P. 1
rg600_rm_a_v200

rg600_rm_a_v200

|Views: 1,285|Likes:
Published by sickphuck

More info:

Published by: sickphuck on Feb 28, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

08/04/2011

pdf

text

original

Sections

  • Standards and Protocols
  • Background Reading
  • Publicly Accessible Documents
  • Conventions used in command definitions
  • Chapter 1
  • Logging into the CLI
  • Serial Connection
  • TCP/IP connection
  • Command Line Interface and Console
  • Webserver
  • File System
  • Boot code
  • System configuration information
  • Run-time images
  • Access permissions to the CLI
  • System Command Reference
  • System CLI commands
  • SYSTEM ADD USER
  • SYSTEM ADD LOGIN
  • SYSTEM CONFIG BACKUP
  • SYSTEM CONFIG RESTORE
  • SYSTEM CONFIG SAVE
  • SYSTEM DELETE LOGIN
  • SYSTEM DELETE USER
  • SYSTEM INFO
  • SYSTEM LIST ERRORS
  • SYSTEM LIST OPENFILES
  • SYSTEM LIST USERS
  • SYSTEM LIST LOGINS
  • SYSTEM LOG
  • SYSTEM LOG ENABLE|DISABLE
  • SYSTEM LOG LIST
  • SYSTEM NAME
  • SYSTEM RESTART
  • SYSTEM SET LOGIN ACCESS
  • SYSTEM SET LOGIN MAYCONFIGURE
  • SYSTEM SET LOGIN MAYDIALIN
  • SYSTEM SET USER ACCESS
  • SYSTEM SET USER MAYCONFIGURE
  • SYSTEM SET USER MAYDIALIN
  • User Command Reference
  • User CLI commands
  • USER LOGOUT
  • USER PASSWORD
  • USER CHANGE
  • Web Server Command Reference
  • Web Server CLI commands
  • WEBSERVER CLEAR STATS
  • WEBSERVER ENABLE|DISABLE
  • WEBSERVER SET INTERFACE
  • WEBSERVER SET MANAGEMENTIP
  • WEBSERVER SET PORT
  • WEBSERVER SET UPNPPORT
  • WEBSERVER SHOW INFO
  • WEBSERVER SHOW STATS
  • Console Access Command Reference
  • Console access CLI commands
  • CONSOLE ENABLE
  • CONSOLE PROCESS
  • CONSOLE COMMAND - EXIT
  • Introduction
  • Switch Core Functional Overview
  • Address Look-up
  • Learning
  • Migration
  • Aging
  • Forwarding
  • Switching engine
  • Rate limiting support
  • Layer 3 routing rate limiting
  • Class of Service and Differentiated Services
  • 802.1p Traffic Priority
  • Differentiated Services Code Point (DSCP)
  • Switch Command Reference
  • switch CLI commands
  • SWITCH DISABLE AGEINGTIMER
  • Syntax SWITCH DISABLE AGEINGTIMER
  • SWITCH DISABLE LEARNING
  • SWITCH DISABLE PORT
  • SWITCH ENABLE AGEINGTIMER
  • Syntax SWITCH ENABLE AGEINGTIMER
  • SWITCH ENABLE LEARNING
  • SWITCH ENABLE PORT
  • SWITCH RESET
  • SWITCH SET AGEINGTIMER
  • SWITCH SET PORT
  • SWITCH SET PRIORITY
  • SWITCH SET QOS
  • SWITCH SET ROUTING-LIMIT
  • SWITCH SHOW
  • SWITCH SHOW FDB
  • --> switch show fdb
  • SWITCH SHOW PORT
  • SWITCH SHOW QOS
  • INTRODUCTION
  • VLAN TAGGING
  • VLAN SUPPORT ON AT-RG600 RESIDENTIAL GATEWAY
  • VLAN definition and port tagging
  • VLAN versus IP Interface
  • VLAN Command Reference
  • vlan CLI commands
  • VLAN ADD PORT
  • VLAN ADD VID
  • VLAN DELETE
  • VLAN SHOW
  • IP
  • THE INTERNET
  • ADDRESSING
  • Subnets
  • IP SUPPORT ON AT-RG6XX RESIDENTIAL GATEWAY SERIES
  • Adding and attaching IP interfaces
  • IP stack and incoming packets
  • Locally received packets
  • Forwarding packets
  • Unconfigured interfaces
  • Unnumbered interfaces
  • Unconfigured interfaces v unnumbered interfaces
  • Configuring unnumbered interfaces
  • Creating a route
  • Virtual Interfaces
  • Configuring virtual interfaces
  • Similarities between virtual interfaces and real interfaces
  • Differences between virtual interfaces and real interfaces
  • Secondary IP addresses
  • Configuring secondary IP addresses
  • Functionality of secondary IP addresses
  • IP Quality of Service
  • Expedited class
  • Example of use of Prioritization
  • Quality of Service support
  • • packet classification
  • Packet Classification
  • Configuring Flow Qualifiers
  • Link bandwidth prioritization
  • CPU prioritization
  • TCP/IP Command Reference
  • IP Tracing commands
  • IP CLI commands
  • IP ADD DEFAULTROUTE GATEWAY
  • IP ADD DEFAULT ROUTE INTERFACE
  • IP ADD DEFAULTROUTE INTERFACE
  • IP ADD INTERFACE
  • IP ADD ROUTE
  • IP ATTACH
  • IP ATTACHVIRTUAL
  • IP CLEAR ARPENTRIES
  • IP CLEAR INTERFACES
  • IP CLEAR RIPROUTES
  • IP CLEAR ROUTES
  • IP DELETE INTERFACE
  • IP DELETE ROUTE
  • IP DETACH INTERFACE
  • IP INTERFACE ADD FQ CODEPOINT
  • IP INTERFACE ADD FQ PROTOCOL
  • IP INTERFACE ADD FQ SRCADDR CODEPOINT
  • IP INTERFACE ADD FQ SRCADDR PROTOCOL
  • IP INTERFACE ADD PROXYARPENTRY
  • IP INTERFACE ADD PROXYARPEXCLUSION
  • IP INTERFACE ADD SECONDARYIPADDRESS
  • IP INTERFACE CLEAR FQS
  • IP INTERFACE CLEAR PROXYARPENTRIES
  • IP INTERFACE CLEAR SECONDARYIPADDRESSES
  • IP INTERFACE DELETE FQ
  • IP INTERFACE DELETE PROXYARPENTRIES
  • IP INTERFACE DELETE PROXYARPEXCLUSION
  • IP INTERFACE DELETE SECONDARYIPADDRESS
  • IP INTERFACE LIST FQS
  • IP INTERFACE LIST PROXYARPENTRIES
  • IP INTERFACE LIST SECONDARYIPADDRESSES
  • --> ip interface ip1 list secondaryipaddresses
  • IP LIST ARPENTRIES
  • IP LIST CONNECTIONS
  • --> ip list connections
  • IP LIST INTERFACES
  • IP LIST RIPROUTES
  • IP LIST ROUTES
  • IP PING
  • IP SET INTERFACE DHCP
  • IP SET INTERFACE IPADDRESS
  • IP SET INTERFACE MTU
  • IP SET INTERFACE NETMASK
  • IP SET INTERFACE RIP ACCEPT
  • IP SET INTERFACE RIP MULTICAST
  • IP SET INTERFACE RIP SEND
  • IP SET INTERFACE TCPMSSCLAMP
  • IP SET RIP ADVERTISEDEFAULT
  • IP SET RIP AUTHENTICATION
  • IP SET RIP DEFAULTROUTECOST
  • IP SET RIP HOSTROUTES
  • IP SET RIP PASSWORD
