
(accepting DTMF distorsion).

Inter-digit time / Inter-digit critical time

AT-RG 600 Residential Gateway – Software Reference Manual 309

The Inter-digit time is the maximum acceptable time between the dialing of one
digit and the next. If a time greater than the inter-digit time elapses after the dialing
of a digit, dialling is considered complete.
The Inter-digit time value is used by the timer 'T' in the digit map expression.
To change the value of the inter-digit time use the VOIP EP SET IDT-PARTIAL
command
The Inter-digit critical time is the maximum acceptable time between the off-hook
event and the dialing of the first digit. If a time greater than this has elapsed since
off-hook and dialing has not yet started, then the connection is closed and a busy
tone is generated.
To change the value of the inter-digit critical time use the VOIP EP SET IDT-
CRITICAL command

Off-hook time / On-hook time

Off-hook time and On-hook time are configuration parameters available only for
analog access ports.
Off-hook time is the minimum time (msec) that the analog line must stay in off-hook
before the system detects the off-hook state.
On-hook time is the minimum time (msec) that the analog line must stay in on-
hook before the system detects the on-hook state.

Country-specific Telecom Tones

The AT-RG613, AT-RG623 and AT-RG656 are able to reproduce the same country-
specific telecom tones used by Central Offices or Foreign Exchanges simply by
selecting the preferred country via the VOIP EP SET COUNTRY command.
Dial Tone, Busy Tone and Ring Back Tone refer to ITU-T E.180 specifications as
reported in the following table:

Country Dial Tone Busy Tone Ring Back Tone

Frequency Cadence Frequency Cadence Frequency Cadence
(Hz) (msec) (Hz) (msec) (Hz) (msec)
400 - 200 -
Australia 425x25 Continuous 400 375 - 375 400x17
400 - 2000
Austria 450 Continuous 450 300 - 300 450 1000 - 5000
Belgium 425 Continuous 425 500 - 500 425 1000 - 3000
Canada 350+440 Continuous 480+620 500 - 500 440+480 2000 - 4000
China 450 Continuous 450 350 - 350 450 1000 - 4000
France 440 Continuous 440 500 - 500 440 1500 - 3500
250 - 4000 -
1000 - 4000
Germany 425 Continuous 425 480 - 480 425
-
1000 - 4000
Israel 400 Continuous 400 500 - 500 400 1000 - 3000
600 - 1000 -
Italy 425 425 200 - 200 425 1000 - 4000
200 - 200
Japan 400 Continuous 400 500 - 500 400x16 1000 - 2000
310 Chapter 14 – VoIP Analogue and Digital Access Ports

New 400 - 200 -

400 Continuous 400 500 - 500 400 + 450
Zealand 400 - 2000
Norway no tone // 425 1000 - 4000 425 500 - 500
Russia no tone // 425 400 - 400 425 800 - 3200
400 - 200 -
Singapore 425 Continuous 425 750 - 750 425x24
400 - 2000
Spain 425 Continuous 425 200 - 200 425 1500 - 3000
Sweden 425 Continuous 425 250 - 250 425 1000 - 5000
Turkey 450 Continuous 450 500 - 500 450 2000 - 4000
United 400 - 200 -
350+440 Continuous 400 375 - 375 400+450
Kingdom 400 - 2000
United
350+440 Continuous 480+620 500 - 500 440+480 2000 - 4000
States

Note:Frequency in Hz: f1xf2 means f1 is modulated by f2

f1+f2 is the juxtaposition of two frequencies f1 and f2 without modulation.

Cadence in seconds: ON - OFF

Port enable/disable
It's possible to temporarily disable a port by using the VOIP EP
ANALOGUE/DIGITAL DISABLE command.
Any call originated from, or sent to, a user attached to a disabled access port is
discharged.
On the AT-RG613, no dial tone is provided through a disabled analogue port.
On the AT-RG623, attempting to make an outgoing call through a disabled digital
port will result in a DISCONNECT message from the unit. A busy tone may be
reproduced locally on the ISDN telephone depending on phone model (typically the
busy tone is generated for few seconds and then the user is invited to replace the
handset).
When a port is disabled, each user added to the port starts to un-register from the
Location Server (SIP signaling protocol) or Gatekeeper (H323 signaling protocol).
To change the port status from disabled to enabled, use the VOIP EP
ANALOGUE/DIGITAL ENABLE command.
As soon the port is enabled all the users attached to the port automatically restart
the process of registration with the location server or gatekeeper.
To show the users attached to a port, use the VOIP EP ANALOGUE/DIGITAL
SHOW command.
To show the user registration status, use the VOIP USER SHOW command.
AT-RG 600 Residential Gateway – Software Reference Manual 311

VoIP EP Command Reference

This section describes the commands available on the Residential Gateway to create,
configure and manage access ports (also called end points - EP).
Two types of port are defined: analogue and digital. The syntax for both analogue
and digital ports is described below. If not otherwise stated, command parameters
apply both to analogue and digital ports.
If particular parameters or commands specific only for one type of port, this will be
explicitly indicated in the description.

voip ep CLI commands

The table below lists the VOIP EP commands provided by the CLI:
Command
VOIP EP CREATE
VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SET CNG
VOIP EP SET CODECS
VOIP EP SET COUNTRY
VOIP EP SET DIALMASK
VOIP EP SET DIALMODE
VOIP EP SET DIGITMAP
VOIP EP SET IDT-CRITICAL
VOIP EP SET IDT-PARTIAL
VOIP EP SET JITTERDELAY
VOIP EP SET LEC
VOIP EP SET OFFHOOK-TIME
VOIP EP SET ONHOOK-TIME
VOIP EP SET RXGAIN
VOIP EP SET TXGAIN
VOIP EP SET VAD
VOIP EP SHOW
312 Chapter 14 – VoIP Analogue and Digital Access Ports

VOIP EP CREATE
Syntax VOIP EP ANALOGUE CREATE <name> TYPE <port-type> PHYSICAL-PORT <phy-
port-id>

VOIP EP DIGITAL CREATE <name> TYPE <port-type> PHYSICAL-PORT <phy-

port-id>

Description This command adds a named access port and binds it to a physical access port.
If the physical resource is already assigned to another named port, an error is raised
and the command fails.

On AT-RG613TX model, up 2 analogue ports can be created with TYPE al-fxs-

del and PHYSICAL-PORT tel1 or tel2.

On AT-RG613TXJ model, up 2 analogue ports with TYPE al-fxs-del and

PHYSICAL-PORT tel1 or tel2 can be created plus a third analog port with TYPE
al-fxo-del and PHYSICAL-PORT tel3.

On AT-RG623TX model, only one digital port can be created with TYPE dl-bri-
lt-s and PHYSICAL-PORT tel. On AT-RG623TX model, only one digital port can
be created with TYPE dl-bri-lt-s and PHYSICAL-PORT tel.

Options The following table gives the range of values for each option that can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the access
port. It can be made up of one or more
name letters or a combination of letters and digits, N/A
but it cannot start with a digit. The
maximum length is fixed to 16 characters.
This is the user access typology served by
the physical port; the possible values
depend on the model (analog access or
digital access).
Valid values are:
port-type al-fxs-del: analog line, foreign exchange N/A
subscriber side, direct exchange line.
al-fxo-del: analog line, foreign exchange
office side, direct exchange line.
dl-bri-lt-s: digital line, ISDN basic rate
interface, LT-S termination.
AT-RG 600 Residential Gateway – Software Reference Manual 313

This is the physical port providing the

access to VoIP network. It may assume the
following values depending on port-type
selection:
phy-port-id tel1: first analog fxs port N/A
tel2: second analog fxs port
tel3: analog fxo port (only AT-RG613TXJ
model)
tel1: digital isdn port

Example
--> voip ep analogue create prt0 type al-fxs-del physical-port tel1
--> voip ep digital create prt0 type dl-bri-lt-s physical-port tel1

See also VOIP EP DISABLE

VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SET
VOIP EP SHOW

VOIP EP DELETE
Syntax VOIP EP ANALOGUE DELETE <name>
VOIP EP DIGITAL DELETE <name>

Description This command deletes the named access port created previously using the VOIP EP
CREATE command.

Deleting an access port where one or more users are attached, causes a
deregistration procedure to be invoked for the users attached to the removed
port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display existing access port names, N/A
use the VOIP EP LIST command.

Example --> voip ep analogue delete prt0

--> voip ep digital delete prt0

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SET
314 Chapter 14 – VoIP Analogue and Digital Access Ports

VOIP EP SHOW

VOIP EP DISABLE
Syntax VOIP EP ANALOGUE DISABLE <name>

VOIP EP DIGITAL DISABLE <name>

Description This command disables the physical port referred to by the named access port.
Use the VOIP EP SHOW command to retrieve the Operational Status of a specific
port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access

name port. To display existing access port names, N/A
use the VOIP EP LIST command.

Example --> voip ep analogue disable prt0

--> voip ep digital disable prt0

See also VOIP EP CREATE

VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SET
VOIP EP SHOW

VOIP EP ENABLE
Syntax VOIP EP ANALOGUE ENABLE <name>

VOIP EP DIGITAL ENABLE <name>

Description This command enables the physical port referred to by the named access port.
Use the VOIP EP SHOW command to retrieve the Operational Status of a specific
port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display existing access port names, N/A
use the VOIP EP LIST command.
AT-RG 600 Residential Gateway – Software Reference Manual 315

Example --> voip ep analogue enable prt0

--> voip ep digital enable prt0

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP LIST
VOIP EP SET
VOIP EP SHOW

VOIP EP LIST
Syntax VOIP EP ANALOGUE LIST

VOIP EP DIGITAL LIST

Description This command lists the named access port defined in the system using the VOIP EP
CREATE command.
The following information is displayed:
• end-point (analogue or digital) ID value
• end-point (analogue or digital) name
• physical port index
• physical port typology

Example --> voip ep analogue list

Gateway access ports:

ID | Name | Physical Port | Typology

-----|------------|------------------|------------------
1 | prt0 | tel1 | al-fxs-del
--------------------------------------------------------

--> voip ep digital list

Gateway access ports:

ID | Name | Physical Port | Typology

-----|------------|------------------|------------------
1 | prt0 | isdn0 | dl-bri-lt-s
--------------------------------------------------------

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP SET
VOIP EP SHOW

VOIP EP SET CFWD

Syntax CFWD all-calls
316 Chapter 14 – VoIP Analogue and Digital Access Ports

VOIP EP <analogue/digital> SET <name> CFWD ENABLE ALL-CALLS ON-

PREFIX <on-prefix> ON-SUFFIX <on-suffix> OFF-PREFIX <off-prefix>

CFWD on-busy

VOIP EP <analogue/digital> SET <name> CFWD ENABLE ON-BUSY ON-PREFIX

<on-prefix> ON-SUFFIX <on-suffix> OFF-PREFIX <off-prefix>

CFWD on-no-answer

VOIP EP <analogue/digital> SET <name> CFWD ENABLE ON-NO-ANSWER ON-

PREFIX <on-prefix> ON-SUFFIX <on-suffix> OFF-PREFIX <off-prefix>

VOIP EP <analogue/digital> SET <name> CFWD ON-NO-ANSWER TIMEOUT

<secs>

Description Call ForWarDing (CFWD) enables to forward incoming calls to another destination
previously decided in a static way. The feature must be enabled on the RG6xx via
the command line, and can be set for following cases:
• CFWD for all incoming calls
• CFWD in case of busy state of the receiver of the call
• CFWD in case of no answer. In this case a timer can be set. The timer allows users
to decide a time threshold after which the call is considered not answered.

In order to have all rules set at the same time, you need to digit on the phone
keyboard the "on-prefix + <the number> + on-suffix". You can see changes on the
RG6xx by typing the following command:
voip ep <digital/analogue> show <port-name> cfwd <all-calls/on-busy/on-no-
answer>

Then, to disable it on the phone, you need to digit the "off-prefix". If you want to
disable it on the RG600, type the following command:
voip ep <digital/analogue> disable <port-name> cfwd <all-calls/on-busy/on-no-
answer>

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display access port names, use the N/A
VOIP EP LIST command.
The sequence to be composed on the phone
on-prefix keyboard, before the phone number to N/A
where the call will be forwarded
The sequence to be composed on the phone
on-suffix N/A
keyboard after the prefix and the phone
AT-RG 600 Residential Gateway – Software Reference Manual 317

number
The sequence to be composed by the user
off-suffix on his phone keyboard to disable the call N/A
forwarding.
The time threshold after which the call is
secs N/A
considered not answered

Example --> voip ep analogue set tel1 cfwd enable all-calls on-prefix *123* on-suffix # off-
prefix **

--> voip ep analogue set tel1 cfwd enable on-busy on-prefix

*123* on-suffix # off-prefix **

--> voip ep analogue set tel1 cfwd enable on-no-answer on-prefix *123* on-suffix
# off-prefix **
voip ep analogue set tel1 cfwd on-no-answer timeout 10

See also VOIP EP SHOW CFWD

VOIP EP DISABLE

VOIP EP SET CNG

Syntax VOIP EP ANALOGUE SET <name> CNG <status>

VOIP EP DIGITAL SET <name> CNG <status>

Description This command enables or disables the comfort noise generation feature.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display access port names, use the N/A
VOIP EP LIST command.
The status of the comfort noise generation
feature.
status Valid values are: N/A
off: CNG disabled
on: CNG enabled

Example --> voip ep analogue set prt0 cng off

--> voip ep digital set prt0 cng off

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
318 Chapter 14 – VoIP Analogue and Digital Access Ports

VOIP EP LIST
VOIP EP SHOW

VOIP EP SET CODECS

Syntax VOIP EP ANALOGUE SET <name> CODECS <codec-list>

VOIP EP DIGITAL SET <name> CODECS <codec-list>

Description This command sets the codec capability list for an existing access port.

T38 support must always be selected together with another speech codec
(G711a/u or G726 or G729ab).

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access

name port. To display access port names, use the N/A
VOIP EP LIST command.
The value or a comma separated list of
values defining the compression algorithm
on codec.
Valid values are:
g711a: referring to G.711 a-law PCM
g711u: referring to G.711 µ-law PCM
codec-list g729ab: referring to G.729A/B 8 kbps N/A
ACELP A/B
g726-16:referring to G.726 16 kbps
g726-24:referring to G.726 24 kbps
g726-32:referring to G.726 32 kbps
g726-40:referring to G.726 40 kbps
T38

Example --> voip ep analogue set prt0 codecs g711a,g711u,g729ab

--> voip ep digital set prt0 codecs g711a,g711u,g729ab

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET COUNTRY

Syntax VOIP EP ANALOGUE SET <name> COUNTRY <country>
AT-RG 600 Residential Gateway – Software Reference Manual 319

VOIP EP DIGITAL SET <name> COUNTRY <country>

Description This command sets dial tone, busy tone and ring back tone frequencies and
cadences on the physical port referred to by the named access port, appropriately
for the selected country.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display access port names, use the N/A
VOIP EP LIST command.
The national signalling system and defines
the analogue signaling criteria in use.
Valid values are:
australia
austria
belgium
canada
china
france
germany
israel
country N/A
italy
japan
newzealand
norway
russia
singapore
spain
sweden
turkey
uk
usa

Example --> voip ep analogue(digital) set prt0 country USA

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET DIALMASK

Syntax VOIP EP ANALOGUE SET <name> DIALMASK <digit-number>
320 Chapter 14 – VoIP Analogue and Digital Access Ports

VOIP EP DIGITAL SET <name> DIALMASK <digit-number>

Description This command sets the dial mask value (number of chars to be removed from the
dialed number) on the physical port referred to by the named access port.

On AT-RG613 TXJ FXO port, dial mask works only in the direction PSTN to
FXO port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display the existing access port N/A
names, use the VOIP EP LIST command.
The number of digits to be removed from
digit-number the dialed number. N/A
Acceptable values are from 0 to 3.

Example --> voip ep analogue set prt0 dialmask 2

--> voip ep digital set prt0 dialmask 2

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET DIALMODE

Syntax VOIP EP ANALOGUE SET DIALMODE {AUTO | DTMF | PULSE
10PPS|20PPS}

Description This command sets the dial mode used by analogue ports. On the fxo port, if
DIALMODE is set to AUTO, the Residential Gateway examines the type of
signalling mode supported on the PSTN line and set the port signalling to the same
mode automatically. On fxs ports, if DIALMODE is set to AUTO, the Residential
Gateway uses the same signalling mode selected for fxo port.

If PULSE mode is selected, it's also necessary select the pulse rate: 10pps or 20pps.

Example --> voip ep analogue set prt0 dialmode auto

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
AT-RG 600 Residential Gateway – Software Reference Manual 321

VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET DIGITMAP

Syntax VOIP EP ANALOGUE SET <name> DIGITMAP <digit-map>

VOIP EP DIGITAL SET <name> DIGITMAP <digit-map>

Description This command sets the digit map rule on the physical port referred to by the named
access port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access

name port. To display the existing access port N/A
names, use the VOIP EP LIST command.
The digit map expression. A Digit map
may have up to 32 chars.
The following symbols can be used:
DTMF: A digit from '0' to '9' or one of the
symbols "A", "B", "C", "D", "#", or "*".
digit-map N/A
Timer: The symbol "T"
Wildcard: The symbol "x"
Range: The symbols "[" and "]"
Subrange: The symbol "-"
Position: The symbol "."

Example --> voip ep analogue set prt0 digitmap x.T

--> voip ep digital set prt0 digitmap x.T

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET IDT-CRITICAL

Syntax VOIP EP ANALOGUE SET <name> IDT-CRITICAL <secs>

VOIP EP DIGITAL SET <name> IDT-CRITICAL <secs>

322 Chapter 14 – VoIP Analogue and Digital Access Ports

Description This command set the Inter-digit critical time on the physical port referred to by the
named access port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access

name port. To display access port names, use the N/A
VOIP EP LIST command.
The time duration in seconds of the inter-
secs digit critical time. Acceptable values are N/A
from 5secs to 30secs.

Example --> voip ep analogue set prt0 idt-critical 16

--> voip ep digital set prt0 idt-critical 16

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET IDT-PARTIAL

Syntax VOIP EP ANALOGUE SET <name> IDT-PARTIAL <secs>

VOIP EP DIGITAL SET <name> IDT-PARTIAL <secs>

Description This command sets the Inter-digit time on the physical port referred to by the
named access port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display existing access port names, N/A
use the VOIP EP LIST command.
The time duration in seconds of the inter-
secs digit time. Acceptable values are from 2secs N/A
to 10secs.

Example --> voip ep analogue set prt0 idt-partial 10

--> voip ep digital set prt0 idt-partial 10

See also VOIP EP CREATE

AT-RG 600 Residential Gateway – Software Reference Manual 323

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET JITTERDELAY

Syntax VOIP EP ANALOGUE SET <name> JITTERDELAY <msec>

VOIP EP DIGITAL SET <name> JITTERDELAY <msec>

Description This command sets the jitter delay value on the port referred to by the named access
port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display the existing access port N/A
names, use the VOIP EP LIST command.
The delay in milliseconds that the jitter
buffer waits before it transmits the data
msec samples that are collected from the VoIP N/A
network.
Valid values are from 0 to 130msec:

Example --> voip ep analogue set prt0 jitterdelay 6

--> voip ep digital set prt0 jitterdelay 6

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET LEC

Syntax VOIP EP ANALOGUE SET <name> LEC <msec>

VOIP EP DIGITAL SET <name> LEC <msec>

Description This command sets the line echo cancellation length on the port referred to by the
named access port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).
324 Chapter 14 – VoIP Analogue and Digital Access Ports

Option Description Default Value

A name that identifies an existing access
name port. To display the existing access port N/A
names, use the VOIP EP LIST command.
The line echo cancellation length in milli-
msec seconds. N/A
Valid values are 0, 8, 16 and 32 msec.

Example --> voip ep analogue set prt0 lec 16

--> voip ep digital set prt0 lec 16

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET OFFHOOK-TIME

Syntax VOIP EP ANALOGUE SET <name> OFFHOOK-TIME <msec>

Description This command set the off-hook time on the port referred to by the named access
port.
Only analog access ports accept off-hook time settings.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access

name port. To display the existing access port N/A
names, use the VOIP EP LIST command.
The off-hook time in millisecond.
msec N/A
Valid values are from 100 to 500msec.

Example --> voip ep analogue set prt0 offhook-time 350

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW
AT-RG 600 Residential Gateway – Software Reference Manual 325

VOIP EP SET ONHOOK-TIME

Syntax VOIP EP ANALOGUE SET <name> ONHOOK-TIME <msec>

Description This command set the on-hook time on the port referred to by the named access
port.
Only analog access ports accept on-hook time settings.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display the existing access port N/A
names, use the VOIP EP LIST command.
The on-hook time in millisecond.
msec N/A
Valid values are from 100 to 500msec.

Example --> voip ep analogue set prt0 onhook-time 250

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET RXGAIN

Syntax VOIP EP ANALOGUE SET <name> RXGAIN <gain>

VOIP EP DIGITAL SET <name> RXGAIN <gain>

Description This command sets the input gain (in the direction from AT-RG600/VoIP network to
phone/user) of the port referred to by the named access port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display the existing access port N/A
names, use the VOIP EP LIST command.
The value of rx gain in dB.
gain N/A
Valid values are from –48dB to +28dB.

Example --> voip ep analogue set prt0 rxgain –3.0

326 Chapter 14 – VoIP Analogue and Digital Access Ports

--> voip ep digital set prt0 rxgain –3.0

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET TXGAIN

Syntax VOIP EP ANALOGUE SET <name> TXGAIN <gain>

VOIP EP DIGITAL SET <name> TXGAIN <gain>

Description This command sets the output gain (in the direction from phone/user to AT-
RG600/VoIP network) of the port referred to by the named access port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display the existing access port N/A
names, use the VOIP EP LIST command.
The value of tx gain in dB.
gain N/A
Valid values are from –48dB to +28dB.

Example --> voip ep analogue set prt0 txgain –3.0

--> voip ep digital set prt0 txgain –3.0

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SET VAD

Syntax VOIP EP ANALOGUE SET <name> VAD <status>

VOIP EP DIGITAL SET <name> VAD <status>

Description This command enables or disables the voice activity detection feature on the port
referred to by the named access port.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 327

Option Description Default Value

A name that identifies an existing access
name port. To display the existing access port N/A
names, use the VOIP EP LIST command.
The status of the VAD feature.
Valid values are:
status N/A
on VAD enabled
off VAD disabled

Example --> voip ep analogue set prt0 vad off

--> voip ep digital set prt0 vad off

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SHOW

VOIP EP SHOW
Syntax VOIP EP ANALOGUE SHOW <name>

VOIP EP DIGITAL SHOW <name>

Description This command displays the following information about a named access port:
• Physical Port
• Typology
• Operational status
• Comfort Noise Generation (CNG)
• Codec Capabilities
• Country
• Critical-digit time
• Inter-digit time
• Dialing Mode (AT-RG613TX and AT-RG613TXJ models)
• Digit map
• Dial mask
• Line Echo Cancellation (AT-RG613TX and AT-RG613TXJ models)
• Jitter Delay
• Voice Activity Detection (VAD)
• Off-hook time (AT-RG613TX and AT-RG613TXJ models)
328 Chapter 14 – VoIP Analogue and Digital Access Ports

• On-hook time (AT-RG613TX and AT-RG613TXJ models)

• Rx gain
• Tx gain
• Attached users

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing access
name port. To display the existing access port N/A
names, use the VOIP EP LIST command.

Example --> voip ep analogue show prt0

--> voip ep analogue show prt0

Gateway access port: prt0

--------------------------------------------------
Physical port: tel1
Typology: al-fxs-del
Operational status: Activated
Confort Noise Generation (CNG): OFF
Codec Capabilities: G711A,G711U
Country: Italy
Critical-digit time: 16 Sec.
Inter-digit time: 4 Sec.
Digit map: x.T
Dial mask: 0
Dial mode: DTMF
Line Echo Cancellation (LEC): 16
Jitter Delay: 130 mSec.
Voice Activity Detection (VAD): ON
Off-hook time: 250 mSec.
On-hook time: 350 mSec.
Rx gain: -3.0 dB.
Tx gain: +0.0 dB.

Attached users:

See also VOIP EP CREATE

VOIP EP DISABLE
VOIP EP DELETE
VOIP EP ENABLE
VOIP EP LIST
VOIP EP SET
AT-RG 600 Residential Gateway – Software Reference Manual 329

VoIP Lifeline Command Reference

This section describes the commands available on the Residential Gateway to
manage the lifeline port (fxo port).
The following commands are available only on AT-RG613TXJ model.

voip lifeline CLI commands

The table below lists the VOIP LIFELINE commands provided by the CLI:
Command
VOIP LIFELINE DISABLE
VOIP LIFELINE ENABLE
VOIP LIFELINE SHOW

VOIP LIFELINE DISABLE

Syntax VOIP LIFELINE DISABLE

Description This command disable the lifeline feature and in this case the fxo port is used to
offer gateway service.

Outgoing call is forwarded to it on dial selection base, while incoming call may be
forwarded to any internal and external user allowing destination re-dialling. A user,
calling from PSTN, needs two phases to reach the destination; the first dialled
number allows to gain the access to VoIP network and next selection have to be
dialled to reach the final destinationadds a named access port and binds it to a
physical access port.

Example
--> voip lifeline disable

See also VOIP LIFELINE ENABLE

VOIP LIFELINE SHOW

VOIP LIFELINE ENABLE

Syntax VOIP LIFELINE DISABLE

Description This command enable the lifeline support.

If it is enabled the system uses it as back-up line. Serious VoIP network failures like
ethernet link down or location server/gatekeeper unreacheble bring outgoing call to
be forwarded on the network terminated by fxo port. Incoming calls are forwarded
only to local fxs ports.
330 Chapter 14 – VoIP Analogue and Digital Access Ports

Example
--> voip lifeline enable

See also VOIP LIFELINE DISABLE

VOIP LIFELINE SHOW

VOIP LIFELINE SHOW

Syntax VOIP LIFELINE SHOW

Description This command shows the current lifeline status.

See also VOIP LIFELINE DISABLE

VOIP LIFELINE ENABLE
AT-RG 600 Residential Gateway – Software Reference Manual 331

Chapter 15

VoIP SIP

Introduction
This chapter describes the main features of the SIP standard, the protocols
supported, the implementation of the call processes in the AT-RG613, AT-RG623
and AT-RG656 and how to configure and operate the AT-RG613, AT-RG623 and
AT-RG656 to provide, or connect to, a VoIP Network.

SIP Protocol
SIP (Session Initiation Protocol) is a protocol developed to assist in providing
advanced telephony services across the Internet. Internet telephony is evolving from
its use as a "cheap" (but low quality) way to make international phone calls to a
serious business telephony capability. SIP is one of a group of protocols required to
ensure that this evolution can occur.
SIP is part of the IETF standards process and is modeled upon other Internet
protocols such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext
Transfer Protocol.).
It is used to establish, change and tear down (end) calls between one or more users
in an IP-based network.
In order to provide telephony services there is a need for a number of different
standards and protocols to come together - specifically to ensure transport (RTP),
signalling inter-working with today’s telephony network, to be able to guarantee
voice quality (RSVP, YESSIR), to be able to provide directories (LDAP), to
authenticate users (RADIUS, DIAMETER), and to scale to meet the anticipated
growth curves.
SIP is described as a control protocol for creating, modifying and terminating
sessions with one or more participants. These sessions include Internet multimedia
conferences, Internet (or any IP Network) telephone calls and multimedia
distribution. Members in a session can communicate via multicast or via a mesh of
unicast relations, or via a combination of these.
332 Chapter 15 – VoIP SIP

SIP supports session descriptions that allow participants to agree on a set of

compatible media types. It also supports user mobility by proxying and redirecting
requests to the user's current location. SIP is not tied to any particular conference
control protocol.
In essence, SIP has to provide or enable the following functions:
Name Translation and User Location
Ensuring that the call reaches the called party wherever they are located. Carrying
out any mapping of descriptive information to location information. Ensuring that
details of the nature of the call (Session) are supported.
• Feature Negotiation
This allows the group involved in a call (this may be a multi-party call) to agree
on the features supported – recognizing that not all the parties can support the
same level of features. For example video may or may not be supported; as any
form of MIME type is supported by SIP, there is plenty of scope for negotiation.

• Call Participant Management

During a call a participant can bring other users onto the call or cancel
connections to other users. In addition, users could be transferred or placed on
hold.

• Call feature changes

A user should be able to change the call characteristics during the course of the
call. For example, a call may have been set up as ‘voice-only’, but in the course
of the call, the users may need to enable a video function. A third party joining a
call may require different features to be enabled in order to participate in the
call

Protocol Components
There are two components within SIP. The SIP User Agent and the SIP Network
Server. The User Agent is effectively the end system component for the call and the
SIP Server is the network device that handles the signaling associated with multiple
calls.
The User agent itself has a client element, the User Agent Client (UAC) and a server
element, the User Agent Server (UAS.) The client element initiates the calls and the
server element answers the calls. This allows peer-to-peer calls to be made using a
client-server protocol.
The SIP Server element also provides for more than one type of server. There are
effectively three forms of server that can exist in the network - the SIP stateful proxy
server, the SIP stateless proxy server and the SIP re-direct server. The main function
of the SIP servers is to provide name resolution and user location, since the caller is
unlikely to know the IP address or host name of the called party. What will be
available is perhaps an email-like address or a telephone number associated with
the called party. Using this information, the caller’s user agent can identify with a
specific server to "resolve" the address information – it is likely that this will involve
many servers in the network.
AT-RG 600 Residential Gateway – Software Reference Manual 333

A SIP proxy server receives requests, determines where to send these, and passes
them onto the next server (using next hop routing principals). There can be many
server hops in the network.
The difference between a stateful and stateless proxy server is that a stateful proxy
server remembers the incoming requests it receives, along with the responses it
sends back and the outgoing requests it sends on.
A stateless proxy server forgets all information once it has sent on a request. This
allows a stateful proxy server to fork requests to try multiple possible user locations
in parallel and only send the best responses back. Stateless Proxy servers are most
likely to be the fast, backbone of the SIP infrastructure.
Stateful proxy servers are then most likely to be the local devices close to the User
Agents, controlling domains of users and becoming the prime platform for the
application services.
A re-direct server receives requests, but rather than passing these onto the next
server it sends a response to the caller indicating the address for the called user. This
provides the address for the caller to contact the called party at the next server
directly.
SIP addresses users by an email-like address. Each user is identified through a
hierarchical URL that is built around elements such as a user’s phone number or
host name (for example, SIP:user@company.com). Because of this similarity, SIP
URLs are easy to associate with a user’s e-mail address.
SIP provides its own reliability mechanism and is therefore independent of the
packet layer and only requires an unreliable datagram service.
SIP is typically used over UDP or TCP.
SIP provides the necessary protocol mechanisms so that end systems and proxy
servers can provide services:
• User location
• User capabilities
• User availability
• Call set-up
• Call handling
• Call forwarding, including
• The equivalent of 700-, 800- and 900- type calls
• Call-forwarding no answer
• Call-forwarding busy
• Call-forwarding unconditional
• Other address-translation services

• Callee and calling "number" delivery, where numbers can be any (preferably
unique) naming scheme
• Personal mobility, i.e., the ability to reach a called party under a single, location-
independent address even when the user changes terminals
334 Chapter 15 – VoIP SIP

• Terminal-type negotiation and selection: a caller can be given a choice how to

reach the party, e.g., via Internet telephony, mobile phone, an answering service,
etc.
• Terminal capability negotiation
• Caller and callee authentication
• Blind and supervised call transfer
• Invitations to multicast conferences
When a user wants to call another user, the caller initiates the call with an invite
request. The request contains enough information for the called party to join the
session. If the client knows the location of the other party it can send the request
directly to their IP address. If not the client can send it to a locally configured SIP
network server. If that server is a proxy server it will attempt to resolve the called
user’s location and send the request to them. There are many ways it can do this,
such as searching the DNS or accessing databases. Alternatively, the server may be a
redirect server that may return the called user location to the calling client for it to
try directly. During the course of locating a user, one SIP network server can, of
course, proxy or redirect the call to additional servers until it arrives at one that
definitely knows the IP address where the called user can be found.
Once found, the request is sent to the user, and from there several options arise. In
the simplest case, the user’s telephony client receives the request—that is, the user’s
phone rings. If the user takes the call, the client responds to the invitation with the
designated capabilities* of the client software and a connection is established. If the
user declines the call, the session can be redirected to a voice mail server or to
another user.
"Designated capabilities" refers to the functions that the user wants to invoke. The
client software might support videoconferencing, for example, but the user may
only want to use audio conferencing. Regardless, the user can always add
functions—such as videoconferencing, white-boarding, or a third user—by issuing
another invite request to other users on the link.
SIP has two additional significant features. The first is a stateful SIP proxy server’s
ability to split or "fork" an incoming call so that several extensions can be rung at
once. The first extension to answer takes the call. This feature is handy if a user is
working between two locations (a lab and an office, for example), or where someone
is ringing both a boss and their secretary.
The second significant feature is SIP’s unique ability to return different media types.
Take the example of a user contacting a company. When the SIP server receives the
client’s connection request, it can return to the customer’s phone client via a Web
Interactive Voice Response page (IVR or could use the term Interactive Web
Response or IWR), with the extensions of the available departments or users
provided on the list. Clicking the appropriate link sends an invitation to that user to
set up a call.

SIP Messages
A SIP request message consists of three elements:
• Request Line
• Header
AT-RG 600 Residential Gateway – Software Reference Manual 335

• Message Body
A SIP response message consists of three elements:
• Status Line
• Header
• Message Body
The Request line and header field define the nature of the call in terms of services,
addresses and protocol features. The message body is independent of the SIP
protocol and can contain anything.
SIP defines the following methods (SIP uses the term ‘method’ to describe the
specification areas):
• Invite invites a user to join a call.
• Bye terminates the call between two of the users on a call
• Options requests information on the capabilities of a server
• Ack confirms that a client has received a final response to an INVITE
• Register provides the map for address resolution, letting a server know the
location of other users.
• Cancel ends a pending request, but does not end the call
• The INFO method, for mid-session signalling, is also being added Related
Standards Activity.

AT-RG613, AT-RG623 and AT-RG656 Call Processes

The AT-RG613, AT-RG623 and AT-RG656 can communicate with the following
devices:
• Another VoIP terminal on the IP network, such as another AT-RG613, AT-RG623
and AT-RG656.
• Any LAN SIP endpoint on the IP network, for instance:
• a Soft Phone
• an IP phone directly connected to the IP network

Calls Involving Another Terminal

The following example shown in Figure 16 illustrates how to reach a phone or fax
on another AT-RG613/AT-RG623TX terminal.
336 Chapter 15 – VoIP SIP

SIP IP Phone

VoIP Network

Analog Phone Analog Phone

A B
(or Digital Phone) (or Digital Phone)

AT-RG613 AT-RG613
(or AT-RG623) (or AT-RG623)

SIP Server

Figure 16. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone

A user makes a call with the phone connected to an AT-RG613/AT-RG623, which in

turn contacts another AT-RG613/ AT-RG623, which completes the connection to the
phone which is attached to it.

Calls Involving a Terminal and a SIP Endpoint

The following examples illustrate how a phone connected to an AT-RG613/AT-
RG623TX terminal can communicate with a LAN SIP endpoint on the IP network.
Such endpoints could be:
• a Soft Phone
• an IP phone directly connected to the IP network
A user makes a call with the phone connected to an AT-RG613/AT-RG623, which
reaches the corresponding LAN SIP endpoint on the IP network (Figure 17).
AT-RG 600 Residential Gateway – Software Reference Manual 337

SIP IP Phone

VoIP Network

Analog Phone Analog Phone

A B
(or Digital Phone) (or Digital Phone)

AT-RG613 AT-RG613
(or AT-RG623) (or AT-RG623)

SIP Server

Figure 17. Phone --> AT-RG613/RG623 (A) --> SIP IP Phone

VoIP SIP Servers, Users & Forwarding Database

Introduction
The VoIP SIP subsystem on AT-RG613, AT-RG623 and AT-RG656 residential
gateways is based on the concept of SIP servers, local users, call forwarding rules
and access ports.
The following section describe SIP servers, local users and forwarding database.
• SIP servers are servers where local users register themselves (Location Servers)
and where calls are routed (Proxy Servers) when an outgoing call is going to be
set up.
• Users are entities uniquely identified in the system by a name with an associated
phone number. The User's phone number represents the user's address on the
local system.
• Forwarding rules are local call routing rules used to forward an incoming call on
a local user to a remote system or to a remote user. Forwarding rules are also
used for locally originated calls when the called party is not a local user and the
call must be routed to a specific contact that typically is different from the proxy
server.
Definition of SIP servers, users, and optionally forwarding database rules, are three
basic steps in correctly configuring the VoIP SIP subsystem (see Figure 18).
338 Chapter 15 – VoIP SIP

Default Configuration

SIP Signaling Protocol

Configuration

Access Port Creation Location Servers

Users Creation Forwarding Database

Access Port Config. Proxy Servers

Users Binding

Incoming/
Outgoing Calls

Figure 18. VoIP subsystem configuration - basic steps.