  • IP SET RIP POISON
  • IP SET ROUTE COST
  • IP SET ROUTE DESTINATION
  • IP SET ROUTE GATEWAY
  • IP SET ROUTE INTERFACE
  • IP SHOW
  • IP SHOW INTERFACE
  • IP SHOW ROUTE
  • Transports CLI commands
  • TRANSPORTS CLEAR
  • TRANSPORTS DELETE
  • TRANSPORTS LIST
  • TRANSPORTS SHOW
  • Ethernet CLI commands
  • ETHERNET ADD TRANSPORT
  • ETHERNET CLEAR TRANSPORTS
  • ETHERNET DELETE TRANSPORT
  • ETHERNET LIST PORTS
  • ETHERNET LIST TRANSPORTS
  • ETHERNET SHOW TRANSPORT
  • Application Gateway
  • Stateful Inspection
  • Security support on AT-RG6xx Residential Gateway series
  • Figure 7. Security modules on AT-RG6xx Residential Gateway series
  • Security Interfaces
  • Figure 8. Security interfaces on AT-RG6xx Residential Gateway series
  • Dynamic Port Opening and Triggers
  • Non-Activity Timeout
  • Session Chaining
  • Firewall
  • Policy
  • Portifilter
  • Validator
  • Intrusion Detection
  • Security Command Reference
  • Security CLI commands
  • SECURITY ADD INTERFACE
  • SECURITY ADD TRIGGER TCP|UDP
  • SECURITY ADD TRIGGER NETMEETING
  • SECURITY CLEAR INTERFACES
  • SECURITY CLEAR TRIGGERS
  • SECURITY DELETE INTERFACE
  • SECURITY DELETE TRIGGER
  • SECURITY
  • SECURITY LIST INTERFACES
  • SECURITY LIST TRIGGERS
  • SECURITY SET TRIGGER UDPSESSIONCHAINING
  • SECURITY SET TRIGGER ADDRESSREPLACEMENT
  • See also SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT
  • SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT
  • SECURITY SET TRIGGER ENDPORT
  • SECURITY SET TRIGGER MAXACTINTERVAL
  • SECURITY SET TRIGGER MULTIHOST
  • SECURITY SET TRIGGER SESSIONCHAINING
  • SECURITY SET TRIGGER STARTPORT
  • SECURITY SHOW INTERFACE
  • SECURITY SHOW TRIGGER
  • SECURITY STATUS
  • Firewall Command Reference
  • Firewall CLI commands
  • FIREWALL ADD POLICY
  • FIREWALL ADD PORTFILTER
  • FIREWALL ADD VALIDATOR
  • FIREWALL CLEAR POLICIES
  • FIREWALL CLEAR PORTFILTERS
  • FIREWALL DELETE POLICY
  • FIREWALL DELETE PORTFILTER
  • FIREWALL DELETE VALIDATOR
  • FIREWALL ENABLE|DISABLE
  • FIREWALL ENABLE|DISABLE IDS
  • FIREWALL ENABLE|DISABLE BLOCKINGLOG
  • FIREWALL ENABLE|DISABLE INTRUSIONLOG
  • FIREWALL ENABLE|DISABLE SESSIONLOG
  • FIREWALL LIST POLICIES
  • FIREWALL LIST PORTFILTERS
  • FIREWALL LIST VALIDATORS
  • FIREWALL SET IDS DOSATTACKBLOCK
  • FIREWALL SET IDS MAXICMP
  • FIREWALL SET IDS MAXPING
  • FIREWALL SET IDS MAXTCPOPENHANDSHAKE
  • FIREWALL SET IDS SCANATTACKBLOCK
  • FIREWALL SET IDS BLACKLIST
  • FIREWALL SET IDS VICTIMPROTECTION
  • FIREWALL SET SECURITYLEVEL
  • FIREWALL SHOW IDS
  • FIREWALL SHOW POLICY
  • FIREWALL SHOW PORTFILTER
  • FIREWALL SHOW VALIDATOR
  • FIREWALL STATUS
  • Network Address Translation - NAT
  • Network Address Translation
  • Address conservation
  • Security
  • How does NAT work?
  • What about protocols other than UDP and TCP?
  • How can you let sessions into servers on the private LAN?
  • NAT support on AT-RG6xx Residential Gateway series
  • • global IP address pools
  • Global IP Address Pools
  • Reserved Mappings
  • Application Level Gateways (ALGs)
  • Interactions of NAT and other security features
  • Firewall filters and reserved mappings
  • NAT and Dynamic Port Opening
  • NAT and secondary IP addresses
  • NAT Command Reference
  • NAT CLI commands
  • NAT ADD GLOBALPOOL
  • NAT ADD RESVMAP GLOBALIP
  • NAT ADD RESVMAP INTERFACE NAME
  • NAT CLEAR GLOBALPOOLS
  • NAT CLEAR RESVMAPS
  • NAT DELETE GLOBALPOOL
  • NAT DELETE RESVMAP
  • NAT DISABLE
  • NAT ENABLE
  • NAT IKETRANSLATION
  • NAT LIST GLOBALPOOLS
  • NAT LIST RESVMAPS
  • NAT SHOW GLOBALPOOL
  • NAT SHOW RESVMAP
  • NAT STATUS
  • Multicasting Overview
  • Multicasting principles
  • Group addresses
  • IGMP
  • Multicast MAC addresses
  • IGMP snooping
  • IGMP snooping on AT-VP6x3 product family
  • Multicast Router Port Discovery
  • Multicast Hosts Port Discovery
  • Leaving a Group
  • Timeout interval expiring
  • IGMP proxy
  • IGMP Snooping Command Reference
  • IGMP snooping CLI commands
  • IGMP SNOOPING DISABLE
  • IGMP SNOOPING ENABLE
  • IGMP SNOOPING SET LEAVETIME
  • IGMP SNOOPING SET QUERYINTERVAL
  • IGMP SNOOPING SET TIMEOUT
  • IGMP SNOOPING SHOW
  • IGMP Proxy Command Reference
  • IGMP proxy CLI commands
  • IGMP PROXY SET UPSTREAMINTERFACE
  • IGMP PROXY SHOW UPSTREAMINTERFACE
  • Syntax IGMP PROXY SHOW UPSTREAMINTERFACE
  • IGMP PROXY SHOW STATUS
  • Dynamic Host Configuration Protocol - DHCP
  • DHCP support on AT-RG6xx Residential Gateway series
  • DHCP server
  • Example:
  • DHCP client
  • Lease requirements and requests
  • Support for AutoIP
  • Additional DHCP client modes
  • Propagating DNS server information
  • Automatically setting up a DHCP server
  • Example
  • DHCP Relay
  • DHCP Server Command Reference
  • DHCP server CLI commands
  • DHCPSERVER ADD FIXEDHOST
  • DHCPSERVER ADD SUBNET
  • DHCPSERVER CLEAR FIXEDHOST
  • DHCPSERVER CLEAR SUBNETS
  • DHCPSERVER DELETE FIXEDHOST
  • DHCPSERVER DELETE SUBNET
  • DHCPSERVER ENABLE|DISABLE
  • DHCPSERVER LIST FIXEDHOST
  • DHCPSERVER LIST OPTIONS
  • DHCPSERVER LIST SUBNETS
  • DHCPSERVER SET ALLOWUNKNOWNCLIENTS
  • DHCPSERVER SET BOOTP
  • DHCPSERVER SET DEFAULTLEASETIME
  • DHCPSERVER SET FIXEDHOST IPADDRESS
  • DHCPSERVER SET FIXEDHOST MACADDRESS
  • DHCPSERVER SET FIXEDHOST MAXLEASETIME
  • DHCPSERVER SET MAXLEASETIME
  • DHCPSERVER SET SUBNET DEFAULTLEASETIME