SIP Servers

Location Servers
The SIP module needs to know where locally defined users attempt to register their
contact in the network.
The VOIP SIP LOCATIONSERVER CREATE command is used to set the location
servers used to register users.
It's possible to define more that one location server in order to increase system
reliability in case the first location server doesn't work or cannot be reached.
The system will attempt to register the local users on all the location servers
available in the location server list (see VOIP SIP LOCATIONSERVER LIST
command) until the first registration phase achieves a positive result. Once a
successful registration with a server has been achieved no further registration
requests will be performed even if other location servers are defined.
In the case that more than one location server is defined in the system, it's possible
to set a location server as Master: all the registration requests will start from the
master location server independently of the position of the server in the location
servers list. In the case of registration failure on the Master server, the Location
Server list will be used as server address table where registration requests will be
sent.

If no location servers are defined, the system starts trying to use the server
addresses defined in the Proxy Server list as a location server.
AT-RG 600 Residential Gateway – Software Reference Manual 339

If users are defined without specify the user domain (see VOIP SIP USER
CREATE command), the user domain will be automatically associated to the
location server address where the user has been registered.

Proxy Servers
The SIP module needs to know which proxy server must be used when an outgoing
call cannot be processed by a local number or by a well defined forwarding rule but
must resolved by an external proxy server.
The VOIP SIP PROXYSERVER CREATE command is used to inform the system
about the proxy servers that can be contacted when an outgoing call is going to be
established.
Similarly to location servers, it's possible to define more that one proxy server in
order to increase system reliability in case the first proxy server doesn't work or
cannot be reached.
The system will attempt to contact all the proxy servers available in the proxy server
list (see VOIP SIP PROXYSERVER LIST command) until the first server answers to
the INVITE request. In that case no further INVITE requests are sent to the other
proxy servers even if the called user cannot be reached.
In the case that more than one proxy server is defined in the system, it's possible to
set a proxy server as Master: all the INVITE requests will start from the master
proxy server independently of the position of the server in the proxy servers list. In
the case that the Master proxy server cannot be reached, the Proxy Server list will be
used as server address table where INVITE requests will be sent.

The Proxy Server is also used as registration server if no location servers are
defined.

If users are defined without specify the user domain (see VOIP SIP USER
CREATE command) and no Location Servers are defined, the user domain will
be automatically associated with the proxy server where the user has been
registered.

Users
The system is designed to support up to 100 entries, shared between users and
forwarding rules.
Users are defined by the VOIP SIP USER CREATE command.
Each user must have an associated user number, composed of an address number
and, optionally, an area code number if a complete E.164 number must be defined.
340 Chapter 15 – VoIP SIP

Note: In any given system there cannot exist two or more users with the same
area code and address.
In any given system it is allowable to have two or more users with the same
address but different area code or no area code at all.

Users may inform the VoIP network about the location (IP address) where they can
be contacted by registering themselves on the location server defined in the VOIP
SIP LOCATIONSERVER CREATE command. In this way, other endpoints on the
VoIP network can contact each user by simply using the user address.
The domain where users are members is the domain defined in the VOIP SIP USER
CREATE command. If the DOMAIN is not defined, users will get as domain the
address of the Location Server (or Proxy Server if no location servers are defined)
where they are registered.
To know the user's registration status use the VOIP SIP USER SHOW command.
The user number used in the location registration messages is the complete user
number: area code + address number.

users and access port

A user needs to be attached to at least one physical port in order to receive or to
make a call.
To attach a user to a physical port use the VOIP SIP USER ADD command.
When a user receives a call, only the access lines where the user is attached are
engaged by the communication.
The same user may be attached to more than one access port. In this case when a call
is made to that user, all the lines on which the user is attached will be used to signal
the incoming call.
To know the physical port where a user is attached, use the VOIP SIP USER SHOW
command

Note that physical access ports don’t have their own fixed phone number. They
inherit the phone number from the user number of attached users.

More than one user may be attached to the same physical access port and therefore
more than one phone number can be associated to the same physical access port.
If a user receives a call but the physical line where the user is attached is already
involved in another communication (because it is used by another user), the call is
rejected.
When an outgoing call (in the direction user to VoIP network) is made and more
than one user is attached on the access port being used to make the call, the identity
of calling user is deemed to be the first user defined in the list of users attached to
that port.
To know which users are attached to a physical port, use the VOIP EP SHOW
command. All the local users belong to the same domain.
AT-RG 600 Residential Gateway – Software Reference Manual 341

When an access port is deleted from the system, all the users previously attached are
removed from the port.
Removing a user from a port, by using the VOIP SIP USER REMOVE command or
by deleting the access port, results in an un-registration process from the location
server defined during user creation phase.

Forwarding Database (FDB)

The forwarding database is a technical solution implemented on the Residential
Gateway to redirect a call to a different destination address based on the called
party number.
The forwarding database is used by the signaling end-point layer every time the
called end-point cannot be found among the local users. It is used both for
incoming calls from the VoIP network or for outgoing calls generated locally and
directed to a remote end-point.
The forwarding database may collect up to 100 entries (including users).
Forwarding entries are defined by the VOIP SIP FDB CREATE command.
Each fdb entry is uniquely identified by a name and defines the conditions that a
calls must satisfy in order to be routed to the end point specified by fdb entry
parameters.

• When the signaling end-point layer receives a call it retrieves the called end-point
address (called number).
o Typically the called number is defined in the call signaling messages
received from the network (in the To header).
o If the call is originated locally, the called number address is equal the dialed
number (unless the anologue/digital endpoint as the dialmask set to a value
different from 0).
• The Called end-point address is searched for among the local user addresses to
check if the recipient of the call is a user on the local system.
• If the called end-point matches the address of a local user, the physical resource
(analog or digital port) associated with the called user starts ringing (if the
resource is available)
• If the called number cannot be found among the local users, the forwarding
database is scanned to look for all the entries matching the called number.
The forwarding algorithm acts differently if the call is originated locally or the
call is an incoming call:

Local originated calls

o If a match is found, the INVITE message is routed to the IP address defined
in the CONTACT field of the matched fdb entry. The called user domain
will be set to the DOMAIN value (optional) or to the CONTACT value (if no
DOMAIN is specified) defined by the DOMAIN and CONTACT fields in the
fdb entry respectively.
342 Chapter 15 – VoIP SIP

If the fdb entry has defined the FWADDRESS field, the called number is
changed from the dialed number to the number defined in the fdb entry
FWADDRESS field. In this way it's possible to dial short numbers that will
be replaced by full qualified numbers in the outgoing calls.
By default, the calling user is the first user defined in the system that is
attached to the outgoing physical port.
o If no match is found in the forwarding database, the INVITE message is
routed to the first available proxy server (starting from the Master proxy
server if defined) using as called endpoint domain the same domain as the
calling user.
By default, the calling user is the first user defined in the system that is
attached to the outgoing physical port.

Incoming calls
o If a match is found, a MOVED TEMPORARY message is sent back to the
call originator reporting the contact address defined by the CONTACT field
in the matched fdb entry.
If the fdb entry has defined the FWADDRESS field, the called number is
changed from the dialed number to the number defined in the fdb entry
FWADDRESS field.
o If no match is found in the forwarding database, the call is discharged.

Address and digit-map

The address field specified in fdb entries can be defined using digit map expressions.
Digit map expressions are used to increase system flexibility when defining
forwarding rules that must mach multiple addresses (the digit map is used also in
the voip access port module).
A digit map is defined either by a (case insensitive) "string" or by a list of strings.
Each string in the list is an alternative numbering scheme, specified either as a set of
digits or as an expression to which the called address is compared by the signaling
end-point layer to find the shortest possible match. The following constructs can be
used in each digit map:
Digit: A digit from '0' to '9'
Wildcard: The symbol "x" which matches any digit ("0" to "9").
Range: One or more digit symbols enclosed between square brackets ("[" and
"]").
Subrange: Two digits separated by hyphen ("-") which matches any digit between
and including the two. The subrange construct can only be used inside
a range construct, i.e., between "[" and "]".
Position: A period ("."), which matches an arbitrary number, including zero, of
occurrences of the preceding, construct.
Digit map expressions are typically used when managing locally originated calls.
AT-RG 600 Residential Gateway – Software Reference Manual 343

In this case, using digit map expressions, it is possible to define a generic rule in
such a way that all the calls are routed to a specific contact (e.g. the proxy server)
that will be in charge of proceeding with the call routing.
Digit map expressions are also useful for designing a small network without making
use of any location servers or proxy servers or gatekeepers.
344 Chapter 15 – VoIP SIP

VoIP SIP Command Reference

This section describes the commands available on the AT-RG613, AT-RG 623 and
AT-RG656 Residential Gateway to configure and manage the SIP protocol signaling
module.

VoIP sip protocol CLI commands

The table below lists the VOIP SIP PROTOCOL commands provided by the CLI:
Command
VOIP SIP PROTOCOL DISABLE
VOIP SIP PROTOCOL ENABLE
VOIP SIP PROTOCOL RESTART
VOIP SIP PROTOCOL SET DEFAULTPORT
VOIP SIP PROTOCOL SET EXTENSION
VOIP SIP PROTOCOL SET NAT
VOIP SIP PROTOCOL SET NETINTERFACE
VOIP SIP PROTOCOL SET ROUNDTRIPTIME
VOIP SIP PROTOCOL SET SESSIONEXPIRE
VOIP SIP PROTOCOL SHOW

VOIP SIP PROTOCOL DISABLE

Syntax VOIP SIP PROTOCOL DISABLE

Description This command stops the VoIP SIP signalling protocol and releases all the resources
associated to it.:
• any analogue or digital port defined in the system is removed.
• any user defined in the system is deleted.
• any forwarding entry in the fdb is deleted.
• any SIP server reference (location and proxy) is removed.
This command is typically used when it's necessary to change the VoIP signalling
protocol, i.e. from SIP to H323.
To simply restart the SIP module, use the VOIP SIP PROTOCOL RESTART
command. It doesn't remove any resources defined under the voip main module.
To enable the SIP module, use the VOIP SIP PROTOCOL ENABLE command.

Example --> voip sip protocol disable

See also VOIP SIP PROTOCOL RESTART

VOIP SIP PROTOCOL ENABLE.
AT-RG 600 Residential Gateway – Software Reference Manual 345

VOIP SIP PROTOCOL ENABLE

Syntax VOIP SIP PROTOCOL ENABLE

Description This command turns on the SIP signaling module.

To bind the SIP module to a specific IP interface use the VOIP SIP PROTOCOL SET
INTERFACE command.

Binding the SIP module to a specific IP interface defines the value of the
source IP address for signallng and voice packets. SIP URLs with local
reference offer the hostname and the IP address belonging the provisioned
interface.

The SIP module MUST be enabled in order to create/set analog/digital

ports, users, call forwarding rules and SIP servers..

Example
--> voip sip protocol enable

See also VOIP SIP PROTOCOL SHOW

VOIP SIP PROTOCOL DISABLE

VOIP SIP PROTOCOL RESTART

Syntax VOIP SIP PROTOCOL RESTART

Description This command restarts the VoIP SIP signaling protocol module.
Any pending and active calls are released.
Users previously registered to location servers start to unregister themselves and
then re-register. on the same location servers.
This command doesn't release any resources (users, physical ports and fdb entries)
previously created during module configuration.

Example --> voip sip protocol restart

See also VOIP SIP PROTOCOL ENABLE

VOIP SIP PROTOCOL SET DEFAULTPORT

Syntax VOIP SIP PROTOCOL SET DEFAULTPORT <ipport>

Description This command sets the default listening/sending port used for SIP signaling
346 Chapter 15 – VoIP SIP

messages.
By default, when the SIP module is attached to an IP interface using theVOIP SIP
PROTOCOL SET NETINTERFACE command, the following default value is used:
• defaultport: 5060

Changing the signaling port causes the SIP module to restart.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

UDP/TCP port number used for signalling
messages.
ipport 5060
Available values are from 1026 to 65534.
Only even values can be accepted

Example --> voip sip protocol set defaultport 5060

See also VOIP SIP PROTOCOL ENABLE

VOIP SIP PROTOCOL SET EXTENSION

Syntax VOIP SIP PROTOCOL SET EXTENSION <extension>

Description This command sets the protocol features extended by the protocol.

100rel and Session Timer are always supported when requested; setting
“session-timer” the user agent explicitly requires this keep-alive
mechanism. Info method overlaps the event transfer supported by RTP
sessions.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

extensions is a comma separated list of
values defining the protocol extension.
Available values are:
extension none
info
session-timer
none

Example --> voip sip protocol set extension session-timer

AT-RG 600 Residential Gateway – Software Reference Manual 347

See also VOIP SIP PROTOCOL SHOW

VOIP SIP PROTOCOL SET NAT

Syntax VOIP SIP PROTOCOL SET NAT {NONE | <host> }

Description This command sets the NAT host reference. Any SIP URLs with local reference is
hidden by the NAT address value.

Changing the NAT reference causes the SIP module to restart.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The address that must displayed in the local
SIP URL references.
It can be expressed in hostname format or
host None
IPv4 format.
A Hostname can be a maximum of 255
characters long.

Example --> voip sip protocol set nat 10.17.90.110

--> voip sip protocol set nat at-rg600.voip.atkk.com

See also VOIP SIP PROTOCOL ENABLE

VOIP SIP PROTOCOL SET NETINTERFACE

Syntax VOIP SIP PROTOCOL SET NETINTERFACE <interface_name>

Description This command sets the IP interface used to access the VoIP network.
• Signaling and voice packets will use the Source IP address defined for the
selected interface.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

interface_name interface. To display interface names, use N/A
the IP LIST INTERFACES command.

Example --> voip sip protocol set netinterface ip0

See also VOIP SIP PROTOCOL ENABLE

348 Chapter 15 – VoIP SIP

VOIP SIP PROTOCOL SET ROUNDTRIPTIME

Syntax VOIP SIP PROTOCOL SET ROUNDTRIPTIME <msecs>

Description This command sets the maximum time between the trasmission of a packet and the
reception of the response. If the time expires, protocol primitives are retransmitted.
Retransmission of protocol primitives are useful in case of unreliable transports like
UDP to recover errors in transactions.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The round trip time in milliseconds.
msec Acceptable values are from 500 to 4000 500
msecs.

Example --> voip sip protocol set roundtriptime 1000

See also VOIP SIP PROTOCOL ENABLE

VOIP SIP PROTOCOL SET SESSIONEXPIRE

Syntax VOIP SIP PROTOCOL SET SESSIONEXPIRE <secs>

Description This command sets the largest amount of time that can occur between session
refresh in dialog before the session will be considered timed out..

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The session expire time in seconds.

secs Available values are from 30 to 86400 secs 1800
(24 hours).

Example --> voip sip protocol set sessionexpire 180

See also VOIP SIP PROTOCOL SHOW

VOIP SIP PROTOCOL SHOW

Syntax VOIP SIP PROTOCOL SHOW

Description This command displays basic SIP module configuration parameters set by the VOIP
AT-RG 600 Residential Gateway – Software Reference Manual 349

SIP PROTOCOL SET commands.

Example --> voip sip protocol show

Gateway base protocol: SIP

------------------------------------------------------------
Network interface: ip0
Default port: 5060
NAT: 10.17.90.110
Round-trip time: 1000 msecs.
Session expire time: 1800 secs.
Extension features: none

See also VOIP SIP PROTOCOL ENABLE

VOIP SIP PROTOCOL SET MEDIAPORT
VOIP SIP PROTOCOL SET EXTENSION
350 Chapter 15 – VoIP SIP

VoIP SIP Locationserver Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the VoIP SIP
Locationserver module.

voip sip locationserver CLI commands

The table below lists the VOIP SIP LOCATIONSERVER commands provided by the
CLI:
Command
VOIP SIP LOCATIONSERVER CREATE
VOIP SIP LOCATIONSERVER DELETE
VOIP SIP LOCATIONSERVER LIST
VOIP SIP LOCATIONSERVER SET MASTER

VOIP SIP LOCATIONSERVER CREATE

Syntax VOIP SIP LOCATIONSERVER CREATE <name> CONTACT <host:port/transport >

Description This command creates a new entry in the location servers list. Each location server
must have a different <name>. If the location server already exists, an error message
is raised.
This command is accepted only if the SIP module is already running. See the VOIP
SIP PROTOCOL ENABLE command to turn on the SIP module.
This command doesn’t set the master location server. To define a location server as
master use the VOIP SIP LOCATIONSERVER SET MASTER command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the
location server. The name must not be
present already.
name The name can be a maximum of 16 N/A
characters long; cannot start with a digit
and cannot contain dots '.' or slash symbols
'/'.
The hostname or IPv4 address of the
location server where registrations are sent
host N/A
host can be a maximum of 256 chars long
(when using hostname format).
AT-RG 600 Residential Gateway – Software Reference Manual 351

The UDP/TCP port on the location server to

port 5060
which signalling messages are sent.
The protocol used to transport the
signalling messages to the location server.
transport Possible values are: udp
udp
tcp

Example
--> voip sip locationserver create default contact 192.168.102.3

See also VOIP SIP LOCATIONSERVER LIST

VOIP SIP LOCATIONSERVER SHOW

VOIP SIP LOCATIONSERVER DELETE

Syntax VOIP SIP LOCATIONSERVER DELETE <name>

Description This command deletes a single location server created using the VOIP SIP
LOCATIONSERVER CREATE command.
To show the list of existing location servers, use the VOIP SIP LOCATIONSERVER
LIST command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing location
server (it can also be the ID value associated
name with the location server). To display the N/A
existing location servers, use the VOIP SIP
LOCATIONSERVER LIST command.

Example --> voip sip locationserver delete backuplocserv

See also VOIP SIP LOCATIONSERVER CREATE

VOIP SIP LOCATIONSERVER LIST
VOIP SIP LOCATIONSERVER SHOW

VOIP SIP LOCATIONSERVER LIST

Syntax VOIP SIP LOCATIONSERVER LIST

Description This command lists information about location servers that were added using the
VOIP SIP LOCATIONSERVERS CREATE command. The following information is
displayed:
352 Chapter 15 – VoIP SIP

• server ID numbers
• server names
• Master: whether the server has been set as Master or not. A star symbol
in the field identifies the server as the current location server where local user are
registered.
• Contact: the IP address (IPv4 or hostname format) of the location server

Note: If a name is longer than 32 chars, the name is shown in a short format
(only the initial part of the name is displayed). To show the full name use the
VOIP SIP LOCATIONSERVER SHOW command, specifying the server ID
instead of server name.