  • DHCPSERVER SET SUBNET HOSTISDEFAULTGATEWAY
  • DHCPSERVER SET SUBNET HOSTISDNSSERVER
  • DHCPSERVER SET SUBNET MAXLEASETIME
  • DHCPSERVER SET SUBNET SUBNET
  • DHCPSERVER SHOW
  • DHCPSERVER SHOW SUBNET
  • DHCPSERVER SUBNET ADD IPRANGE
  • DHCPSERVER SUBNET ADD OPTION
  • DHCPSERVER SUBNET CLEAR IPRANGES
  • DHCPSERVER SUBNET CLEAR OPTIONS
  • DHCPSERVER SUBNET DELETE IPRANGE
  • DHCPSERVER SUBNET DELETE OPTION
  • DHCPSERVER SUBNET LIST IPRANGES
  • DHCPSERVER SUBNET LIST OPTIONS
  • DHCPSERVER UPDATE
  • DHCP Client Command Reference
  • DHCP client CLI commands
  • DHCPCLIENT ADD INTERFACECONFIG
  • DHCPCLIENT CLEAR INTERFACECONFIGS
  • Syntax DHCPCLIENT CLEAR INTERFACECONFIGS
  • DHCPCLIENT DELETE INTERFACECONFIG
  • DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION
  • DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION
  • DHCPCLIENT INTERFACECONFIG ADD SENT OPTION
  • DHCPCLIENT INTERFACECONFIG CLEAR REQUESTED OPTIONS
  • DHCPCLIENT INTERFACECONFIG CLEAR SENT OPTIONS
  • DHCPCLIENT INTERFACECONFIG DELETE REQUESTED OPTION
  • DHCPCLIENT INTERFACECONFIG DELETE SENT OPTION
  • DHCPCLIENT INTERFACECONFIG LIST REQUESTED OPTIONS
  • --> dhcpclient interfaceconfig client1 list requested options
  • DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS
  • --> dhcpclient interfaceconfig client1 list sent options
  • DHCPCLIENT LIST INTERFACECONFIGS
  • Syntax DHCPCLIENT LIST INTERFACECONFIGS
  • DHCPCLIENT SET BACKOFF
  • DHCPCLIENT SET INTERFACECONFIG AUTOIP
  • DHCPCLIENT SET INTERFACECONFIG CLIENTID
  • DHCPCLIENT SET INTERFACECONFIG DEFAULTROUTE
  • DHCPCLIENT SET INTERFACECONFIG DHCPINFORM
  • DHCPCLIENT SET INTERFACECONFIG DHCPSERVERPOOLSIZE
  • --> dhcpclient set interfaceconfig client1 dhcpserverpoolsize 20
  • DHCPCLIENT SET INTERFACECONFIG DHCPSERVERINTERFACE
  • DHCPCLIENT SET INTERFACECONFIG GIVEDNSTOCLIENT
  • DHCPCLIENT SET INTERFACECONFIG GIVEDNSTORELAY
  • DHCPCLIENT SET INTERFACECONFIG INTERFACE
  • DHCPCLIENT SET INTERFACECONFIG NOCLIENTID
  • --> dhcpclient set interfaceconfig client1 noclientid
  • DHCPCLIENT SET INTERFACECONFIG REQUESTEDLEASETIME
  • DHCPCLIENT SET INTERFACECONFIG SERVER
  • DHCPCLIENT SET REBOOT
  • DHCPCLIENT SET RETRY
  • DHCPCLIENT SHOW
  • DHCPCLIENT UPDATE
  • DHCP Relay Command Reference
  • DHCP relay CLI commands
  • DHCPRELAY ADD SERVER
  • DHCPRELAY CLEAR SERVERS
  • DHCPRELAY DELETE SERVER
  • DHCPRELAY ENABLE|DISABLE
  • DHCPRELAY LIST SERVERS
  • DHCPRELAY SHOW
  • DHCPRELAY UPDATE
  • DNS Relay
  • DNS Client
  • DNS Relay Command Reference
  • DNS Relay CLI commands
  • DNSRELAY ADD SERVER
  • DNSRELAY CLEAR CACHE
  • DNSRELAY CLEAR LANDATABASE
  • Syntax DNSRELAY CLEAR LANDATABASE
  • DNSRELAY CLEAR SERVERS
  • DNSRELAY DELETE SERVER
  • DNSRELAY LIST SERVERS
  • DNSRELAY SET LANDATABASEFILE
  • DNSRELAY SHOW LANADDRESS
  • DNSRELAY SHOW LANDOMAINNAME
  • Syntax DNSRELAY SHOW LANDOMAINNAME
  • DNSRELAY SHOW LANDATABASEFILENAME
  • Syntax DNSRELAY SHOW LANDATABASEFILENAME
  • DNS Client Command Reference
  • DNS Client CLI commands
  • DNSCLIENT ADD SEARCHDOMAIN
  • DNSCLIENT ADD SERVER
  • DNSCLIENT CLEAR SEARCHDOMAINS
  • Syntax DNSCLIENT CLEAR SEARCHDOMAINS
  • DNSCLIENT CLEAR SERVERS
  • DNSCLIENT DELETE SEARCHDOMAIN
  • DNSCLIENT DELETE SERVER
  • DNSCLIENT LIST SEARCHDOMAINS
  • Syntax DNSCLIENT LIST SEARCHDOMAINS
  • DNSCLIENT LIST SERVERS
  • SNTP Features
  • Time Zones and Daylight Savings (Summer Time) Conversion
  • SNTP Command Reference
  • SNTP CLI commands
  • SNTPCLIENT SET CLOCK
  • SNTPCLIENT SET MODE
  • SNTPCLIENT SET POLL-INTERVAL
  • SNTPCLIENT SET RETRIES
  • SNTPCLIENT SET SERVER
  • SNTPCLIENT SET TIMEOUT
  • SNTPCLIENT SET TIMEZONE
  • --> sntpclient set timezone EST
  • SNTPCLIENT SHOW ASSOCIATION
  • Syntax SNTPCLIENT SHOW ASSOCIATION
  • SNTP SHOW STATUS
  • SNTPCLIENT SYNC
  • PPPoE support on the AT-RG6xx Residential Gateway series
  • Adding and attaching PPPoE connections
  • Negotiation of PPPoE connections
  • PPPoE Command Reference
  • PPPoE CLI commands
  • PPPOE ADD TRANSPORT
  • PPPOE CLEAR TRANSPORTS
  • PPPOE DELETE TRANSPORT
  • PPPOE LIST TRANSPORTS
  • PPPOE SET TRANSPORT ACCESSCONCENTRATOR
  • PPPOE SET TRANSPORT AUTOCONNECT
  • PPPOE SET TRANSPORT AUTOCONNECT FILTER ADD
  • PPPOE SET TRANSPORT AUTOCONNECT FILTER DELETE
  • PPPOE SET TRANSPORT ENABLED/DISABLED
  • PPPOE SET TRANSPORT GIVEDNS CLIENT
  • PPPOE SET TRANSPORT GIVEDNS RELAY
  • PPPOE SET TRANSPORT LCPECHOEVERY
  • PPPOE SET TRANSPORT LCPMAXCONF
  • PPPOE SET TRANSPORT LCPMAXFAIL
  • PPPOE SET TRANSPORT LCPMAXTERM
  • PPPOE SET TRANSPORT STATIC_IP/DYNAMIC_IP
  • PPPOE SET TRANSPORT PASSWORD
  • PPPOE SET TRANSPORT SERVICENAME
  • PPPOE SET TRANSPORT USERNAME
  • PPPOE SET TRANSPORT WELOGIN
  • PPPOE SHOW TRANSPORT
  • Analog Ports
  • Digital Ports
  • Figure 14. ISDN Basic Access
  • ISDN BRI Physical Layer
  • ISDN Layer 2 - LAPD
  • ISDN Layer 3 - Call Control
  • Common
  • Port configuration
  • Digit Map
  • Dial Mask
  • Voice Coder/Decoder
  • Voice Quality Management
  • Volume Gain Control
  • G.168 Line Echo Cancellation (8 ms – 32 ms tail length)
  • Voice Activity Detection (VAD) / Comfort Noise Generation (CNG)
  • Telecom Tones Management
  • Country-specific Telecom Tones
  • Port enable/disable
  • VoIP EP Command Reference
  • voip ep CLI commands
  • VOIP EP CREATE
  • VOIP EP DELETE
  • VOIP EP DISABLE