Example
--> voip sip location list

ID | Name | Master | Contact

-----|------------|----------|--------------------------------------------
1 | default | false * | 192.168.1.2
--------------------------------------------------------------------------

See also VOIP SIP LOCATIONSERVER CREATE

VOIP SIP LOCATIONSERVER SHOW

VOIP SIP LOCATIONSERVER SET MASTER

Syntax VOIP SIP LOCATIONSERVER SET <name> MASTER

Description This command sets a location server as Master. If another location server was set
Master previously, the flag Master is removed from the old one.
To show the list of existing location servers, use the VOIP SIP LOCATIONSERVER
LIST command.

Example --> voip sip locationserver set backuplocserv master

See also VOIP SIP LOCATIONSERVER CREATE

VOIP SIP LOCATIONSERVER LIST
VOIP SIP LOCATIONSERVER SHOW
AT-RG 600 Residential Gateway – Software Reference Manual 353

VoIP SIP Proxyserver Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the VoIP SIP
Proxyserver module.

voip sip proxyserver CLI commands

The table below lists the VOIP SIP PROXYSERVER commands provided by the CLI:
Command
VOIP SIP PROXYSERVER CREATE
VOIP SIP PROXYSERVER DELETE
VOIP SIP PROXYSERVER LIST
VOIP SIP PROXYSERVER SET MASTER

VOIP SIP PROXYSERVER CREATE

Syntax VOIP SIP PROXYSERVER CREATE <name> CONTACT <host:port/transport >

Description This command creates a new entry in the proxy servers list. Each proxy server must
have a different <name>. If the proxy server already exists, an error message is
raised.
This command is accepted only if the SIP module is already running. See the VOIP
SIP PROTOCOL ENABLE command to turn on the SIP module.
This command doesn’t set the master proxy server. To define a proxy server as
master use the VOIP SIP PROXYSERVER SET MASTER command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the proxy
server. The name must not be present
already.
name The name can be a maximum of 16 N/A
characters long; cannot start with a digit
and cannot contain dots '.' or slash symbols
'/'.
The hostname or Ipv4 address of the proxy
server where signaling messages are sent
host N/A
host can be a maximum of 256 chars long
(when using hostname format).
The UDP/TCP port on the proxy server to
port 5060
which signalling messages are sent.
354 Chapter 15 – VoIP SIP

The protocol used to transport the

signalling messages to the proxy server.
transport Possible values are: udp
udp
tcp

Example
--> voip sip proxy create default contact 192.168.102.3

See also VOIP SIP PROXYSERVER LIST

VOIP SIP PROXYSERVER SHOW

VOIP SIP PROXYSERVER DELETE

Syntax VOIP SIP PROXYSERVER DELETE <name>

Description This command deletes a single proxy server created using the VOIP SIP
PROXYSERVER CREATE command.
To show the list of existing proxy servers, use the VOIP SIP PROXYSERVER LIST
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing proxy
server (it can also be the ID value associated
name with the proxy server). To display the N/A
existing proxy servers, use the VOIP SIP
PROXYSERVER LIST command.

Example --> voip sip proxyserver delete backuplocserv

See also VOIP SIP PROXYSERVER CREATE

VOIP SIP PROXYSERVER LIST
VOIP SIP PROXYSERVER SHOW

VOIP SIP PROXYSERVER LIST

Syntax VOIP SIP PROXY LIST

Description This command lists information about proxy servers that were added using the
VOIP SIP PROXYSERVER CREATE command. The following information is
displayed:
• server ID numbers
AT-RG 600 Residential Gateway – Software Reference Manual 355

• server names
• Master: whether the server has been set as Master or not. A star symbol in the
field identifies the server as the currect proxy server used by outgoing calls.
• Contact: the IP address (IPv4 or hostname format) of the proxy server

Note: If a name is longer than 32 chars, the name is shown in a short format
(only the initial part of the name is displayed). To show the full name use the
VOIP SIP PROXYSERVER SHOW command, specifying the server ID instead of
server name.

Example
--> voip sip proxyserver list

ID | Name | Master | Contact

-----|------------|----------|--------------------------------------------
1 | default | false * | 192.168.1.2
--------------------------------------------------------------------------

See also VOIP SIP PROXYSERVER CREATE

VOIP SIP PROXYSERVER SHOW

VOIP SIP PROXYSERVER SET MASTER

Syntax VOIP SIP PROXYSERVER SET <name> MASTER

Description This command sets a proxy server as Master. If another proxy server was set Master
previously, the flag Master is removed from the old one.
To show the list of existing proxy servers, use the VOIP SIP PROXYSERVER LIST
command.

Example --> voip sip proxyserver set backuplocserv master

See also VOIP SIP PROXYSERVER CREATE

VOIP SIP PROXYSERVER LIST
VOIP SIP PROXYSERVER SHOW
356 Chapter 15 – VoIP SIP

VoIP SIP User Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the VoIP SIP User
module.

voip sip user CLI commands

The table below lists the VOIP SIP USER commands provided by the CLI:
Command
VOIP SIP USER ADD
VOIP SIP USER CREATE
VOIP SIP USER DELETE
VOIP SIP USER LIST
VOIP SIP USER REMOVE
VOIP SIP USER SHOW

VOIP SIP USER ADD

Syntax VOIP SIP USER ADD <username> PORT <portname>

Description This command attaches a user created with the command VOIP SIP USER CREATE
to a named port created with the command VOIP EP CREATE.
As soon as this command is entered, the registration phase starts.

The system tries to register the user with the location server specified by
the VOIP SIP LOCATIONSERVER CREATE command. If no location
servers are defined, the system tries to register the user with the proxy
server specified by the VOIP SIP PROXYSERVER CREATE command. If no
proxy server are defined, registration phase is not performed until a
location server or proxy server is added to the SIP module.

To display the user's registration status and port association use the VOIP SIP USER
SHOW command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing user (it
can be also the ID value associated with the
username N/A
user name). To display the existing users,
use the VOIP SIP USER LIST command.
AT-RG 600 Residential Gateway – Software Reference Manual 357

A name that identifies an existing port. To

portname display the existing ports, use the VOIP EP N/A
LIST command.

Example --> voip sip user add MrBrown port fxs0

See also VOIP SIP USER ADD

VOIP SIP USER CREATE
VOIP SIP USER DELETE
VOIP SIP USER LIST
VOIP SIP USER REMOVE
VOIP SIP USER SHOW
VOIP EP LIST

VOIP SIP USER CREATE

Syntax VOIP SIP USER CREATE <username> ADDRESS <digit-map> [AREACODE <area-
number>] [AUTHENTICATION <login:password>] [DOMAIN <host >] [TRANSPORT
<transport>]

Description This command creates a new entry in the users list. Each user must have a different
<username>. If the user already exists, an error message is raised.
This command is accepted only if the SIP module is already running. See the VOIP
SIP PROTOCOL ENABLE command to turn on the SIP module.
This command doesn’t bind the user to a physical access port. In order to inform the
system that the user is attached to a specific physical port, the VOIP SIP USER ADD
command must be used.

If the DOMAIN parameter is not specified, the user domain is set equal to
the location server address (if defined) or proxyserver address (if location
server is not defined).

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the user.
The name must not be present already.
The username can be a maximum of 16
username N/A
characters long; cannot start with a digit
and cannot contain dots '.' or slash symbols
'/'.
The phone number (E.164) used to reach the
digit-map user. N/A
The address can be 32 characters long.
358 Chapter 15 – VoIP SIP

The prefix number to be dialed before the

destination number. Valid characters are
area-number empty
only numerical characters. The area number
can be a maximum of 10 digits long.
The user name used during the
authentication phase. The login can be a
maximum of 32 characters long.
login empty
The same rules defined for the username
field also apply here, except the login can
start with a digit.
The password used during the
authentication phase. The password can be
a maximum of 16 characters long.
password empty
The same rules defined for the username
field also apply here, except the password
can start with a digit.
The domain address in hostname format or
IPv4 format.
host empty
The domain can be a maximum of 255
characters long.
The transport protocol used to contact the
user. Valid values are:
transport udp
udp
tcp

Example
--> voip sip user create MrBrown address 12345 locationserver 192.168.102.3

See also VOIP SIP USER ADD

VOIP SIP USER CREATE
VOIP SIP USER DELETE
VOIP SIP USER LIST
VOIP SIP USER REMOVE
VOIP SIP USER SHOW

VOIP SIP USER DELETE

Syntax VOIP SIP USER DELETE <username>

Description This command deletes a single user created using the VOIP SIP USER CREATE
command.
To show the list of existing users, use the VOIP SIP USER LIST command.
As soon this command is entered, the deregistration phase starts (REGISTER
request) to the location server (registar) removing the user from the user list on the
server.

Options The following table gives the range of values for each option which can be specified
AT-RG 600 Residential Gateway – Software Reference Manual 359

with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing user (it
can also be the ID value associated with the
username N/A
user name). To display the existing users,
use the VOIP SIP USER LIST command.

Example --> voip sip user delete MrBrown

See also VOIP SIP USER ADD

VOIP SIP USER CREATE
VOIP SIP USER DELETE
VOIP SIP USER LIST
VOIP SIP USER REMOVE
VOIP SIP USER SHOW

VOIP SIP USER LIST

Syntax VOIP SIP USER LIST

Description This command lists information about users that were added using the VOIP SIP
USER CREATE command. The following information is displayed:
• user ID numbers
• user names
• Area Codes
• Addresses

Note: If a user name is longer than 32 chars, the name is shown in a short format
(only the initial part of the name is displayed). To show the full name use the
VOIP SIP USER SHOW command, specifying the user ID instead of user name.

Example
--> voip sip user list

ID | Name | Area Code | Address

---- |------------|------------------|------------------------------------
1 | MrBrown | | 12345
---- |------------|------------------|------------------------------------

See also VOIP SIP USER ADD

VOIP SIP USER CREATE
VOIP SIP USER DELETE
VOIP SIP USER LIST
VOIP SIP USER REMOVE
VOIP SIP USER SHOW
360 Chapter 15 – VoIP SIP

VOIP SIP USER REMOVE

Syntax VOIP SIP USER REMOVE <username> PORT <name>

Description This command remove a single user from the port where it was added with the
VOIP SIP USER ADD command.
Removing a user from a port results in an un-registration request to the location
server.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing user (it
can also be the ID value associated with the
username N/A
user name). To display the existing users,
use the VOIP SIP USER LIST command.
A name that identifies an existing port. To
portname know the ports where the user is added, use N/A
the VOIP SIP USER SHOW command.

Example --> voip sip user remove MrBrown port fxs0

See also VOIP SIP USER ADD

VOIP SIP USER CREATE
VOIP SIP USER DELETE
VOIP SIP USER LIST
VOIP SIP USER REMOVE
VOIP SIP USER SHOW

VOIP SIP USER SHOW

Syntax VOIP SIP USER SHOW <username>

Description This command displays the following information about a named user:
• Address
• Area Code
• Domain
• Authetication (login:password)
• Transport
• Attached ports

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
AT-RG 600 Residential Gateway – Software Reference Manual 361

Option Description Default Value

A name that identifies an existing user. To
username display the existing users, use the VOIP SIP N/A
USER LIST command.

Example --> voip sip user show MrBrown

Gateway user: MrBrown

--------------------------------------------------------------
Address: 12345
Area Code (AC):
Domain: 192.168.102.3
Authentication: charlie:123charlie
Transport:
State: registered (expire time: 2864 Sec.)
Attached ports: port0

See also VOIP SIP USER ADD

VOIP SIP USER CREATE
VOIP SIP USER DELETE
VOIP SIP USER LIST
VOIP SIP USER REMOVE
VOIP SIP USER SHOW
362 Chapter 15 – VoIP SIP

VoIP SIP FDB Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to configure and manage the FDB module.

voip sip fdb CLI commands

The table below lists the VOIP SIP FDB commands provided by the CLI:

Command

VOIP SIP FDB CREATE

VOIP SIP FDB DELETE
VOIP SIP FDB LIST
VOIP SIP FDB SHOW

VOIP SIP FDB CREATE

Syntax VOIP SIP FDB CREATE <name> ADDRESS <digit-map> CONTACT <contact-
host:port/transport;proxy> [DOMAIN <host>] [FWADDRESS <tel-number>]

Description This command creates a new entry in the forwarding database (FDB).
ADDRESS is the called address expected to be received from the calling end-point in
order to forward the call to the CONTACT.
CONTACT is the host reference where the call is forwarded. The contact-host part is
the default to form the URL domain (Request-URI, From and To fields).
The flag proxy modifies the rule to make the Request-URI: if it is present then the
Request-URI domain gets the value from the contact-host part of CONTACT
parameter otherwise the current call domain will be used.
The DOMAIN assigns the call domain and it is used to format the "To" and "From"
headers. It is optional and the contact host part is used if it is not set.
The FWADDRESS replaces the destination address of the call. It is optional and it is
used to make a short selection rule (e.g. dialed number 01 corresponds to
00390224141121)

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies this
specific fdb rule. The name must not be
name present already. N/A
The fdb name can be a maximum of 16
characters long.
AT-RG 600 Residential Gateway – Software Reference Manual 363

The called user address (i.e. phone number)

expected to be received.
It can be a digit map expression as
digit-map N/A
described in section 0.
The digit-map can be a maximum of 32
chars long.
The hostname or IPv4 address of the remote
end-point where call must be routed.
contact-host N/A
Contact-host can be a maximum of 256
chars long (when using hostname format).
The UDP/TCP port on the contact host to
port 5060
which signalling messages are sent.
The protocol used to transport the
signalling messages to the contact host.
transport Possible values are: udp
udp
tcp
If proxy is specified, the contact host is
considered to be a proxy server, otherwise
proxy the contact-host is considered to be another none
SIP end-point (e.g. another AT-RG613, AT-
RG623 and AT-RG656 unit)
The domain assigned to the redirected call.
It can be a hostname or IPv4 address.
host N/A
Host can be a maximum of 256 chars long
(when using hostname format).
Is the new number to which the call is
tel-number N/A
redirected.

Example
--> voip sip fdb create default address 9x. contact 192.168.1.10 domain
voip.atkk.com

See also VOIP SIP FDB LIST

VOIP SIP FDB SHOW

VOIP SIP FDB DELETE

Syntax VOIP SIP FDB DELETE <name>

Description This command deletes a single fdb entry created using the VOIP SIP FDB CREATE
command.
To show the list of existing FDB entries, use the VOIP SIP FDB LIST command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).
364 Chapter 15 – VoIP SIP

Option Description Default Value

A name (or the ID value) that identifies an
existing user in the forwarding database. To
name N/A
display the existing FDB entries, use the
VOIP SIP FDB LIST command.

Example --> voip sip fdb delete default

See also VOIP SIP FDB CREATE

VOIP SIP FDB LIST

VOIP SIP FDB LIST

Syntax VOIP SIP FDB LIST

Description This command lists information about FDB entries added using the VOIP SIP FDB
CREATE command.
The following information is displayed:
• FDB entry ID numbers
• FDB entry names
• FDB entry Address

Note: If an fdb name is longer than 32 chars, the name is shown in a short
format (only the initial part of the name is displayed). To show the full name use
the VOIP SIP FDB SHOW command, specifying the user ID instead of user
name.

Example --> voip sip fdb list

Gateway forwarding database:

ID | Name | Address
----|------------|---------------------
1 | pstn | 9x.
---------------------------------------

See also VOIP SIP FDB CREATE

VOIP SIP FDB SHOW

VOIP SIP FDB SHOW

Syntax VOIP SIP FDB SHOW <name>

Description This command lists information about a named FDB entry added to the forwarding
data base using the VOIP SIP FDB CREATE command. The following information is
displayed:
• Address
AT-RG 600 Residential Gateway – Software Reference Manual 365

• Domain
• Contact

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name (or the ID value) that identifies an
existing user in the forwarding database. To
name N/A
display the existing FDB entries, use the
VOIP SIP FDB LIST command.

Example --> voip sip fdb show MrJohn

Gateway forwarding database entry: MrJohn

----------------------------------------------
Address: 2010
Area Code (AC):
Domain: 192.168.0.5
Contact: 10.17.90.51

See also VOIP SIP FDB LIST

366 Chapter 16 – VoIP H323

Chapter 16

VoIP H323

Introduction
This chapter describes the main features of H.323 standard, the protocols supported,
the implementation of the call processes in the AT-RG613, AT-RG623 and AT-
RG656 and how to configure and operate the AT-RG613, AT-RG623 and AT-RG656
to provide, or connect to, a VoIP Network.

H.323 Protocols
H.323 is a standard that specifies the components, protocols and procedures that
provide multimedia communication services, real-time audio, video, and data
communications over packet networks (see Figure 19), including Internet protocol
(IP) based networks. H.323 is part of a family of ITU–T recommendations called
H.32x that provides multimedia communication services over a variety of networks.
Packet-based networks include IP based (including the Internet) or Internet packet
exchange (IPX) based local-area networks (LANs), enterprise networks (ENs),
metropolitan-area networks (MANs), and wide area networks (WANs). H.323 can
be applied in a variety of mechanisms audio only (IP telephony); audio and video
(video telephony); audio and data; and audio, video and data. H.323 can also be
applied to multipoint-multimedia communications. H.323 provides myriad services
and, therefore, can be applied in a wide variety of areas consumer, business, and
entertainment applications.

Packet Network (IP)

H323

H323 Terminal H323 Terminal

AT-RG 600 Residential Gateway – Software Reference Manual 367

Figure 19. H.323 Terminals on a Packet Network

H.323 Components
The H.323 standard specifies four kinds of components, which, when networked
together, provide the point-to-point and point-to-multipoint multimedia-
communication services:
• terminals
• gateways
• gatekeepers
• multipoint control units (MCUs)

Terminals
Used for real-time bi-directional multimedia communications, an H.323 terminal
can either be a personal computer (PC) or a stand-alone device, running an H.323
and the multimedia applications. It supports audio communications and can
optionally support video or data communications.
Because the basic service provided by an H.323 terminal is audio communications,
an H.323 terminal plays a key role in IP–telephony services. An H.323 terminal can
either be a PC or a stand-alone device, running an H.323 stack and multimedia
applications.
The primary goal of H.323 is to interwork with other multimedia terminals. H.323
terminals are compatible with H.324 terminals on SCN and wireless networks,
H.310 terminals on B–ISDN, H.320 terminals on ISDN, H.321 terminals on B– ISDN,
and H.322 terminals on guaranteed QoS LANs. H.323 terminals may be used in
multipoint conferences.

Gateways
A gateway connects two dissimilar networks. An H.323 gateway provides
connectivity between an H.323 network and a non–H.323 network.
For example, a gateway can connect and provide communication between an H.323
terminal and SCN networks (SCN networks include all switched telephony
networks, e.g., public switched telephone network PSTN. This connectivity of
dissimilar networks is achieved by translating protocols for call setup and release,
converting media formats between different networks, and transferring information
between the networks connected by the gateway.
A gateway is not required, however, for communication between two terminals on
an H.323 network.

Gatekeepers
A gatekeeper can be considered the brain of the H.323 network. It is the focal point
for all calls within the H.323 network.
Although they are not required, gatekeepers provide important services such as
addressing, authorization and authentication of terminals and gateways; bandwidth
management and accounting. Gatekeepers may also provide call-routing services.
368 Chapter 16 – VoIP H323

Multipoint Control Units

MCUs provide support for conferences of three or more H.323 terminals.
All terminals participating in the conference establish a connection with the MCU.
The MCU manages conference resources, negotiates between terminals for the
purpose of determining the audio or video coder/decoder (CODEC) to use, and may
handle the media stream.
The gatekeepers, gateways, and MCUs are logically separate components of the
H.323 standard but can be implemented as a single physical device.

Protocols Specified by H.323

The protocols specified by H.323 are listed below:
• audio CODECs
• video CODECs
• H.225 registration, admission, and status (RAS)
• H.225 call signaling
• H.245 control signaling
• real-time transfer protocol (RTP)
• real-time control protocol (RTCP)
H.323 is independent of the packet network and the transport protocols over which
it runs.

Audio CODEC
An audio CODEC encodes the audio signal from the microphone for transmission
on the transmitting H.323 terminal and decodes the received audio code that is sent
to the speaker on the receiving H.323 terminal.
Because audio is the minimum service provided by the H.323 standard, all H.323
terminals must have at least one audio CODEC support, as specified in the ITU–T
G.711 recommendation (audio coding at 64 kbps).
Additional audio CODEC recommendations such as G.722 (64, 56, and 48 kbps),
G.723.1 (5.3 and 6.3 kbps), G.728 (16 kbps), and G.729 (8 kbps) may also be
supported.

Video CODEC
A video CODEC encodes video from the camera for transmission on the
transmitting H.323 terminal and decodes the received video code that is sent to the
video display on the receiving H.323 terminal.
Because H.323 specifies support of video as optional, the support of video CODECs
is optional as well. However, any H.323 terminal providing video communications
must support video encoding and decoding as specified in the ITU–T H.261
recommendation.
AT-RG 600 Residential Gateway – Software Reference Manual 369

H.225 Registration, Admission, and Status

Registration, admission, and status (RAS) is the protocol between endpoints
(terminals and gateways) and gatekeepers.
The RAS is used to perform registration, admission control, bandwidth changes,
status, and disengage procedures between endpoints and gatekeepers.
A RAS channel is used to exchange RAS messages. This signaling channel is opened
between an endpoint and a gatekeeper prior to the establishment of any other
channels.

H.225 Call Signaling

The H.225 call signaling is used to establish a connection between two H.323
endpoints. This is achieved by exchanging H.225 protocol messages on the call-
signaling channel.
The call-signaling channel is opened between two H.323 endpoints or between an
endpoint and the gatekeeper.

H.245 Control Signaling

H.245 control signaling is used to exchange end-to-end control messages governing
the operation of the H.323 endpoint.
These control messages carry information related to the following:
• capabilities exchange
• opening and closing of logical channels used to carry media streams
• flow-control messages
• general commands and indications

Real-Time Transport Protocol

Real-time transport protocol (RTP) provides end-to-end delivery services of real-
time audio and video.
Whereas H.323 is used to transport data over IP–based networks, RTP is typically
used to transport data via the user datagram protocol (UDP). RTP, together with
UDP, provides transport-protocol functionality. RTP provides payload-type
identification, sequence numbering, time stamping, and delivery monitoring. UDP
provides multiplexing and checksum services. RTP can also be used with other
transport protocols.

Real-Time Transport Control Protocol

Real-time transport control protocol (RTCP) is the counterpart of RTP that provides
control services.
The primary function of RTCP is to provide feedback on the quality of the data
distribution. Other RTCP functions include carrying a transport-level identifier for
an RTP source, called a canonical name, which is used by receivers to synchronize
audio and video.
370 Chapter 16 – VoIP H323

Terminal Characteristics
H.323 terminals must support the following:
• H.245 for exchanging terminal capabilities and creation of media channels
• H.225 for call signaling and call setup
• RAS for registration and other admission control with a gatekeeper
• RTP/RTCP for sequencing audio and video packets
H.323 terminals must also support the G.711 audio CODEC.
Optional components in an H.323 terminal are video CODECs, T.120 data-
conferencing protocols, and MCU capabilities.

Gateway and Gatekeeper Characteristics

Gateway Characteristics
A gateway provides translation of protocols for call setup and release, conversion of
media formats between different networks, and the transfer of information between
H.323 and non H.323 networks An application of the H.323 gateway is in IP
telephony, where the H.323 gateway connects an IP network and SCN network (e.g.,
ISDN network).
On the H.323 side, a gateway runs H.245 control signaling for exchanging
capabilities, H.225 call signaling for call setup and release, and H.225 registration,
admissions, and status (RAS) for registration with the gatekeeper.
On the SCN side, a gateway runs SCN–specific protocols (e.g., ISDN and SS7
protocols). Terminals communicate with gateways using the H.245 control-
signaling protocol and H.225 call-signaling protocol. The gateway translates these
protocols in a transparent fashion to the respective counterparts on the non H.323
network and vice versa. The gateway also performs call setup and clearing on both
the H.323–network side and the non–H.323–network side. Translation between
audio, video, and data formats may also be performed by the gateway.
Audio and video translation may not be required if both terminal types find a
common communications mode. For example, in the case of a gateway to H.320
terminals on the ISDN, both terminal types require G.711 audio and H.261 video, so
a common mode always exists. The gateway has the characteristics of both an H.323
terminal on the H.323 network and the other terminal on the non–H.323 network it
connects.
Gatekeepers are aware of which endpoints are gateways because this is indicated
when the terminals and gateways register with the gatekeeper. A gateway may be
able to support several simultaneous calls between the H.323 and non–H.323
networks. In addition, a gateway may connect an H.323 network to a non–H.323
network. A gateway is a logical component of H.323 and can be implemented as
part of a gatekeeper or an MCU.
AT-RG 600 Residential Gateway – Software Reference Manual 371

Gatekeeper Characteristics
Gatekeepers provide call-control services for H.323 endpoints, such as address
translation and bandwidth management as defined within RAS. If they are present
in a network, however, terminals and gateways must use their services.
The H.323 standards both define mandatory services that the gatekeeper must
provide and specify other optional functionality that it can provide.
An optional feature of a gatekeeper is call-signaling routing. Endpoints send call-
signaling messages to the gatekeeper, which the gatekeeper routes to the destination
endpoints. Alternately, endpoints can send call-signaling messages directly to the
peer endpoints. This feature of the gatekeeper is valuable, as monitoring of the calls
by the gatekeeper provides better control of the calls in the network. Routing calls
through gatekeepers provides better performance in the network, as the gatekeeper
can make routing decisions based on a variety of factors, for example, load
balancing among gateways.
The services offered by a gatekeeper are defined by RAS and include address
translation, admissions control, bandwidth control, and zone management. H.323
networks that do not have gatekeepers may not have these capabilities, but H.323
networks that contain IP telephony gateways should also contain a gatekeeper to
translate incoming E.164 telephone addresses into transport addresses. A gatekeeper
is a logical component of H.323 but can be implemented as part of a gateway or
MCU.

AT-RG613, AT-RG623 and AT-RG656 Call Processes

The AT-RG613, AT-RG623 and AT-RG656 can communicate with the following
devices:
• Another terminal on the IP network, such as another AT-RG613, AT-RG623 and
AT-RG656.
• Any LAN H.323 endpoint on the IP network, for instance:
• a Soft Phone
• an IP phone directly connected to the IP network

• A PSTN phone or fax. However, the AT-RG613, AT-RG623 and AT-RG656 would
need to contact a PSTN gateway

Calls Involving Another Terminal

The following example (see Figure 20) illustrates how to reach a phone or fax on
another AT-RG613/AT-RG623TX terminal.
372 Chapter 16 – VoIP H323

H323 IP Phone

VoIP Network

Analog Phone Analog Phone

A B
(or Digital Phone) (or Digital Phone)

AT-RG613 AT-RG613
(or AT-RG623) (or AT-RG623)

H323 Gatekeeper

Figure 20. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone

A user makes a call with the phone connected to an AT-RG613/AT-RG623TX

Residential Gateway, which in turn contacts another AT-RG613/AT-RG623TX
Residential Gateway, which completes the connection to its locally attached phone.

Calls Involving a Terminal and a H.323 Endpoint

The following examples (see Figure 21) illustrate how a phone connected to an AT-
RG613/AT-RG623TX Residential Gateway can communicate with a LAN H.323
endpoint on the IP network.
Such endpoints could be:
• a Soft Phone
• an IP phone directly connected to the IP network
AT-RG 600 Residential Gateway – Software Reference Manual 373

H323 IP Phone

VoIP Network

Analog Phone Analog Phone

A B
(or Digital Phone) (or Digital Phone)

AT-RG613 AT-RG613
(or AT-RG623) (or AT-RG623)

H323 Gatekeeper

Figure 21. Phone --> AT-RG613/RG623 (A) --> H323 IP Phone

A user makes a call with the phone connected to an AT-RG613/AT-RG623TX

Residential Gateway, which reaches the corresponding LAN H.323 endpoint on the
IP network.

VoIP H323 Users

Introduction
The VoIP H323 subsystem on the AT-RG613, AT-RG623 and AT-RG656 Residential
gateways is based on the concept of users and access ports.
The following section describe users while Error! Reference source not found.
describes access ports.
Users are entities uniquely identified in the system by a name with an associated
phone number. A user's phone number represents the user's address on the local
system.
User definition is a mandatory step in the correct configuration of the VoIP H323
subsystem (see Figure 22).
374 Chapter 16 – VoIP H323

Default Configuration

H323 Signaling Protocol

Configuration

Access Port Creation

Users Creation

Access Port Config.

Users Binding

Incoming/
Outgoing Calls

Figure 22. VoIP H323 subsystem configuration - basic steps.

Users
The system is designed to support up to 100 users.
Users are defined by the VOIP H323 USER CREATE command.
Each user must have an associated a user number composed of an address number
and, optionally, an area code number if a complete E.164 number must be defined.

Note 1: In any given system there cannot exist two or more users with the same
area code and address.
In the any given it is valid to have two ore more users with the same address
but different area code or no area code at all.

Note 2: Users may inform the VoIP network about the location (IP address)
where they can be contacted by registering themselves on the gatekeeper
defined in the VOIP H323 USER CREATE command. In this way other
endpoints on the VoIP network can contact each user by simply using the user
address.

Note 3: All the users must use the same gatekeeper, i.e.it is not possible manage
simultaneously registrations on multiple gatekeepers.

If no gatekeeper is specified, a gatekeeper autodiscover procedure is initialized to

find a list of available gatekeepers.
To know the user's registration status use the VOIP H323 USER SHOW command.
AT-RG 600 Residential Gateway – Software Reference Manual 375

The user number used in the registration messages is the complete user number:
area code + address number.

users and access port

A user needs to be attached at least to one physical port in order to receive or to
make a call.
To attach a user to a physical port use the VOIP H323 USER ADD command.
When a user receives a call, only the access lines where the user is attached are
engaged by the communication.
The same user may be attached to more than one access port. In this case when it
receives the call all the lines where it is attached will be used to signal the incoming
call.
To know the physical port where a user is attached, use the VOIP H323 USER
SHOW command
Note that physical access ports don’t have their own fixed phone number. They
inherit the phone number from the user number of the attached users.
More than one user may be attached to the same physical access port and therefore
more than one phone number can be associated with the same physical access port.
If a user receive a call but the physical line where it is attached is already involved
in another communication (because it is being used by another user), the call is
rejected.
When an outgoing call (in the direction user to VoIP network) is made and more
than one user is attached on the access port being used to make the call, the identity
of the calling user is deemed to be the first user defined in the list of attached users.
To know which users are attached to a physical port, use the VOIP EP SHOW
command. All the local users belongs to the same domain.
When an access port is deleted from the system, all users previously attached are
removed from the port.
Removing a user from a port, using the VOIP H323 USER REMOVE command or
deleting the access port, results in an un-registration process from the gatekeeper
defined during user creation phase.
376 Chapter 16 – VoIP H323

VoIP H323 Command Reference

This section describes the commands available on the AT-RG613, AT-RG 623 and
AT-RG656 Residential Gateway to configure and manage the H323 protocol
signaling module.

VoIP h323 protocol CLI commands

The table below lists the VOIP H323 PROTOCOL commands provided by the CLI:

Command
VOIP H323 PROTOCOL DISABLE
VOIP H323 PROTOCOL ENABLE
VOIP H323 PROTOCOL SET MEDIAPORT
VOIP H323 PROTOCOL SET ALIAS
VOIP H323 PROTOCOL SET CONNECT
VOIP H323 PROTOCOL SET GATEKEEPER
VOIP H323 PROTOCOL SET NETINTERFACE
VOIP H323 PROTOCOL SET Q931PORT
VOIP H323 PROTOCOL SET RASPORT
VOIP H323 PROTOCOL SET REGISTRATION
VOIP H323 PROTOCOL SET RESPONSE
VOIP H323 PROTOCOL SET SECONDARYGATEKEEPER
VOIP H323 PROTOCOL SHOW

VOIP H323 PROTOCOL DISABLE

Syntax VOIP H323 PROTOCOL DISABLE

Description This command stops the VoIP H323 signaling protocol and releases all the resources
associated with it.:
• any analogue or digital port defined in the system is removed.
• any user defined in the system is deleted.
This command is typically used when it's necessary to change the VoIP signaling
protocol, i.e. from H323 to SIP.
To simply restart the H323 module, use the VOIP H323 PROTOCOL RESTART
command. It doesn't remove any resources defined under the voip main module.
To enable the H323 module, use the VOIP H323 PROTOCOL ENABLE command.

Example --> voip h323 protocol disable.

AT-RG 600 Residential Gateway – Software Reference Manual 377

See also VOIP H323 PROTOCOL RESTART

VOIP H323 PROTOCOL ENABLE.

VOIP H323 PROTOCOL ENABLE

Syntax VOIP H323 PROTOCOL ENABLE

Description This command turns on the H323 signaling module.

To bind the H323 module to a specific IP interface uset the VOIP H323 PROTOCOL
SET INTERFACE command.

Binding the H323 module to a specific IP interface defines the value of the
source IP address for signallng and voice packets.

The H323 module MUST be enabled in order to create/set analog/digital

ports, users and H323 gatekeeper.

By default, when the H323 module is started the following default values are used:
• q931port: 1720
• rasport: 1719

Example
--> voip h323 protocol enable

See also VOIP H323 PROTOCOL SHOW

VOIP H323 PROTOCOL DISABLE

VOIP H323 PROTOCOL SET ALIAS

Syntax VOIP H323 PROTOCOL SET ALIAS <alias>
• Description This command sets the user logical name used for
remote party calling, translated by the Gatekeeper to the network address

Options The following table gives the range of values for each option which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

The terminal alias used in H.225 registration
alias messages to identify the residential N/A
gateway.

Example --> voip h323 protocol set alias at-rg613-1.voip.atkk.com

378 Chapter 16 – VoIP H323

See also VOIP H323 PROTOCOL SHOW

VOIP H323 PROTOCOL SET CONNECT

Syntax VOIP H323 PROTOCOL SET CONNECT <secs>

Description This command sets response timeout value.

By default, when the H323 module is started using the VOIP H323 PROTOCOL
ENABLE command, the following default values are used:
• registration: 7200 secs
• response: 20 secs
• connect: 30 secs

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The interval time (expressed in seconds) for
which the system waits for CONNECT-
messages when a call is placed before
secs 30
tearing down the connection.
Acceptable value are from 10 to 5255
seconds.

Example --> voip h323 protocol set connect 60

See also VOIP H323 PROTOCOL SHOW

VOIP H323 PROTOCOL SET GATEKEEPER

Syntax VOIP H323 PROTOCOL SET GATEKEEPER <gk:port/id>

Description This command sets the primary gatekeeper.

Options The following table gives the range of values for each option which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

The hostname or IPv4 address of the
primary gatekeeper.
gk N/A
Primary-host can be a maximum of 256
chars long (when using hostname format).
The port on primary gatekeeper where
ipport 1719
H225 registration messages are sent.
AT-RG 600 Residential Gateway – Software Reference Manual 379

It's the gatekeeper identifier. Id can be 20 a

id N/A
maximum of 20 chars long

Example --> voip h323 protocol set gatekeeper 10.17.90.110

See also VOIP H323 PROTOCOL ENABLE

VOIP H323 PROTOCOL SHOW

VOIP H323 PROTOCOL SET NETINTERFACE

Syntax VOIP H323 PROTOCOL SET NETINTERFACE <interface_name>

Description This command sets the IP interface used to access the VoIP network.
Signaling and voice packets will use the Source IP address defined for the selected
interface.

Options The following table gives the range of values for each option which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

interface_name interface. To display interface names, use N/A
the IP LIST INTERFACES command.

Example --> voip h323 protocol set netinterface ip0

See also VOIP H323 PROTOCOL ENABLE

VOIP H323 PROTOCOL SHOW

VOIP H323 PROTOCOL SET Q931PORT

Syntax VOIP H323 PROTOCOL SET Q931PORT <ipport>

Description This command sets the UDP/TCP port on the Residential Gateway used to send and
receive signalling messages.

Options The following table gives the range of values for each option which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

The UDP/TCP port on the Residential
ipport Gateway used to send and receive 1720
signalling messages.

Example --> voip h323 protocol set q931port 1740

See also VOIP H323 PROTOCOL SET RASPORT

VOIP H323 PROTOCOL SHOW
380 Chapter 16 – VoIP H323

VOIP H323 PROTOCOL SET RASPORT

Syntax VOIP H323 PROTOCOL SET RASPORT <ipport>

Description This command sets the UDP/TCP port on the Residential Gateway used to send and
receive registration messages.

Options The following table gives the range of values for each option which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

The UDP/TCP port on the Residential
ipport Gateway used to send and receive 1719
registration messages.