  • VOIP EP ENABLE
  • VOIP EP LIST
  • VOIP EP SET CFWD
  • VOIP EP SET CNG
  • VOIP EP SET CODECS
  • VOIP EP SET COUNTRY
  • VOIP EP SET DIALMASK
  • VOIP EP SET DIALMODE
  • VOIP EP SET DIGITMAP
  • VOIP EP SET IDT-CRITICAL
  • VOIP EP SET IDT-PARTIAL
  • VOIP EP SET JITTERDELAY
  • VOIP EP SET LEC
  • VOIP EP SET OFFHOOK-TIME
  • VOIP EP SET ONHOOK-TIME
  • VOIP EP SET RXGAIN
  • VOIP EP SET TXGAIN
  • VOIP EP SET VAD
  • VOIP EP SHOW
  • VoIP Lifeline Command Reference
  • voip lifeline CLI commands
  • VOIP LIFELINE DISABLE
  • --> voip lifeline disable
  • VOIP LIFELINE ENABLE
  • VOIP LIFELINE SHOW
  • SIP Protocol
  • Protocol Components
  • SIP Messages
  • AT-RG613, AT-RG623 and AT-RG656 Call Processes
  • Calls Involving Another Terminal
  • Figure 16. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone
  • Calls Involving a Terminal and a SIP Endpoint
  • Figure 17. Phone --> AT-RG613/RG623 (A) --> SIP IP Phone
  • VoIP SIP Servers, Users & Forwarding Database
  • SIP Servers
  • Users
  • Forwarding Database (FDB)
  • VoIP SIP Command Reference
  • VoIP sip protocol CLI commands
  • VOIP SIP PROTOCOL DISABLE
  • VOIP SIP PROTOCOL ENABLE
  • VOIP SIP PROTOCOL RESTART
  • --> voip sip protocol enable
  • VOIP SIP PROTOCOL SET DEFAULTPORT
  • VOIP SIP PROTOCOL SET EXTENSION
  • VOIP SIP PROTOCOL SET NAT
  • VOIP SIP PROTOCOL SET NETINTERFACE
  • VOIP SIP PROTOCOL SET ROUNDTRIPTIME
  • VOIP SIP PROTOCOL SET SESSIONEXPIRE
  • VOIP SIP PROTOCOL SHOW
  • VoIP SIP Locationserver Command Reference
  • voip sip locationserver CLI commands
  • VOIP SIP LOCATIONSERVER CREATE
  • VOIP SIP LOCATIONSERVER DELETE
  • VOIP SIP LOCATIONSERVER LIST
  • Syntax VOIP SIP LOCATIONSERVER LIST
  • VOIP SIP LOCATIONSERVER SET MASTER
  • VoIP SIP Proxyserver Command Reference
  • voip sip proxyserver CLI commands
  • VOIP SIP PROXYSERVER CREATE
  • VOIP SIP PROXYSERVER DELETE
  • VOIP SIP PROXYSERVER LIST
  • VOIP SIP PROXYSERVER SET MASTER
  • VoIP SIP User Command Reference
  • voip sip user CLI commands
  • VOIP SIP USER ADD
  • VOIP SIP USER CREATE
  • VOIP SIP USER DELETE
  • VOIP SIP USER LIST
  • --> voip sip user list
  • VOIP SIP USER REMOVE
  • VOIP SIP USER SHOW
  • VoIP SIP FDB Command Reference
  • voip sip fdb CLI commands
  • VOIP SIP FDB CREATE
  • VOIP SIP FDB DELETE
  • VOIP SIP FDB LIST
  • VOIP SIP FDB SHOW
  • H.323 Protocols
  • H.323 Components
  • Terminals
  • Gateways
  • Gatekeepers
  • Multipoint Control Units
  • Protocols Specified by H.323
  • Audio CODEC
  • Video CODEC
  • H.225 Registration, Admission, and Status
  • H.225 Call Signaling
  • H.245 Control Signaling
  • Real-Time Transport Protocol
  • Real-Time Transport Control Protocol
  • Terminal Characteristics
  • Gateway and Gatekeeper Characteristics
  • Gateway Characteristics
  • Gatekeeper Characteristics
  • Figure 20. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone
  • Calls Involving a Terminal and a H.323 Endpoint
  • Figure 21. Phone --> AT-RG613/RG623 (A) --> H323 IP Phone
  • VoIP H323 Users
  • Figure 22. VoIP H323 subsystem configuration - basic steps
  • VoIP H323 Command Reference
  • VoIP h323 protocol CLI commands
  • VOIP H323 PROTOCOL DISABLE
  • VOIP H323 PROTOCOL ENABLE
  • --> voip h323 protocol enable
  • VOIP H323 PROTOCOL SET ALIAS
  • VOIP H323 PROTOCOL SET CONNECT
  • VOIP H323 PROTOCOL SET GATEKEEPER
  • VOIP H323 PROTOCOL SET NETINTERFACE
  • VOIP H323 PROTOCOL SET Q931PORT
  • VOIP H323 PROTOCOL SET RASPORT
  • VOIP H323 PROTOCOL SET REGISTRATION
  • VOIP H323 PROTOCOL SET RESPONSE
  • VOIP H323 PROTOCOL SET SECONDARYGATEKEEPER
  • VOIP H323 PROTOCOL SHOW
  • VoIP H323 User Command Reference
  • voip H323 user CLI commands
  • VOIP H323 USER ADD
  • VOIP H323 USER CREATE
  • VOIP H323 USER DELETE
  • VOIP H323 USER LIST
  • VOIP H323 USER REMOVE
  • VOIP H323 USER SHOW
  • VoIP H323 FDB Command Reference
  • voip h323 fdb CLI commands
  • VOIP H323 FDB CREATE
  • VOIP H323 FDB DELETE
  • VOIP H323 FDB LIST
  • VOIP H323 FDB SHOW
  • Connections & Endpoints
  • MGCP Protocol Commands
  • NotificationRequest
  • Notify
  • CreateConnection
  • ModifyConnection
  • DeleteConnection
  • AuditEndpoint
  • AuditConnection
  • RestartInProgress
  • MGCP Command reference
  • MGCP commands
  • VOIP MGCP PROTOCOL DISABLE
  • VOIP MGCP PROTOCOL ENABLE
  • --> voip mgcp protocol enable
  • VOIP MGCP PROTOCOL RESTART
  • Syntax VOIP MGCP PROTOCOL RESTART
  • VOIP MGCP PROTOCOL SET DEFAULTPORT
  • VOIP MGCP PROTOCOL SET NAT
  • VOIP MGCP PROTOCOL SET NETINTERFACE
  • VOIP MGCP PROTOCOL SET PROFILE
  • VOIP MGCP PROTOCOL SHOW
  • VOIP MGCP CALLAGENT CREATE
  • VOIP MGCP CALLAGENT DELETE
  • VOIP MGCP CALLAGENT LIST
  • Media
  • VoIP QoS Command Reference
  • VoIP QoS CLI commands
  • VOIP QOS SET DSCP
  • VOIP QOS SET TOS
  • VOIP QOS SHOW
  • VoIP Media Command Reference
  • VoIP Media CLI commands
  • VOIP MEDIA SET PORTRANGE
  • VOIP MEDIA SET RTCP
  • VOIP MEDIA SET SESSIONTIMEOUT
  • VOIP MEDIA SHOW
  • Functional blocks
  • ZTC Network Architecture
  • ZTC Client
  • Storing Unit Configuration
  • Pull-at-startup
  • Scheduled-pull
  • ZTC Command reference
  • ZtcClient commands
  • ZTCCLIENT ENABLE DYNAMIC
  • ZTCCLIENT ENABLE STATIC
  • ZTCCLIENT DISABLE
  • ZTCCLIENT SHOW
  • ZTCCLIENT SET
  • ZTCCLIENT UPDATE
  • FTP server
  • TFTP server
  • Windows™ Loader
  • SwUpdate module
  • Plug-and-play

AT-RG 600 Residential Gateway

Software reference manual – release 2-0-0

AT-RG 600 Residential Gateway – Software Reference Manual

i

AT-RG600 series Residential Gateway – Software reference manual
Release 2-0-0 Rev. A6 Copyright © 2004 Allied Telesis All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis. Allied Telesis reserves the right to make changes in specifications and other information contained in this document without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied Telesis be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis has been advised of, known, or should have known, the possibility of such damages. All trademarks are the property of their respective owners.

Contents
CHAPTER 0 Preface........................................................................................................xvi
Purpose of this Manual .....................................................................................................xvi Intended Audience........................................................................................................... xvii Structure of this Manual.................................................................................................. xviii Standards and Protocols..................................................................................................... 1 Background Reading .......................................................................................................... 2 Publicly Accessible Documents .......................................................................................... 2 Conventions used in command definitions ......................................................................... 3

CHAPTER 1 System Management.................................................................................. 4
Logging into the CLI............................................................................................................ 4 Serial Connection................................................................................................................ 4 TCP/IP connection.............................................................................................................. 4 Command Line Interface and Console ............................................................................... 5 Webserver........................................................................................................................... 5 File System ......................................................................................................................... 6 Boot code............................................................................................................................ 6 System configuration information........................................................................................ 6 Run-time images................................................................................................................. 6 Access permissions to the CLI............................................................................................ 7 System Command Reference............................................................................................. 8 System CLI commands....................................................................................................... 8 system add user.................................................................................................................. 8 system add login................................................................................................................. 9 system config backup ....................................................................................................... 10 system config restore........................................................................................................ 11 system config save ........................................................................................................... 12 system delete login ........................................................................................................... 12 system delete user............................................................................................................ 12 system info........................................................................................................................ 13 system list errors............................................................................................................... 13 system list openfiles.......................................................................................................... 14 system list users ............................................................................................................... 14 system list logins............................................................................................................... 15 system log......................................................................................................................... 15 system log enable|disable................................................................................................. 16 system log list ................................................................................................................... 17 system name..................................................................................................................... 18 system restart ................................................................................................................... 18 system set login access.................................................................................................... 18 system set login mayconfigure.......................................................................................... 19 system set login maydialin ................................................................................................ 19 system set user access..................................................................................................... 20 system set user mayconfigure .......................................................................................... 20 system set user maydialin................................................................................................. 20 User Command Reference ............................................................................................... 22 User CLI commands ......................................................................................................... 22 user logout ........................................................................................................................ 22 user password................................................................................................................... 22 user change ...................................................................................................................... 22 Web Server Command Reference.................................................................................... 24 Web Server CLI commands.............................................................................................. 24 webserver clear stats........................................................................................................ 24 webserver enable|disable ................................................................................................. 24 webserver set interface..................................................................................................... 25 webserver set managementip........................................................................................... 25 webserver set port ............................................................................................................ 26

ii

AT-RG 600 Residential Gateway – Software Reference Manual

iii

webserver set upnpport .................................................................................................... 26 webserver show info ......................................................................................................... 26 webserver show stats ....................................................................................................... 27 Console Access Command Reference ............................................................................. 28 Console access CLI commands ....................................................................................... 28 console enable.................................................................................................................. 28 console process................................................................................................................ 28 Console command - exit ................................................................................................... 29

CHAPTER 2 Switch.......................................................................................................... 30
Introduction ....................................................................................................................... 30 Switch Core Functional Overview ..................................................................................... 30 Address Look-up............................................................................................................... 30 Learning............................................................................................................................ 31 Migration ........................................................................................................................... 31 Aging................................................................................................................................. 31 Forwarding........................................................................................................................ 31 Switching engine............................................................................................................... 32 Rate limiting support ......................................................................................................... 32 Layer 3 routing rate limiting............................................................................................... 32 Class of Service and Differentiated Services.................................................................... 33 802.1p Traffic Priority........................................................................................................ 33 Differentiated Services Code Point (DSCP)...................................................................... 34 Switch Command Reference ............................................................................................ 36 switch CLI commands....................................................................................................... 36 switch disable ageingtimer................................................................................................ 36 switch disable learning...................................................................................................... 37 switch disable port ............................................................................................................ 37 switch enable ageingtimer ................................................................................................ 37 switch enable learning ...................................................................................................... 38 switch enable port............................................................................................................. 38 switch reset....................................................................................................................... 38 switch set ageingtimer ...................................................................................................... 39 switch set port................................................................................................................... 39 switch set priority .............................................................................................................. 41 switch set qos ................................................................................................................... 41 switch set ROUTING-LIMIT .............................................................................................. 41 switch show....................................................................................................................... 42 switch show fdb................................................................................................................. 43 switch show port ............................................................................................................... 44 switch show qos................................................................................................................ 48

CHAPTER 3 VLAN .......................................................................................................... 49
INTRODUCTION .................................................................................................................... 49 VLAN TAGGING .................................................................................................................. 49 VLAN SUPPORT ON AT-RG600 RESIDENTIAL GATEWAY ....................................................... 52 VLAN definition and port tagging ...................................................................................... 52 VLAN versus IP Interface.................................................................................................. 53 VLAN Command Reference ............................................................................................. 56 vlan CLI commands .......................................................................................................... 56 vlan add port ..................................................................................................................... 56 vlan add vid....................................................................................................................... 57 vlan delete......................................................................................................................... 57 vlan show.......................................................................................................................... 58

CHAPTER 4 IP 60
INTRODUCTION .................................................................................................................... 60 THE INTERNET .................................................................................................................... 60 ADDRESSING ...................................................................................................................... 62