Example --> voip h323 protocol set rasport 1739

See also VOIP H323 PROTOCOL SET Q931PORT

VOIP H323 PROTOCOL SHOW

VOIP H323 PROTOCOL SET REGISTRATION

Syntax VOIP H323 PROTOCOL SET REGISTRATION <secs>

Description This command sets registration timeout value.

By default, when the H323 module is started using the VOIP H323 PROTOCOL
ENABLE command, the following default values are used:
• registration: 7200 secs
• response: 20 secs
• connect: 30 secs

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The interval time (expressed in seconds)
between two consecutive registrations.
secs 7200
Acceptable value are from 10 to 10800
seconds.

Example --> voip h323 protocol set registration 3600

See also VOIP H323 PROTOCOL SET RESPONSE

VOIP H323 PROTOCOL SHOW
AT-RG 600 Residential Gateway – Software Reference Manual 381

VOIP H323 PROTOCOL SET RESPONSE

Syntax VOIP H323 PROTOCOL SET RESPONSE <secs>

Description This command sets response timeout value.

By default, when the H323 module is started using the VOIP H323 PROTOCOL
ENABLE command, the following default values are used:
• registration: 7200 secs
• response: 20 secs
• connect: 30 secs

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The interval time (expressed in seconds) for

which the system waits for ALERTING
messages when a call is placed before
secs 20
tearing down the connection.
Acceptable value are from 10 to 5255
seconds.

Example --> voip h323 protocol set response 40

See also VOIP H323 PROTOCOL SET REGISTRATION

VOIP H323 PROTOCOL SHOW

VOIP H323 PROTOCOL SET

SECONDARYGATEKEEPER
Syntax VOIP H323 PROTOCOL SET SECONDARYGATEKEEPER <gk:port/id>

Description This command sets the secondary gatekeeper.

Options The following table gives the range of values for each option which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

The hostname or IPv4 address of the
secondary gatekeeper.
gk N/A
Secondary-host can be a maximum of 256
chars long (when using hostname format).
The port on secondary gatekeeper where
ipport 1719
H225 registration messages are sent.
382 Chapter 16 – VoIP H323

It's the gatekeeper identifier. Id can be a

id N/A
maximum of 20 chars long

Example --> voip h323 protocol set secondarygatekeeper 10.17.90.111

See also VOIP H323 PROTOCOL ENABLE

VOIP H323 PROTOCOL SHOW

VOIP H323 PROTOCOL SHOW

Syntax VOIP H323 PROTOCOL SHOW

Description This command displays basic H323 module configuration parameters set by the
VOIP H323 PROTOCOL ENABLE command.

Example --> voip h323 protocol show

Gateway base protocol: H323

--------------------------------------------------------------
RAS port: 1719
Q931 port: 1720
Network interface: ip0
Gatekepeer:
192.168.1.110
Secondarygatekepeer: 192.168.1.111
Alias:
Timers:
Registration: 7200
Response: 20
Connect: 90

See also VOIP H323 PROTOCOL ENABLE

AT-RG 600 Residential Gateway – Software Reference Manual 383

VoIP H323 User Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to enable, configure and manage the VoIP H323
User module.

voip H323 user CLI commands

The table below lists the VOIP H323 USER commands provided by the CLI:
Command
VOIP H323 USER ADD
VOIP H323 USER CREATE
VOIP H323 USER DELETE
VOIP H323 USER LIST
VOIP H323 USER REMOVE
VOIP H323 USER SHOW

VOIP H323 USER ADD

Syntax VOIP H323 USER ADD <username> PORT <portname>

Description This command attaches a user created with the command VOIP H323 USER
CREATE to a named port created with the command VOIP EP CREATE.

H323 protocol:
As soon this command is entered, the registration phase starts to the Gatekeeper
specified in the VOIP H323 USER CREATE command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing user (it
can also be the ID value associated with the
username N/A
user name). To display the existing users,
use the VOIP H323 USER LIST command.
A name that identifies an existing port. To
portname display the existing ports, use the VOIP EP N/A
LIST command.

Example --> voip h323 user add MrBrown port fxs0

See also VOIP H323 USER ADD

VOIP H323 USER CREATE
384 Chapter 16 – VoIP H323

VOIP H323 USER DELETE

VOIP H323 USER LIST
VOIP H323 USER REMOVE
VOIP H323 USER SHOW
VOIP EP LIST

VOIP H323 USER CREATE

Syntax VOIP H323 USER CREATE <username> ADDRESS <DIGIT-MAP> [AREACODE
<area-number>]

Description This command creates a new entry in the users list. Each user must have a different
<username>. If the user already exists, an error message is raised.
This command is accepted only if the H323 module is already running. See the
VOIP H323 PROTOCOL ENABLE command to turn on the H323 module.
The username can be 16 characters in length; cannot start with a digit and cannot
contain dots '.' or slash symbols '/'.
This command doesn’t bind the user to a physical access port. In order to inform the
system that the user is attached to a specific physical port, the VOIP H323 USER
ADD command must be used.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the user.
The name must not be present already.
username N/A
The username can be a maximum of 16
characters long.
The phone number (E.164) used to reach the
digit-map user. N/A
The address can be 32 characters long.
The prefix number to be dialed before the
destination number. Valid characters are
area-number empty
only digits. The area number can be a
maximum of 10 digits long.

Example
--> voip h323 user create MrBrown address 12345

See also VOIP H323 USER ADD

VOIP H323 USER CREATE
VOIP H323 USER DELETE
VOIP H323 USER LIST
VOIP H323 USER REMOVE
VOIP H323 USER SHOW
VOIP EP LIST
AT-RG 600 Residential Gateway – Software Reference Manual 385

VOIP H323 USER DELETE

Syntax VOIP H323 USER DELETE <username>

Description This command deletes a single user created using the VOIP H323 USER CREATE
command.
To show the list of existing users, use the VOIP H323 USER LIST command.
As soon this command is entered, the deregistration phase starts to the Gatekeeper;
removing the user from the user list on the server.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing user (it

can also be the ID value associated with the
username N/A
user name). To display the existing users,
use the VOIP H323 USER LIST command.

Example --> voip h323 user delete MrBrown

See also VOIP H323 USER ADD

VOIP H323 USER CREATE
VOIP H323 USER DELETE
VOIP H323 USER LIST
VOIP H323 USER REMOVE
VOIP H323 USER SHOW
VOIP EP LIST

VOIP H323 USER LIST

Syntax VOIP H323 USER LIST

Description This command lists information about users that were added using the VOIP H323
USER CREATE command. The following information is displayed:
• user ID numbers
• user names
• Area Codes
• Addresses

Note: If the user name is longer than 32 chars, the name is shown in a short
format (only the initial part of the name is displayed). To show the full name use
the VOIP EP USER SHOW command, specifying the user ID instead of user
name.
386 Chapter 16 – VoIP H323

Example
--> voip h323 user list

ID | Name | Area Code | Address

---- |------------|------------------|------------------------------------
1 | MrBrown | | 12345
---- |------------|------------------|------------------------------------

See also VOIP H323 USER ADD

VOIP H323 USER CREATE
VOIP H323 USER DELETE
VOIP H323 USER LIST
VOIP H323 USER REMOVE
VOIP H323 USER SHOW
VOIP EP LIST

VOIP H323 USER REMOVE

Syntax VOIP H323 USER REMOVE <username> PORT <name>

Description This command remove a single user from the port where it was added with the
VOIP H323 USER ADD command.
Removing a user from a port results in an deregistration request to the Gatekeeper
specified in the VOIP H323 USER CREATE command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing user (it

canalso be the ID value associated with the
username N/A
user name). To display the existing users,
use the VOIP H323 USER LIST command.
A name that identifies an existing port. To
portname know the ports where the user is added, use N/A
the VOIP H323 USER SHOW command.

Example --> voip h323 user remove MrBrown port fxs0

See also VOIP H323 USER ADD

VOIP H323 USER CREATE
VOIP H323 USER DELETE
VOIP H323 USER LIST
VOIP H323 USER REMOVE
VOIP H323 USER SHOW
VOIP EP LIST
AT-RG 600 Residential Gateway – Software Reference Manual 387

VOIP H323 USER SHOW

Syntax VOIP H323 USER SHOW <username>

Description This command displays the following information about a named user:
• Address
• Area Code
• State
• Attached ports

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing user. To

username display the existing users, use the VOIP N/A
H323 USER LIST command.

Example --> voip h323 user show MrBrown

Gateway user: MrBrown

------------------------------------------------------
Address: 10
Area Code (AC): 1
State: registered (expire time: 2739 Sec.)
Attached ports: fxs0

See also VOIP H323 USER ADD

VOIP H323 USER CREATE
VOIP H323 USER DELETE
VOIP H323 USER LIST
VOIP H323 USER REMOVE
VOIP H323 USER SHOW
VOIP EP LIST
388 Chapter 16 – VoIP H323

VoIP H323 FDB Command Reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to configure and manage the FDB module.

voip h323 fdb CLI commands

The table below lists the VOIP H323 FDB commands provided by the CLI:

Command

VOIP H323 FDB CREATE

VOIP H323 FDB DELETE
VOIP H323 FDB LIST
VOIP H323 FDB SHOW

VOIP H323 FDB CREATE

Syntax VOIP H323 FDB CREATE <name> ADDRESS <digit-map> CONTACT <host:port>
[FWADDRESS <tel-number>]

Description This command creates a new entry in the forwarding database (FDB).
ADDRESS is the called address expected to be received from the calling end-point in
order to forward the call to the CONTACT. It can be also a digit-map if an address
pool must be forwarded to a specific host address.
CONTACT is the host reference where the call is forwarded.
The FWADDRESS replaces the destination address of the call. It is optional and it is
used to make a short selection rule (e.g. dialed number 01 corresponds to
00390224141121)

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies this

specific fdb rule. The name must not be
name present already. N/A
The fdb name can be a maximum of 16
characters long.
The called user address (i.e. phone number)
expected to be received.
digit-map It can be a digit map expression N/A
The digit-map can be a maximum of 32
chars long.
AT-RG 600 Residential Gateway – Software Reference Manual 389

The hostname or IPv4 address of the remote

end-point where call must be routed.
contact-host N/A
Contact-host can be a maximum of 256
chars long (when using hostname format).
The UDP/TCP port on the contact host to
port 5060
which signalling messages are sent.
Is the new number to which the call is
tel-number N/A
redirected.

Example
--> voip h323 fdb create default address 9x. contact 192.168.1.10

See also VOIP H323 FDB LIST

VOIP H323 FDB SHOW

VOIP H323 FDB DELETE

Syntax VOIP H323 FDB DELETE <name>

Description This command deletes a single fdb entry created using the VOIP H323 FDB
CREATE command.
To show the list of existing FDB entries, use the VOIP H323 FDB LIST command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name (or the ID value) that identifies an
existing user in the forwarding database. To
name N/A
display the existing FDB entries, use the
VOIP H323 FDB LIST command.

Example --> voip h323 fdb delete default

See also VOIP H323 FDB CREATE

VOIP H323 FDB LIST

VOIP H323 FDB LIST

Syntax VOIP H323 FDB LIST

Description This command lists information about FDB entries added using the VOIP H323 FDB
CREATE command.
The following information is displayed:
• FDB entry ID numbers
• FDB entry names
390 Chapter 16 – VoIP H323

• FDB entry Address

Note: If an fdb name is longer than 32 chars, the name is shown in a short
format (only the initial part of the name is displayed). To show the full name use
the VOIP H323 FDB SHOW command, specifying the user ID instead of user
name.

Example --> voip h323 fdb list

Gateway forwarding database:

ID | Name | Address
----|------------|---------------------
1 | pstn | 9x.
---------------------------------------

See also VOIP H323 CREATE

VOIP H323 SHOW

VOIP H323 FDB SHOW

Syntax VOIP H323 SHOW <name>

Description This command lists information about a named FDB entry added to the forwarding
data base using the VOIP H323 FDB CREATE command. The following information
is displayed:
• Address
• Contact

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name (or the ID value) that identifies an
existing user in the forwarding database. To
name N/A
display the existing FDB entries, use the
VOIP H323 FDB LIST command.

Example --> voip h323 fdb show MrJohn

Gateway forwarding database entry: MrJohn

----------------------------------------------
Address: 2010
Contact: 10.17.90.51

See also VOIP H323 FDB LIST

AT-RG 600 Residential Gateway – Software Reference Manual 391

Chapter 17

VoIP MGCP

Introduction

The MGCP (Media Gateway Control Protocol) is a protocol that assumes a call
control architecture where the call control "intelligence" is outside the gateways and
handled by external call control elements, the call agent. MGCP assumes that the
gateways have limited storage and functionality.
So, two are the MGCP entities: Call Agent (Media Gateway Controller MGC) which
handles the call control “intelligence”, that means the call signaling and the call
processing functions; and the Media Gateway (MG) that provides conversion
between the audio signals carried on telephone circuits and data packets carried
over Internet or packets networks and expects to execute command sent by the Call
Agent.

MGCP is a master/slave protocol; while the call agent is mandatory and manages
the calls and conferences and supports the services provided, the endpoint is
unaware of the calls and conferences and does not maintain call states, it’s simply
expected to execute commands sent by the call agent.

Connections & Endpoints

MGCP introduces the concepts of connections and endpoints for establishing end-
to-end voice paths and the concepts of events and signals for establishing and
tearing down calls.

Endpoints are sources or sinks of data and can be physical or virtual. Physical
endpoint creation requires hardware installation while software is sufficient for
creating a virtual endpoint. An interface on a gateway that terminates a trunk
392 Chapter 17 – VoIP MGCP

connected to a PSTN switch is an example of a physical endpoint. An audio source

in an audio-content server is an example of a virtual endpoint.
Connections may be either point-to-point or multipoint. A point-to-point connection
is an association between two endpoints for transmitting data between these
endpoints. Once this association is established for both endpoints, data transfer
between these endpoints can take place. A multipoint connection is an association
among multiple endpoints for transmitting data among these endpoints.
Connections can be established over several types of bearer networks:

• Transmission of audio using RTP and UDP over a TCP/IP network.

• Transmission of audio over an ATM network.

The call agent uses MGCP to provision the gateways with the description of
connection parameters such as IP addresses, UDP port and RTP profiles. These
descriptions follow the conventions delineated in the Session Description Protocol
(SDP) which is now an IETF proposed standard, documented in RFC 2327. The use
of SDP facilitates interoperability with the Session Initiation Protocol (SIP).
The control primitives for MGCP operations are Signals sent from the call Agent to
the gateway, and Events sent from the Gateway to the Call agent. The concepts of
Signals and Events are used for establishing and tearing down calls.
Operations are performed by applying Signals TO, and detecting Events FROM
endpoints. A Call agent initiates transactions to manage/configure Endpoint using
MGCP commands. Endpoint sends responses Call agent transaction requests using
either a notification or restart command.
The concepts of events and signals are central to MGCP. A call agent may ask to be
notified about certain events occurring in an endpoint, e.g. off-hook events, and a
call agent may request certain signals to be applied to an endpoint, e.g. dial-tone.
Events and signals are grouped in packages. Packages are groupings of the events
and signals supported by a particular type of endpoint. For instance, one package
may support a certain group of events and signals for analog access lines, and
another package may support another group of events and signals for MF trunks.
Digits, or letters, are supported in many packages. Digits include numbers between
0 and 9. Letters may include the asterisk "*", the pound sign "#" and others. The call
agent can ask a gateway to detect a set of digits or letters either by individually
describing those letters, or by using the "range" notation defined in the syntax of
digit strings.
Signals and Events needed to support a specific telephony function or type of
endpoint are grouped into Event/Signal Packages. Example packages defined in the
MGCP specification include:

• Generic Media Package

• DTMF Package

• Trunk package

• Link package

• Handset package
AT-RG 600 Residential Gateway – Software Reference Manual 393

• RTP package

• Announcement server package

MGCP Protocol Commands

There are eight commands in the protocol: NotificationRequest, Notify,

CreateConnection, ModifyConnection, DeleteConnection, AuditEndpoint,
AuditConnection and RestartInProgress.

NotificationRequest
The NotificationRequest command is used by the call agent for requesting from a
gateway to be notified upon the occurrence of specified events in an endpoint. For
example, a notification may be requested for the event that a gateway detects that an
endpoint is going off hook. A list of potential events includes: off hook transition, on
hook transition, flash-hook, MF incoming seizure detected, continuity tone detected
etc.
The call agent can also request that the gateway collect the dialed digits. The
NotificationRequest allows the call agent to download a specific dialing plan to the
gateway to be used for collecting the digits.
A call agent also includes a unique identifier in the NotificationRequest that will be
included by the gateway in the gateway’s Notify message when the requested event
actually occurs. This identifier is used for tying the NotificationRequest to the
Notify message that will be sent by the gateway.

Notify
Notifications are sent by the gateway via the Notify command in response to a
NotificationRequest sent by the call agent to the gateway. The gateway includes in
the Notify command a list of the events it observed. The Notify command includes
the unique identifier that was sent by the call agent to the gateway in the
NotificationRequest command.

CreateConnection
The call agent uses the CreateConnection command for binding an endpoint to a
specific IP address and UDP port. Another CreateConnection request for the remote
endpoint is necessary for creating an end-to-end connection with two endpoints.
The CreateConnection request specifies a CallId that will be used for identifying the
call or session to which this connection belongs. More than one connection may
actually share the same CallId. The CreateConnection request also specifies the
endpoint to be used for this connection and the parameters to be used for the
connection. These parameters may include for example voice encoding, and
394 Chapter 17 – VoIP MGCP

compression parameters. The call agent also specifies the mode of the connection.
The mode may be "send," "receive," send/receive," "conference," "inactive," "data,"
"loopback," continuity test," "network loopback" or "network continuity test."
The CreateConnection request from the call agent may include a description of the
remote side of the connection on the IP network i.e. parameters of the connection
like encoding, but also IP address UDP port. The remote connection description may
be unspecified in some CreateConnection requests. This occurs because the call
agent needs to send two CreateConnection requests for creating an end-to-end
connection. When the first CreateConnection request is sent the call agent doesn’t
yet know the remote connection descriptor. This information may be provided later
via a ModifyConection request.
A CreateConnection request may also include the parameters normally included in
a NotificationRequest. This allows the call agent to send a CreateConnection and a
NotificationRequest combined in one CreateConnection message. This improves the
performance of the protocol.
When the gateway acknowledges the CreateConnection request it also sends to the
call agent a ConnectionId that uniquely identifies the connection with in an
endpoint and local connection information about the IP address and UDP port it
selected. The call agent can potentially select those but the gateway may be sharing
those resources for other functions and it is preferable that the gateway does the
selection.