Subnets............................................................................................................................. 64 IP SUPPORT ON AT-RG6XX RESIDENTIAL GATEWAY SERIES ................................................. 65 Adding and attaching IP interfaces ................................................................................... 65 IP stack and incoming packets ......................................................................................... 66 Locally received packets................................................................................................... 66 Forwarding packets........................................................................................................... 66 Unconfigured interfaces.................................................................................................... 66 Unnumbered interfaces..................................................................................................... 67 Unconfigured interfaces v unnumbered interfaces ........................................................... 67 Configuring unnumbered interfaces.................................................................................. 67 Creating a route ................................................................................................................ 68 Virtual Interfaces............................................................................................................... 68 Configuring virtual interfaces ............................................................................................ 68 Similarities between virtual interfaces and real interfaces ................................................ 69 Differences between virtual interfaces and real interfaces ............................................... 69 Secondary IP addresses................................................................................................... 70 Configuring secondary IP addresses................................................................................ 70 Functionality of secondary IP addresses .......................................................................... 71 IP Quality of Service ......................................................................................................... 71 Expedited class................................................................................................................. 71 Example of use of Prioritization ........................................................................................ 71 Quality of Service support................................................................................................. 72 Packet Classification......................................................................................................... 72 Configuring Flow Qualifiers............................................................................................... 72 Link bandwidth prioritization.............................................................................................. 73 CPU prioritization.............................................................................................................. 73 TCP/IP Command Reference ........................................................................................... 75 IP Tracing commands....................................................................................................... 75 IP CLI commands ............................................................................................................. 75 ip add defaultroute gateway.............................................................................................. 77 ip add defaultroute interface ............................................................................................. 77 ip add interface ................................................................................................................. 78 ip add route....................................................................................................................... 79 ip attach ............................................................................................................................ 80 ip attachvirtual................................................................................................................... 81 ip clear arpentries ............................................................................................................. 82 ip clear interfaces.............................................................................................................. 82 ip clear riproutes ............................................................................................................... 82 ip clear routes ................................................................................................................... 82 ip delete interface.............................................................................................................. 83 ip delete route ................................................................................................................... 83 ip detach interface............................................................................................................. 84 ip interface add fq codepoint............................................................................................. 84 ip interface add fq protocol................................................................................................ 85 ip interface add fq srcaddr codepoint................................................................................ 86 ip interface add fq srcaddr protocol................................................................................... 87 ip interface add proxyarpentry .......................................................................................... 88 ip interface add proxyarpexclusion ................................................................................... 89 ip interface add secondaryipaddress ................................................................................ 90 ip interface clear fqs.......................................................................................................... 91 ip interface clear proxyarpentries...................................................................................... 92 ip interface clear secondaryipaddresses........................................................................... 92 ip interface delete fq.......................................................................................................... 93 ip interface delete proxyarpentries.................................................................................... 94 ip interface delete proxyarpexclusion................................................................................ 94 ip interface delete secondaryipaddress ............................................................................ 95 ip interface list fqs ............................................................................................................. 96 ip interface list proxyarpentries ......................................................................................... 96 ip interface list secondaryipaddresses.............................................................................. 97 ip list arpentries................................................................................................................. 98

iv

AT-RG 600 Residential Gateway – Software Reference Manual

v

ip list connections.............................................................................................................. 98 ip list interfaces ................................................................................................................. 99 ip list riproutes................................................................................................................... 99 ip list routes..................................................................................................................... 100 ip ping ............................................................................................................................. 100 ip set interface dhcp........................................................................................................ 101 ip set interface ipaddress................................................................................................ 101 ip set interface mtu.......................................................................................................... 102 ip set interface netmask.................................................................................................. 103 ip set interface rip accept................................................................................................ 104 ip set interface rip multicast ............................................................................................ 105 ip set interface rip send................................................................................................... 105 ip set interface tcpmssclamp........................................................................................... 106 ip set rip advertisedefault................................................................................................ 107 ip set rip authentication................................................................................................... 108 ip set rip defaultroutecost................................................................................................ 108 ip set rip hostroutes......................................................................................................... 109 ip set rip password.......................................................................................................... 109 ip set rip poison............................................................................................................... 110 ip set route cost............................................................................................................... 110 ip set route destination.................................................................................................... 111 ip set route gateway........................................................................................................ 112 ip set route interface ....................................................................................................... 113 ip show............................................................................................................................ 113 ip show interface............................................................................................................. 114 ip show route................................................................................................................... 115

CHAPTER 5 Transports ................................................................................................ 116
Transports CLI commands.............................................................................................. 117 transports clear ............................................................................................................... 117 transports delete ............................................................................................................. 117 transports list................................................................................................................... 118 transports show............................................................................................................... 118

CHAPTER 6 Ethernet..................................................................................................... 120
Ethernet CLI commands ................................................................................................. 120 ethernet add transport..................................................................................................... 120 ethernet clear transports................................................................................................. 121 ethernet delete transport................................................................................................. 121 ethernet list ports ............................................................................................................ 122 ethernet list transports .................................................................................................... 122 ethernet show transport .................................................................................................. 122

CHAPTER 7 Security & Firewall................................................................................. 124
Introduction ..................................................................................................................... 124 Application Gateway ....................................................................................................... 124 Stateful Inspection .......................................................................................................... 125 Security support on AT-RG6xx Residential Gateway series........................................... 125 Security Interfaces .......................................................................................................... 126 Dynamic Port Opening and Triggers............................................................................... 127 Non-Activity Timeout....................................................................................................... 128 Session Chaining............................................................................................................ 128 Firewall............................................................................................................................ 129 Policy .............................................................................................................................. 130 Portifilter.......................................................................................................................... 130 Validator.......................................................................................................................... 130 Intrusion Detection.......................................................................................................... 131 Security Command Reference........................................................................................ 133 Security CLI commands.................................................................................................. 133

security add interface...................................................................................................... 133 security add trigger tcp|udp............................................................................................. 134 security add trigger netmeeting....................................................................................... 135 security clear interfaces .................................................................................................. 136 security clear triggers...................................................................................................... 136 security delete interface.................................................................................................. 136 security delete trigger...................................................................................................... 136 security............................................................................................................................ 137 security list interfaces...................................................................................................... 138 security list triggers ......................................................................................................... 138 security set trigger UDPsessionchaining ........................................................................ 138 security set trigger addressreplacement......................................................................... 139 security set trigger binaryaddressreplacement ............................................................... 140 security set trigger endport ............................................................................................. 141 security set trigger maxactinterval .................................................................................. 141 security set trigger multihost ........................................................................................... 142 security set trigger sessionchaining................................................................................ 142 security set trigger startport ............................................................................................ 143 security show interface ................................................................................................... 143 security show trigger....................................................................................................... 143 security status................................................................................................................. 144 Firewall Command Reference ........................................................................................ 146 Firewall CLI commands .................................................................................................. 146 firewall add policy............................................................................................................ 147 firewall add portfilter........................................................................................................ 148 firewall add validator ....................................................................................................... 150 firewall clear policies....................................................................................................... 152 firewall clear portfilters .................................................................................................... 152 firewall delete policy........................................................................................................ 153 firewall delete portfilter.................................................................................................... 153 firewall delete validator ................................................................................................... 154 firewall enable|disable..................................................................................................... 154 firewall enable|disable IDS.............................................................................................. 155 firewall enable|disable blockinglog.................................................................................. 156 firewall enable|disable Intrusionlog ................................................................................. 156 firewall enable|disable sessionlog................................................................................... 156 firewall list policies .......................................................................................................... 157 firewall list portfilters........................................................................................................ 157 firewall list validators ....................................................................................................... 158 firewall set IDS DOSattackblock ..................................................................................... 159 firewall set IDS MaxICMP ............................................................................................... 159 firewall set IDS MaxPING ............................................................................................... 160 firewall set IDS MaxTCPopenhandshake ....................................................................... 160 firewall set IDS SCANattackblock................................................................................... 161 firewall set IDS blacklist .................................................................................................. 162 firewall set IDS victimprotection ...................................................................................... 162 firewall set securitylevel .................................................................................................. 163 firewall show IDS ............................................................................................................ 165 firewall show policy ......................................................................................................... 165 Firewall show portfilter .................................................................................................... 166 firewall show validator..................................................................................................... 167 firewall status .................................................................................................................. 168

CHAPTER 8 Network Address Translation - NAT ................................................. 169
Network Address Translation.......................................................................................... 169 Address conservation ..................................................................................................... 169 Security........................................................................................................................... 170 How does NAT work? ..................................................................................................... 170 What about protocols other than UDP and TCP?........................................................... 172 How can you let sessions into servers on the private LAN? ........................................... 172

vi

.................... 175 NAT and secondary IP addresses ............................................................................................................................................................................................................................................................................................................................................................................................................. 181 nat clear resvmaps............................................... 203 Example:................................... 206 Lease requirements and requests .. 197 igmp snooping disable ................... 174 Firewall filters and reserved mappings............................................................................................................................................................... 199 IGMP Proxy Command Reference ............................................................................................................................................................................................................................................................. 173 Reserved Mappings................................................................................................................................................................................................. 174 NAT and Dynamic Port Opening............ 198 igmp snooping show ....................................................................................................................................................................................................................................................................................................................................................................................................................................... ........ 198 igmp snooping set timeout............................................................. 204 DHCP client ......................................................................................................................................................................................................................................................................................................................... 184 nat iketranslation........................................................................ 175 NAT Command Reference......................... 186 nat list resvmaps.................................. 182 nat delete globalpool................................ 193 IGMP snooping on AT-VP6x3 product family .......................................................................................................................................................................AT-RG 600 Residential Gateway – Software Reference Manual vii NAT support on AT-RG6xx Residential Gateway series ............................................................................ 180 nat clear globalpools............................................................ 197 igmp snooping enable.......................................................................................................................................................... 197 IGMP snooping CLI commands..... 194 Multicast Hosts Port Discovery ............................................................................... 183 nat enable ...................................................................................................................................................................... 202 Introduction ............................................................................. 193 IGMP snooping ......... 200 igmp proxy show upstreaminterface .............................................................................. 191 Group addresses ................................................ 200 igmp proxy show status ..................................................................................................................................... 207 ......... 176 NAT CLI commands....................................................................................... 198 igmp snooping set queryinterval ............................ 200 IGMP proxy CLI commands................ 197 igmp snooping set leavetime .......................................................... 195 Timeout interval expiring......................................................................... 196 IGMP proxy.......................................................................................................................... 173 Global IP Address Pools........................................................................................................................................................................................................................................................................................................................................................................... 200 igmp proxy set upstreaminterface..................................................................................................................................................................................................................... 189 nat status .......................................................................................................................................................DHCP......................................................... 194 Multicast Router Port Discovery.......................... 188 nat show resvmap........................ 176 nat add resvmap globalip............... 191 IGMP.......................................... 192 Multicast MAC addresses .......................... 187 nat show globalpool . 174 Interactions of NAT and other security features........................................................................................................ 178 nat add resvmap interface name ................................................. 202 DHCP support on AT-RG6xx Residential Gateway series ........................................................................... 203 DHCP server............................................... 196 IGMP Snooping Command Reference ..... 189 CHAPTER 9 IGMP snooping and IGMP proxy .................................................................................................. 185 nat list globalpools ................................ 182 nat delete resvmap .................... 201 CHAPTER 10 Dynamic Host Configuration Protocol ................................................................................................................................... 183 nat disable.................... 191 Multicasting Overview..................................................................................................................................................................................................................................................... 191 Multicasting principles...................................... 174 Application Level Gateways (ALGs) ............................................................................................................................ 194 Leaving a Group ...................... 176 nat add globalpool.....

........................................................................................................... 229 dhcpserver subnet list ipranges ...................................................................................................................................................................... 240 dhcpclient list interfaceconfigs ......................... 233 dhcpclient clear interfaceconfigs........................... 234 dhcpclient interfaceconfig add required option ....................... 227 dhcpserver subnet clear options............................ 223 dhcpserver set subnet subnet............................................. 230 DHCP Client Command Reference .................................................................................................................................................................................................... 241 dhcpclient set backoff ................ 214 dhcpserver delete subnet...................................................................................................................................................... 233 dhcpclient delete interfaceconfig............ 226 dhcpserver subnet clear ipranges................................................................................................................................................................................................................. 220 dhcpserver set fixedhost macaddress ............................................................................... 214 dhcpserver enable|disable . 222 dhcpserver set subnet hostisdnsserver .............................................. 221 dhcpserver set subnet defaultleasetime ................................................................................................................................................................................................................................................................................................................................................ 235 dhcpclient interfaceconfig add sent option.............. 236 dhcpclient interfaceconfig clear requested options........................................................................................................................................................................ 216 dhcpserver list subnets ......................................................................................................................... 242 dhcpclient set interfaceconfig autoip................ 244 viii ........................................................................................................... 215 dhcpserver list options ...................................................................................................................................................... 211 dhcpserver add fixedhost............. 225 dhcpserver subnet add iprange ......................................................... 236 dhcpclient interfaceconfig clear sent options ....................................................................................................................................................................................................................................... 239 dhcpclient interfaceconfig list sent options............. 211 DHCP server CLI commands...................................................................................................... 232 dhcpclient add interfaceconfig ............................................................ 208 Example........................................................................... 224 dhcpserver show........ 218 dhcpserver set bootp .......................................................................................................................................................................................................................... 229 dhcpserver subnet list options ................................................................................................................... 232 DHCP client CLI commands ...................................... 208 Propagating DNS server information .................................................................................................. 223 dhcpserver set subnet maxleasetime ................................... 218 dhcpserver set allowunknownclients......... 222 dhcpserver set subnet hostisdefaultgateway.............. 212 dhcpserver add subnet ........................ 215 dhcpserver list fixedhost ................................................................................. 239 dhcpclient interfaceconfig list requested options ...................................... 219 dhcpserver set fixedhost ipaddress ....................................................................................... 207 Additional DHCP client modes....................................... 243 dhcpclient set interfaceconfig defaultroute...... 210 DHCP Server Command Reference ...... 226 dhcpserver subnet add option......................................... 225 dhcpserver show subnet........................... 234 dhcpclient interfaceconfig add requested option............................ 230 dhcpserver update ................................................................................... 238 dhcpclient interfaceconfig delete sent option ....................................................................................................................................................................................................................... 208 Automatically setting up a DHCP server........................................................................................................................................................................................................................... 242 dhcpclient set interfaceconfig clientid .............................................................................................................................................................................................................................................................................................. 237 dhcpclient interfaceconfig delete requested option.. 220 dhcpserver set fixedhost maxleasetime........................ 209 DHCP Relay..........................................................................................................Support for AutoIP .............................................................................................................................................................................................................. 213 dhcpserver clear fixedhost ..................................................................................................................................... 228 dhcpserver subnet delete option......................... 219 dhcpserver set defaultleasetime ...... 221 dhcpserver set maxleasetime ............................................................ 228 dhcpserver subnet delete iprange............................................................ 214 dhcpserver delete fixedhost ............................................................................................................................................. 213 dhcpserver clear subnets....................