ModifyConnection
The Call Agent uses the ModifyConnection command for changing the parameters
associated with a previously established connection. The parameters in the
ModifyConnection command are the same as in a CreateConnection request. The
ConnectionId is provided by the call agent to the gateway in a ModifyConnection
request.
The ModifyConnection can be used for:
• Providing information about the other end of the connection through the
remote connection descriptor
• Activating or deactivating a connection
• Changing the parameters of a connection.

DeleteConnection
The call agent can use the DeleteConnection command to delete an existing
connection. When the gateway acknowledges a DeleteConnection request, it
includes a list of parameters about the status of the connection in the response.
These parameters include: numbers of packets and octets sent, number of packets
and octets received, number of packets lost, inter-arrival jitter and average
transmission delay.
The DeleteConnection command may also be sent by a gateway to the call agent for
indicating that a connection can no longer be sustained.
AT-RG 600 Residential Gateway – Software Reference Manual 395

AuditEndpoint
The AuditEndpoint command can be used by the call agent for getting details about
the status of an endpoint or a list of endpoints. The information that can be audited
by the Call Agent includes: requested events, dialing plan and connection
identifiers. The response of the gateway includes all the requested information.

AuditConnection
The AuditConnection can be used by the call agent for retrieving information
related to a specific connection of an endpoint identified by a ConnectionId. The
information that can be retrieved includes: call id, local and remote connection
descriptors, local connection parameters and the mode of the connection. The
response of the gateway to the AuditConnection request includes all the requested
information.

RestartInProgress
The RestartInProgress command is used by the gateway to signal that an endpoint,
or a group of endpoints, is taken in or out of service. The parameters of the
RestartInProgress message indicate the group of endpoints that the message applies
to. The RestartInProgress method also includes a parameter that specifies the type of
restart:
o Graceful restart indicates that the endpoints will be taken out of service after
a specified delay
o Forced restart indicates that the endpoints are taken immediately out of
service
o Restart indicates that the service will be restored after the specified delay
396 Chapter 17 – VoIP MGCP

MGCP Command reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to configure and manage the MGCP protocol
module.

MGCP commands
The table below lists the mgcp commands provided by the CLI:

Command
VOIP MGCP PROTOCOL DISABLE
VOIP MGCP PROTOCOL ENABLE
VOIP MGCP PROTOCOL RESTART
VOIP MGCP PROTOCOL SET DEFAULTPORT
VOIP MGCP PROTOCOL SET MAXRETRANSMITIONTIME
VOIP MGCP PROTOCOL SET NAT
VOIP MGCP PROTOCOL SET NETINTERFACE
VOIP MGCP PROTOCOL SET PIGGYBACK
VOIP MGCP PROTOCOL SET PROFILE
VOIP MGCP PROTOCOL SET ROUNDTRIPTIME
VOIP MGCP PROTOCOL SHOW
VOIP MGCP CALLAGENT CREATE
VOIP MGCP CALLAGENT DELETE
VOIP MGCP CALLAGENT LIST

VOIP MGCP PROTOCOL DISABLE

Syntax VOIP MGCP PROTOCOL DISABLE

Description This command stops the VoIP MGCP signalling protocol and releases all the
resources associated to it.:
This command is typically used when it's necessary to change the VoIP signalling
protocol, i.e. from MGCP to SIP to H323.
To simply restart the MGCP module, use the VOIP MGCP PROTOCOL RESTART
command. It doesn't remove any resources defined for the protocol.
To enable the MGCP module, use the VOIP MGCP PROTOCOL ENABLE
command.

Example --> voip mgcp protocol disable

AT-RG 600 Residential Gateway – Software Reference Manual 397

See also VOIP MGCP PROTOCOL RESTART

VOIP MGCP PROTOCOL ENABLE.

VOIP MGCP PROTOCOL ENABLE

Syntax VOIP MGCP PROTOCOL ENABLE

Description This command turns on the MGCP signaling module.

To bind the MGCP module to a specific IP interface use the VOIP MGCP
PROTOCOL SET NETINTERFACE command.

Binding the MGCP module to a specific IP interface defines the value of

the source IP address for signallng and voice packets.

Example
--> voip mgcp protocol enable

See also VOIP MGCP PROTOCOL SHOW

VOIP MGCP PROTOCOL DISABLE

VOIP MGCP PROTOCOL RESTART

Syntax VOIP MGCP PROTOCOL RESTART

Description This command restarts the VoIP MGCP signaling protocol module.
Any pending and active calls are released.
This command doesn't release any resources previously created during module
configuration.

Example --> voip mgcp protocol restart

See also VOIP MGCP PROTOCOL ENABLE

VOIP MGCP PROTOCOL SET DEFAULTPORT

Syntax VOIP MGCP PROTOCOL SET DEFAULTPORT <ipport>

Description This command sets the default listening/sending port used for MGCP signaling
messages.
By default, when the MGCP module is attached to an IP interface using theVOIP
MGCP PROTOCOL SET NETINTERFACE command, the following default value is
used:
• defaultport: 2427
398 Chapter 17 – VoIP MGCP

Changing the signaling port causes the MGCP module to restart.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

UDP/TCP port number used for signalling
messages.
ipport 2427
Available values are from 1026 to 65534.
Only even values can be accepted

Example --> voip mgcp protocol set defaultport 2427

See also VOIP MGCP PROTOCOL ENABLE

VOIP MGCP PROTOCOL SET NAT

Syntax VOIP MGCP PROTOCOL SET NAT {NONE | <host> }

Description This command sets the NAT host reference. Any MGCP message with local
reference is hidden by the NAT address value.

Changing the NAT reference causes the MGCP module to restart.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The address that must displayed in the
MGCP messages.
It can be expressed in hostname format or
host None
IPv4 format.
A Hostname can be a maximum of 255
characters long.

Example --> voip mgcp protocol set nat 10.17.90.110

--> voip mgcp protocol set nat at-rg600.voip.atkk.com

See also VOIP MGCP PROTOCOL ENABLE

VOIP MGCP PROTOCOL SET NETINTERFACE

Syntax VOIP MGCP PROTOCOL SET NETINTERFACE <interface_name>

Description This command sets the IP interface used to access the VoIP network.
AT-RG 600 Residential Gateway – Software Reference Manual 399

• Signaling and voice packets will use the Source IP address defined for the
selected interface.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

A name that identifies an existing IP

interface_name interface. To display interface names, use N/A
the IP LIST INTERFACES command.

Example --> voip MGCP protocol set netinterface ip0

See also VOIP MGCP PROTOCOL ENABLE

VOIP MGCP PROTOCOL SET PROFILE

Syntax VOIP MGCP PROTOCOL SET PROFILE <profile>

Description This command sets specific customer MGCP call agent profile. This command is
used to fix interoperability constraints when the MGCP module has to work with
call agent that could differer from a standard implementation.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The specific customer call-agent type.
profile Possible values are: none
ags, gb, marconi, ncs, sphere and none.

Example --> voip mgcp protocol set profile ags

VOIP MGCP PROTOCOL SHOW

Syntax VOIP MGCP PROTOCOL SHOW

Description This command displays basic MGCP module configuration parameters set by the
VOIP MGCP PROTOCOL ENABLE command.

Example --> voip mgcp protocol show

Gateway base protocol: MGCP

---------------------------------------------------------
Profile: sphere
Supported packages: Basic, Generic Media,
DTMF, Line
Piggy-Back: Enable
400 Chapter 17 – VoIP MGCP

Network interface: ip0

Default port: 2427
NAT: None
Round-trip time: 10000 msecs.
Maximum re-transmition time: 30 secs.
Network loss rate: 0 %

See also VOIP MGCP PROTOCOL ENABLE

VOIP MGCP CALLAGENT CREATE

Syntax VOIP MGCP CALLAGENT CREATE <name> CONTACT <host >

Description This command set the call agent address. More than one call agent can be defined to
increas system robustness in case of server failure.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

An arbitrary name that identifies the call

agent. The name must not be present
already.
name The name can be a maximum of 16 N/A
characters long; cannot start with a digit
and cannot contain dots '.' or slash symbols
'/'.
The hostname or IPv4 address of the call
host agent. Host can be a maximum of 256 chars N/A
long (when using hostname format).

Example
--> voip mgcp callagent create default contact 192.168.102.3

See also VOIP MGCP CALLAGENT LIST

VOIP MGCP CALLAGENT DELETE

VOIP MGCP CALLAGENT DELETE

Syntax VOIP MGCP CALLAGENT DELETE <name>

Description This command deletes a previously defined call agent created using the VOIP
MGCP CALLAGENT CREATE command.
To show the list of existing CALLAGENT entries, use the VOIP MGCP
CALLAGENT LIST command.

Options The following table gives the range of values for each option which can be specified
AT-RG 600 Residential Gateway – Software Reference Manual 401

with this command and a default value (if applicable).

Option Description Default Value

A name (or the ID value) that identifies an
existing call agent. To display the existing
name N/A
calla agent entries, use the VOIP MGCP
CALLAGENT LIST command.

Example --> voip mgcp callagent delete default

See also VOIP MGCP CALLAGENT CREATE

VOIP MGCP CALLAGENT LIST

VOIP MGCP CALLAGENT LIST

Syntax VOIP MGCP CALLAGENT LIST

Description This command lists information about CALLAGENT entries added using the VOIP
MGCP CALLAGENT CREATE command.
The following information is displayed:
• Call agent ID numbers
• Call agent names

Note: If a call agent name is longer than 32 chars, the name is shown in a short
format (only the initial part of the name is displayed).

Example --> voip sip fdb list

Gateway call-agents:

ID | Name | Master | Contact

-----|------------|----------|---------------------
1 | default | true * | 172.39.1.201
---------------------------------------------------

See also VOIP MGCP CALLAGENT CREATE

VOIP MGCP CALLAGENT SHOW
402 Chapter 18 – VoIP Media and QoS

Chapter 18

VoIP QoS and Media

Introduction
SIP and H323 VoIP signalling protocols typically make use of unreliable transport
protocols like UDP to transfer media information as voice packets. This
transportwasn’t originally designed to transport data for real time applications.
In a multiapplication network environment were traffic typology can be very
variable, real time applications can suffer packet delay and latency due to
overloading of network devices. This candegrade the voice quality (and video)
received from the end user.
On the AT-RG613, AT-RG623 and AT-RG656 Residential Gateway it's possible to
assign to the voice/video media packets a high Quality Of Service value in order to
force routers and switches to forward these packets with higher priority compared
to the other type of packets simultaneously passing through the same network
devices.

QoS
To assign a specific priority to the originated voice packets, it's possible to specify
the DSCP field value or TOS field value inside the UDP packets used to tranport
voice streams and voice signalling.

The command VOIP QOS SET DSCP is used to set the DSCP value while the VOIP
QOS SET TOS command is used to set the TOS value.

DSCP and TOS are mutually esclusive because they refers to the same IP Header
field using only a different number of bits (3 bits in case of TOS, 6 bits in case of
DSCP) and assigning different packet classification accordingly to the TOS or DSCP
value.
AT-RG 600 Residential Gateway – Software Reference Manual 403

Media
AT-RG613, AT-RG623 and AT-RG656 can be configured to use a specific pool of
ports for media transport.
In this way it is always well known which ports are being used by the system,
making it possible to open the correct firewall ports when media packets must cross
security interfaces.
To configure the RTP pool ports, set the starting port number and the port range
using VOIP MEDIA SET PORTRANGE command. The ports specified by this
command are the RTP ports used as Source Port for outgoing packets and also they
are the ports where incoming RTP packets are expected to be received.
RTCP is also supported as a configurable parameter used to control RTP session.

It's also possible set the Residential Gateway to detect if an incoming RTP flow is
still present or not (e.g. the other end-point was abruptly disconnected or network
has critical problems) forcing the call release if no RTP packet flow has been
detected for the current call for a time longer than the specified observation period.
404 Chapter 18 – VoIP Media and QoS

VoIP QoS Command Reference

This section describes the commands available on the AT-RG613, AT-RG 623 and
AT-RG656 Residential Gateway to configure and manage the VoIP QoS module.

VoIP QoS CLI commands

The table below lists the VOIP QOS commands provided by the CLI:

Command

VOIP QOS SET DSCP

VOIP QOS SET TOS
VOIP QOS SHOW

VOIP QOS SET DSCP

Syntax VOIP QOS SET {DSCP <dscp-code> | NONE}

Description This command sets the value of the dscp field in the IP header of RTP voice packets.

To disable DSCP support (i.e. remove any previous configuration perfomed on

DSCP field on signalling and speech packes) use the VOIP QOS SET NONE
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The value of dscp field. Acceptable value are
dscp-code none
from 0 to 63

Example --> voip qos set dscp 24

See also VOIP QOS SET TOS

VOIP QOS SET TOS

Syntax VOIP QOS SET {TOS <tos-code> | NONE}

Description This command sets the value of the tos field in the IP header of RTP voice packets.
AT-RG 600 Residential Gateway – Software Reference Manual 405

To disable TOS support (i.e. remove any previous configuration perfomed on

TOS field on signalling and speech packes) use the VOIP QOS SET NONE
command.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The value of tos field. Acceptable value are
tos none
from 0 to 7

Example --> voip qos set tos 4

See also VOIP QOS SET DSCP

VOIP QOS SHOW

Syntax VOIP QOS SHOW

Description This command shows the value of DSCP and TOS fields used in the IP header of
RTP voice packets.

Example --> voip qos show

Gateway Quality of Service:
-------------------------------------
QOS (DSCP): 24
(TOS): none

See also VOIP QOS SET DSCP

VOIP QOS SET TOS
406 Chapter 18 – VoIP Media and QoS

VoIP Media Command Reference

This section describes the commands available on the AT-RG613, AT-RG 623 and
AT-RG656 Residential Gateway to configure and manage the VoIP Media module.

VoIP Media CLI commands

The table below lists the VOIP MEDIA commands provided by the CLI:

Command

VOIP MEDIA SET PORTRANGE

VOIP MEDIA SET RTCP
VOIP MEDIA SET SESSIONTIMEOUT
VOIP MEDIA SHOW

VOIP MEDIA SET PORTRANGE

Syntax VOIP MEDIA SET PORTRANGE {ANY | <ipport/n-ports> }

Description This command sets the port pool available for media transport. Ports are
dynamically allocated in pairs to support new connections; the odd-numbered port
is reserved for RTCP. If the port pool is sold out, new sessions will be refused for
lack of available resource.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

any any sets the default port range
ipport is theUDP/TCP port number being
ipport set. The range is 1026 to 65534. The value 50600
specified must be an even number..
n-ports are the number of ports. The range is
n-ports 2 to 32 .; The value specified has to be an 32
even number.

Example --> voip media set portrange 50500/12

See also VOIP MEDIA SET RTCP

VOIP MEDIA SET RTCP

Syntax VOIP MEDIA SET RTCP {OFF | ON }
AT-RG 600 Residential Gateway – Software Reference Manual 407

Description This command enables RTCP.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

off Turn off the RTCP support. off

on Enable the RTCP support.

Example --> voip media set rtcp on

See also VOIP MEDIA SET DSCP

VOIP MEDIA SET SESSIONTIMEOUT

Syntax VOIP MEDIA SET SESSIONTIMEOUT <mins>

Description This command sets the maximum timeout interval used to detect a fail in the
incoming RTP speech packets. If no RTP packet is received on the UDP port used by
the active call for a time longer than the SESSIONTIMEOUT value, the other
endpoint is considered disconnected and the active call is released.

Options The following table gives the range of values for each option which can be specified
with this command and a default value (if applicable).

Option Description Default Value

The SESSIONTIMEOUT value expressed in

minutes.
Available values are form 0 mins to 1440
min 0
mins (24 hours).
0 mins is equivalent to disable the
SessionTimeOut feature.

Example --> voip media set sessiontimeout 1

See also VOIP MEDIA SHOW

VOIP MEDIA SHOW

Syntax VOIP MEDIA SHOW

Description This command shows the media values defined by the VOIP MEDIA SET
PORTRANGE or VOIP MEDIA SET RTCP commands.

Example --> voip media show

Gateway Media:
----------------------------------------------
Port range: 50600/32
RTCP enable: on
408 Chapter 18 – VoIP Media and QoS

RTP session time-out: 1 Mins.

See also VOIP MEDIA SET PORTRANGE

VOIP MEDIA SET RTCP
VOIP MEDIA SET SESSIONTIMEOUT
AT-RG 600 Residential Gateway – Software Reference Manual 409
410 Chapter 19 - ZTC

Chapter 19

ZTC

Introduction
Wide Area Networks consist of a lot of components (hubs, switches, routers,
residential gateways, set top boxes, PCs) that need to be configured.
The number of components can be very high and often the configuration of these
devices to get them up and running requires a lot of work for network
administrators.
As a result, network administrator operations can be very expensive and in-field
configuration takes a lot of time.
The Zero Touch Configurator (ZTC) is a tool designed to enable a network
administrator to configure and manage network devices remotely and automatically
without end-user intervention.
The Zero Touch Configuration is able to update image software and unit
configuration on multiple devices simultaneously, so administrators can avoid
having to connect to each device separately and repeat the same sequence of actions
for each of them.

Functional blocks
The ZTC is a component-based application, which consists of different logical blocks
that can be distributed on independent runtime environments or machines (see
Figure 23).
AT-RG 600 Residential Gateway – Software Reference Manual 411

RMI
ZTC Shell

HTTP ZTC Web RMI LDAP

ZTC Server LDAP Server
Interface

RMI
WEB Browser

TFTP plugin file system

TFTP
TFTP Server

ZTC Client

Figure 23. ZTC network architecture.

ZTC Network Architecture

The ZTC Network Architecture consists of the following parts:
• An LDAP directory service in which data is stored.
• The ZTC Server, that contains all the application logic for:
• User authentication and authorisation
• Data consistency and syntax checking when requesting to add a new device
configuration
• Application logic for creating new configuration scripts
• Application logic to execute commands on the device
• Data Access Object layer to access the data tier
• Several protocols for supporting different kind of clients

• The ZTC WEB Interface. This application lest users interact with the ZTC Server.
Through this interface they can view or update existing configurations, or add
new ones.
• The ZTC Embedded Client. This client is installed on the devices to communicate
with the ZTC Server. Typically, the devices connect to ZTC Server to perform the
following operations:
• Communicate their actual configuration to ZTC Server
• Download, if existing, new configurations from ZTC Server

• The ZTC Shell can be created for testing, not for operational use. Through the
ZTC-Shell, all the main operations can be performed (read, write, user
management). It’s possible to access the ZTC-Server from the ZTC-Shell.
The components of ZTC are independent, and they can run on different machines
and platforms, in a three-tiered architecture fashion.
412 Chapter 19 - ZTC

The core of the application is the ZTC Server. It manages the dialogue with the
directory service backend and performs all operations on data. The ZTC WEB
Interface, used to interact with the ZTC Server, is decoupled from the ZTC server,
and can run on different machines.

ZTC Client
The ZTC Embedded Client, or, shortly, the ZTC Client, is the module running on
the Residential Gateway in charge to communicate with the ZTC server.
ZTC client works accordingly to the so-called "Configuration PULL" method. ZTC
Client is in charge to contact the ZTC server passing the current configuration, the
unit identifier and retrieves the new configuration if necessary. ZTC server has the
responsibility to allow the download only of the correct configuration file
depending on the unit identifier (the unit MAC address) and on the configuration
rules defined inside the ZTC Server.
The following three ZTC Client – ZTC Server communication phases are possible:
• Pull-at-startup – This phase is executed when the unit startup.
• Scheduled-pull. - This phase is executed every time the ztcclient polling timeout
expires.
ZTC Client and ZTC Server communicate through TFTP protocol.
The ZTC server IP address con be configured in the ZTC client module in two ways:
statically or dynamically.
• When a static configuration is used, the ZTC Server IPv4 address is defined
explicitly using the ztcclient enable static ztcserveraddr command. This command
set the server IP address that will be used by all the next queries and also turns on
the ztcclient module forcing the module to query the server to retrieve the unit
configuration file.
• When a dynamic configuration is used, the ZTC client module is bind to an
existing IP interface using the ztcclient enable dynamic listeninterface command.
In this way the ZTC client module uses the facilities offered by the dhcpclient
module to force the IP interface to ask to an external DHCP server the ZTC Server
address. When the ZTC client needs to know the ZTC Server address, a DHCP
request is generated by the IP interface requesting a value for option 67 "bootfile-
name". The ZTC Client module as ZTC Server IP address uses the value returned
by the DHCP server for option 67.
Similarly to the static configuration, ztcclient enable dynamic listeninterface
command turns on the ztcclient module forcing the module to query the server to
retrieve the unit configuration file.

ZTC client can be enabled dynamically only if the IP interface where it is

bind, it's a dynamic IP interface. Attempting to enable ZTC client module
dynamically on a static IP interface results is an error.
AT-RG 600 Residential Gateway – Software Reference Manual 413

Storing Unit Configuration

The configuration file downloaded from ZTC server is never stored permanently
into the unit flash file system. This solution prevents memory flash failure when too
many write requests are executed.
If the unit restarts, it loses the previous downloaded configuration and starts from
the bootstrap configuration. This behavior allows network administrator to control
the unit configuration based only on the configuration file defined by the ZTC
server framework.
When ZTC Client is enabled, the current running configuration is the result of the
bootstrap configuration plus the unit configuration downloaded from ZTC server.
Any action that save permanently the configuration (e.g. the system configuration save
command) could change the bootstrap configuration file and therefore the resulting
configuration when ZTC Client runs could be unpredictable.

When ZTC client is enabled, the CLI is locked. To unlock it, press the "+"
key. Unlocking the CLI stops the ZTC client module.

Pull-at-startup
Figure 24 shows the Pull-at-startup phase executed by the ZTC client module when
the Residential Gateway boostraps.
• Considering a scenario where ZTC Client is bind to a dynamic IP interface,
during the bootstrap process, the Residential Gateway uses the facilities provided
by the DHCP client module to setup the IP interface configuration.
• The dynamic IP interface receives the new network configuration and the ZTC
server address in the "bootfile-name" DHCP option.
• As soon the network is configured, the ZTC Client runs.
• The ZTC Client contacts the ZTC server, passing in the parameters list the
Residential Gateway's MAC address, the application filename and a value
derived from the current running configuration (that, at boostrap, it is null).
These information define the current device status.
• The ZTC server checks if there is a configuration for the Residential Gateway
looking for the device MAC address into the LDAP server, and if necessary, it
returns the configuration file to the device.
• The device executes the configuration file and starts the ZTC client timeout. The
timeout defines the polling period before ZTC Server will be contacted.
• When the timeout expires the Scheduled-pull phase is executed.
414 Chapter 19 - ZTC

Residential DHCP LDAP

ZTC Server
Gateway server Database

NULL

Unit
Bootstrap

Setup Dyn
Interface
DHCP Request

DHCP Ack
(ZTC Server address)

TFTP Read Request

Start Software Release: <application filename>
ZTCClient Unit Identifier: <unit mac address>
Current Unit Config: null
Retrieve Configuration File

Configuration File
TFTP Data Packets
(unit configuration commands list)

Run new conf.

Start ZTC
timeout

ZTC idle

Figure 24. Pull-at-Startup ZTC phase.

Scheduled-pull
Figure 25 shows the Scheduled-pull phase executed by the ZTC client module when
the ztcclient polling timeout expires.
• The ZTC Client contacts the ZTC server, passing in the parameters list the
Residential gateway MAC address, the application filename and the hash key
derived from the current running configuration. These information define the
actual state of the device.
• The ZTC server checks if there is a configuration for the Residential Gateway
looking for the device MAC address into the LDAP server, and if necessary, it
returns the configuration file to the device.
• When the device receives the new configuration, it reboots in order to execute the
new configuration starting from a "well known" status: the boostrap
configuration.
AT-RG 600 Residential Gateway – Software Reference Manual 415

• Because the Residential Gateway never stores the configuration downloaded

from ZTC server, the ZTC client contacts again the ZTC server and execute
exactly the same procedure defined in the Pull-at-startup phase.

Residential LDAP
ZTC Server
Gateway Database

ZTC idle

ZTC Timeout
expires

TFTP Read Request

Start Software Release: <application filename>
ZTCClient Unit Identifier: <unit mac address>
Client Config: current config
Retrieve Configuration File

Configuration File

compare Client
config with
LDAP config

Yes No
Is it the
ABORT TFTP
same?

TFTP Data Packets

(unit configuration commands list)

Unit
restart

TFTP Read Request

Start Software Release: <application filename>
ZTCClient Unit Identifier: <unit mac address>
Client Config: null
Retrieve Configuration File

Configuration File
TFTP Data Packets
(unit configuration commands list)

Run new conf.

Start ZTC
timeout

ZTC idle

Figure 25. Scheduled-pull ZTC phase.

416 Chapter 19 - ZTC

ZTC Command reference

This section describes the commands available on the AT-RG613, AT-RG623 and
AT-RG656 Residential Gateway to configure and manage the ZTC Client module.

ZtcClient commands
The table below lists the ztcclient commands provided by the CLI:
Command

ZTCCLIENT ENABLE DYNAMIC

ZTCCLIENT ENABLE STATIC
ZTCCLIENT DISABLE
ZTCCLIENT SHOW
ZTCCLIENT SET
ZTCCLIENT UPDATE

ZTCCLIENT ENABLE DYNAMIC

Syntax ZTCCLIENT ENABLE DYNAMIC LISTENINTERFACE <ipinterface>

Description This command enables the ztcclient and bind it on an existing dynamic IP interface.
This command automatically creates a specific configuration rule that applies to the
IP interface in order to force the dhcpclient module to request the ZTC server
address inside the option list of the DHCP discover request sent to the external
DHCP server.

This command requests that <ipinterface> is defined as dynamic interface,

thus it must have the DHCP flag enabled.

To apply changes to the ZTC client module and turn on it, use the ztcclient update
command.

Options The following table gives the range of values for each option, which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

The name of an existing IP interface.

ipinterface To see the list of existing interfaces, use the N/A
IP LIST INTERFACE command.

Example --> ztcclient enable dynamic listeninterface ip0

See also ZTCCLIENT DISABLE

AT-RG 600 Residential Gateway – Software Reference Manual 417

ZTCCLIENT ENABLE STATIC

Syntax ZTCCLIENT ENABLE STATIC ZTCSERVERADDR <ztcserveraddr>

Description This command enables the ztcclient, and set the ZTC Server IP address.

To apply changes to the ZTC client module and turn on it, use the ztcclient update
command.

Options The following table gives the range of values for each option which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

The IP address of the interface used to
connect to the ZTC Server.
ztcserveraddr N/A
The IP address must be specified in IPv4
format (e.g. 192.168.102.3)

Example --> ztcclient enable static ztcserveraddr 192.168.102.3

See also ZTCCLIENT DISABLE

ZTCCLIENT DISABLE
Syntax ZTCCLIENT DISABLE

Description This command disables the ztcclient module.

Example --> ztcclient disable

See also ZTCCLIENT ENABLE

ZTCCLIENT SHOW
Syntax ZTCCLIENT SHOW

Description This command shows the ZTC client configuration parameters.

Example The following example shows the ZTC client parameters when a dynamic
configuration is set.

ZTC CLIENT CONFIGURATION

- GENERAL PARAMETERS
enabled: false
dynamic: true
configuration timeout: 60 seconds
server address in use: 192.168.1.10

- DYNAMIC CONFIGURATION
418 Chapter 19 - ZTC

interface: ip0

- STATIC CONFIGURATION
server address for static configuration: 0.0.0.0

ZTCCLIENT SET
Syntax ZTCCLIENT SET CONFIGTIMEOUT <configtimeout>

Description This command changes the value of the configtimeout, which is the polling time
interval before the ZTC client contacts the ZTC Server to check if a new
configuration is available.

Options The following table gives the range of values for each option which can be specified
with this command, and a default value (if applicable).

Option Description Default Value

The time that the ztcclient module stays in
standby before checking the system
configtimeout configuration against the ztc server 60
configuration.
Acceptable values are from 20 to 65535 secs

Example --> ztcclient set configtimeout 30

ZTCCLIENT UPDATE
Syntax ZTCCLIENT UPDATE

Description This command saves the changes made with ZTCCLIENT SET CONFIGTIMEOUT
and ZTCCLIENT ENABLE DYNAMIC or ZTCCLIENT ENABLE DYNAMIC
commands and turn on the polling timeout.

Example --> ztcclient update

AT-RG 600 Residential Gateway – Software Reference Manual 419

Chapter 20

Software Update

Introduction
AT-RG600 Residential Gateway software consists of the system application file
(named image) plus additional support files.
All these files are stored permanently into the system flashfs file system and loaded
during the unit bootstrap.
During normal operation mode, to prevent file system corruption, the flashfs file
system is never access directly. Programs that access (read or write) files stored into
flashfs file system, use a copy of the flashfs file system, named isfs (see chapter 1),
running into RAM.
If the unit is powered off, all the changes made into the isfs file system are lost. To
save permanently the contents of the isfs file system into flashfs file system, use the
system configuration save command.

To upgrade the AT-RG600 software, upload a new file or download an existing file,
it's possible use one of the following solutions depending on the type of upgrade
requested:
• using FTP
• using TFTP
• using the Windows™ based Loader application
• using the SwUpdate client module
420 Chapter 20 – Software Update

FTP server
AT-RG600 Residential Gateway implements an internal FTP server that provides
access to the isfs file system.
FTP connection is used typically to download into the Residential Gateway a new
image file but can be used also to retrieve or to download configuration and support
files too.
To connect the FTP module, simply use a FTP client application and login with the
same username and password used for telnet access.
When connected, it's possible browse the isfs file system with the ftp LIST
command.

When the ftp connection is closed, the content of isfs is copied back into flashfs
and the unit is forced to reboot in order to restart from the new application
code (or with the new configuration files).

TFTP server
Similarly to FTP, AT-RG600 Residential Gateway support also an internal TFTP
server that provide access both to flashfs and isfs file system.
TFTP is a file transfer protocol that is based on UDP transport protocol and
therefore it less reliable than ftp. There is no connection control, but only packets
acknowledge and packet retransmission.
TFTP connection is used typically to download or retrieve configuration and
support files. Differently for FTP, when a file is loaded into the Residential Gateway
using the tftp facility, it doesn't result in a system restart when the connection is
closed. Each TFTP connection is protected against uncontrolled access, using the
same name defined for SNMP community write.

To retrieve or download a file from/to the Residential gateway it's necessary unlock
the TFTP server sending (TFTP write request command) a special command file
having filename "tftplock.key". This file is a simple ASCII file that includes the TFTP
password without any encryption.
Then, it's possible request or sends the configuration file.
AT-RG 600 Residential Gateway – Software Reference Manual 421

TFTP Client

TFTP Write Request: tftplock.key

TFTP Write Request: filename

TFTP Data

or

TFTP Read Request: filename

TFTP Data

Figure 26. Access to the Residential Gateway TFTP server.

The maximum file size that can be downloaded into the Residential Gateway
is 8kbyte. To download files larger than 8kbyte use the FTP service.

Windows™ Loader
To upgrade the AT-RG600 Residential Gateway a special Windows™ based
application has been developed: the Loader.
The loader uses the TFTP services provided by the Residential Gateway to
download on the unit the application file plus all the other support files avoiding
the user to download each file separately.

The loader can be used to upgrade an existing software version or can be used to
download a new complete software release if the Residential Gateway is running in
recovery mode.
When the Loader is used to upgrade the Residential Gateway from a previous
software release, all the existing configuration files are kept.

When using the Loader, the IP address of the residential Gateway must be selected
and the SNMP community write name is requested as session password (see Figure
27).
422 Chapter 20 – Software Update

Figure 27. The Windows™ Loader

SwUpdate module
FTP, TFTP and Windows™ Loader are three upgrade solutions based on external
client applications that typically require user manual operation or the development
of dedicated script files.

SwUpdate module is a basic FTP client module running on the Residential Gateway
that contacts periodically a TFTP server and retrieves from it the required software
or support files.
In order to maintain backward compatibility with existing upgrade solutions,
SwUpdate is able to manage software upgrades similarly to the DHCPCONF
feature available on AT-RG200 Residential Gateway family.

SwUpdate retrieves the TFTP Server address from a specific option (option 66 tftp-
server-name) passed by the external DHCP server to the Residential Gateway IP
interface.
It then uses the path passed as filename string to navigate into the TFTP server.

In order to distinguish the correct DHCP Offer (in case more than one DHCP server
is present in the network), the Residential Gateway will consider only DHCP Offers
that include the option 60 (dhcp-class-identifier) with one of the following possible
values depending on the product code:

"RG603"
AT-RG 600 Residential Gateway – Software Reference Manual 423

"RG613TX"
"RG613TXJ"
"RG613SH"
"RG613LH"
"RG613BD"
"RG623TX"
"RG623SH"
"RG623LH"
"RG623BD"
"RG656TX"
"RG656BD"
"RG656LH"
"RG656SH"

SwUpdate is designed to download only the files that differ or are not present into
the Residential Gateway file-system.

Residential DHCP TFTP

Gateway Server Server

NULL

Unit
Bootstrap DHCP Request:
option 66 tftp-server-name
option 60 dhcp-class-identifier

DHCP Offer:
filename: <tftp path>
option 66: <tftp server address>
option 60: dhcp-class-identifier = "rg6xx"

Retrieve TFTP list file: MD5SUM

TFTP files: image, derivedata.dat, im.conf, ...

Unit
restart

Figure 28. DHCPCONF like SwUpdate operation mode.

In order to inform the SwUpdate module about which files it must download from
the TFTP server, a special file named MD5SUM must be created on the TFTP server.
424 Chapter 20 – Software Update

When the SwUpdate module connects to the TFTP server, it retrieves immediately
this file and then it download each file reported by this list.

The MD5SUM file is a list of filename where each file name has associated the MD5
value.

To create the MD5SUM file it's possible use the md5sum command available under
standard Linux platforms (free md5sum applications are available also under
Windows™ Operating System).

If a file reported into the MD5SUM list is already present into the Residential
Gateway file-system with the same MD5 value, the SwUpdate skip this download,
otherwise it will download it.

Example:
Assuming the all the files included in the current directory must be downloaded
into the Residential Gateway, the following command must be used to generate the
MD5SUM file:

root# md5sum * > MD5SUM

the MD5SUM file will list the following informations:

96643c6e3af928990ed42a42dda2c554 cleanup
7cf32ce7ba89ab67f977a71ae5b205cd cliconsole
6d3dabc798da4ec9267615f12d1d2a43 consoleinit
810fd9bbababa67844e75e6846805e65 derived_data.dat
fb32c37e1457fcc1304d9cf74cd19bad dnsrelaylandb
444aa423a8d8a2d74640953ff6537948 image
6400dc3f72433a674f99c5b98aa5dae3 im.conf
026238c689022c21468df407a5daaef6 im.conf.factory
b87817d7b9a6c81cc8570deb9e270f34 im.conf.ztc_enabled_dynamic
24ae0c8518b7a98a5aa1c34563032c42 im.descriptions
1d0c14e81301cb630912790d077b79c0 initbun
08d016fe02cc6bde27110dc453e2b7b5 initbun.eg1004
4634050e6bf5e91d5a5872c3eb08d56a initbun.rg603
1b5498efa91b0d901a1235347b15e407 initbun.rg613
fd1fb4825195c080206104ac0443427f initbun.rg613txj
147e3239ce2f712340fa786f0a55a088 initbun.rg623
d55d9bd33ae47f4ea3acb39ae950a952 initbun.rg656
5ed6d58a9482d7aa0b44ff28a1e8ca7e NPimage
6927f315890f4209b8a406a1ee75595a services
0a48b795c03a4a012d1ba77dd647c307 snmpd.cnf
47abd829e3ccf727f9e8b29cbf52ed1e snmpinit
f9ae2f9ec26a5af37418be160fe67339 translate.tab
5318c5d07deb1c00dd42628b0d6f7af6 version
ea8fd2f8c81724291d1b0bcdb8e93df6 xgate_initbun
AT-RG 600 Residential Gateway – Software Reference Manual 425

Plug-and-play

If the Residential Gateway is set with dynamic IP interface and the DHCP server
sends the option 66 tftp-file-name togheter with option 60 (dhcp-class-identifier)
equal to same product code of the Residential Gateway, SwUpdate module sets the
server address to the address specified by the tftp-file-name option and will uses the
TFTP protocol to retrieve the MD5SUM file instead of the FTP protocol.
SwUpdate will change the remote directory on the TFTP server accordingly to the
filename option passed in the DHCP Offer message.

TFTP working directory

SwUpdate is able to navigate into the FTP/TFTP server directory.
The working directory can be specified defining in the SwUpdate module a
parameter named path. It identifies the relative path respect the login home
directory where the SwUpdate module expects to found the files.

For example if the home directory is:

/home/manager

and the Residential Gateway path address is set to:

at-rg600-software-xxx

the working directory will be:

/home/manager/at-rg600-software-xxx