.................................................................................................................................. 245 dhcpclient set interfaceconfig dhcpserverinterface.................................................................................................................. 262 dnsrelay show landomainname ...................................................................................................................................................................................................... 259 dnsrelay clear landatabase................................................................................................................................. 250 dhcpclient set interfaceconfig server.............AT-RG 600 Residential Gateway – Software Reference Manual ix dhcpclient set interfaceconfig dhcpinform........................................................ 257 Introduction ............................................................................................................................................................................................................................. 262 DNS Client Command Reference................................................................... 255 dhcprelay enable|disable ............................................................................................................................................................... 256 dhcprelay show...................................................................... 269 sntpclient set mode.......................... 251 dhcpclient set reboot........................................................................................... 246 dhcpclient set interfaceconfig givednstoclient........................................................................................................................................................................................................ 265 dnsclient list searchdomains............................................ 263 dnsclient add server................... 249 dhcpclient set interfaceconfig requestedleasetime ............................................................ 257 DNS Relay .............................................................................................................................................................................. 267 SNTP Features .................................................................................. 254 dhcprelay add server ................................................................................................................................................. 263 dnsclient add searchdomain ............................................. 259 DNS Relay CLI commands........................................................................................................................... 265 CHAPTER 12 SNTP ............................................................................................. 260 dnsrelay delete server......... 267 Time Zones and Daylight Savings (Summer Time) Conversion........................................... 254 dhcprelay delete server..................................................... 270 sntpclient set retries............................................................................................................................................................................. 271 sntpclient set server............................................................................................................................................................................................... 269 SNTP CLI commands ...................... 258 DNS Client ........................................ 269 sntpclient set poll-interval...................................................................................... 261 dnsrelay set landatabasefile ........................................ 249 dhcpclient set interfaceconfig noclientid ....... 254 dhcprelay clear servers............... 268 SNTP Command Reference .................................................... 261 dnsrelay show lanaddress .................................................. 265 dnsclient list servers............................................................................................... 248 dhcpclient set interfaceconfig interface... 252 dhcpclient show ........................ 259 dnsrelay clear cache.......................................................................... 255 dhcprelay list servers ....................................................................... 263 DNS Client CLI commands........................ 254 DHCP relay CLI commands.................................... 260 dnsrelay clear servers.................................................................................................................................................................................................................... 264 dnsclient clear servers ................................................................................................................................................................................................................................................................................................ 260 dnsrelay list servers ........................................ 251 dhcpclient set retry............................................................ 245 dhcpclient set interfaceconfig dhcpserverpoolsize................................... 262 dnsrelay show landatabasefilename................................................................................................................................................................................................................................................................................................................................................................................................. 263 dnsclient clear searchdomains............................................. 271 .............................................................................. 256 CHAPTER 11 Domain Name System -DNS................................................................................................................................ 247 dhcpclient set interfaceconfig givednstorelay ............................. 253 DHCP Relay Command Reference ... 258 DNS Relay Command Reference.................................................................................. 269 sntpclient set clock........................................................ 252 dhcpclient update..................................................................................... 264 dnsclient delete searchdomain ........................................................................................................................................................................................................................................................................................................................ 256 dhcprelay update ....................................... 264 dnsclient delete server.............................................................................................................. 259 dnsrelay add server .............

........... 314 voip ep enable............................LAPD................................................................................................................................................................................................................................ 277 Adding and attaching PPPoE connections ...............................................................................................................................................................................................................................................................168 Line Echo Cancellation (8 ms – 32 ms tail length)............................................................................ 307 G............................................. 301 Common .............................................. 275 sntpclient sync ........................................................................................ 278 PPPoE Command Reference ........................... 299 ISDN BRI Physical Layer ................... 286 pppoe set transport givedns client ..................................................................................................................................................................................................................................................................................... 298 Analog Ports ...................................................................... 314 voip ep list............................... 291 pppoe set transport servicename......................................................................................................................................... 289 pppoe set transport lcpmaxfail................................................................ 282 pppoe set transport accessconcentrator............................................................................................ 300 ISDN Layer 2 .................................................................... 282 pppoe list transports................................................................................ 280 pppoe clear transports ...................... 315 x ................................ 299 Digital Ports. 311 voip ep CLI commands ............................... 280 pppoe add transport........ 310 VoIP EP Command Reference ..................................................................................................................sntpclient set timeout ................................................................................................................................. 284 pppoe set transport autoconnect FILTER delete .......... 272 sntpclient show association ........................................................................................... 280 PPPoE CLI commands ....................................................................................................................................... 276 PPPoE support on the AT-RG6xx Residential Gateway series............... 307 Telecom Tones Management ............................................................................................................................................................... 309 Port enable/disable ....................................................... 298 Introduction ............. 286 pppoe set transport givedns relay............................................................... 302 Dial Mask ................................................................................... 275 CHAPTER 13 PPPoE ...................................................................... 301 ISDN Layer 3 ............................... 288 pppoe set transport lcpmaxconf............................................................................... 291 pppoe set transport password......................... 295 CHAPTER 14 VoIP Analogue and Digital access ports ............................................................. 306 Volume Gain Control................................................................................... 294 pppoe show transport .. 313 voip ep disable..................................................................................... 274 sntp show status ........................................................................................................................................................................................................................... 278 Negotiation of PPPoE connections....................................... 292 pppoe set transport username................................................. 285 pppoe set transport ENABLED/DISABLED .......................................................................................................................................................... 287 pppoe set transport lcpechoevery.................................................................................................................................................................................................................................................................................................................. 290 pppoe set transport STATIC_IP/DYNAMIC_IP......................................... 312 voip ep delete....... 293 pppoe set transport welogin......Call Control ......... 308 Country-specific Telecom Tones ............. 283 pppoe set transport autoconnect .............................................................................................................................................................................................................................................................................................. 272 sntpclient set timezone ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 284 pppoe set transport autoconnect FILTER ADD .................. 301 Port configuration........... 311 voip ep create ............................................................ 289 pppoe set transport lcpmaxterm ..... 304 Voice Coder/Decoder........................................................................................................................ 307 Voice Activity Detection (VAD) / Comfort Noise Generation (CNG) ................................................................................................................................................ 282 pppoe delete transport...................................... 302 Digit Map............................................................................................................................................................................................................................................... 304 Voice Quality Management.........................................................

...................................................................................................................................................... 331 Protocol Components ..................................................... 321 voip ep set idt-partial..... 322 voip ep set jitterdelay ................................................................. 345 voip sip protocol set defaultport ........................................................ 351 voip sip LOCATIONSERVER list ......................................................................... 339 Forwarding Database (FDB)....................................................................................... Users & Forwarding Database............................................. 318 voip ep set dialmask ............................ 315 voip ep set cng.................................................................................................................................................................................................................................................................................................................................. 329 voip LIFELINE show ................................................................................................................................................... 329 voip LIFELINE ENABLE.............................................................................................................................................................................................................................. 344 voip sip protocol disable................................................................................ 344 VoIP sip protocol CLI commands................... 331 Introduction ............ 350 voip sip locationserver CLI commands ............................................. 336 VoIP SIP Servers................. 350 voip sip locationserver create ................................................................................AT-RG 600 Residential Gateway – Software Reference Manual xi voip ep set cfwd .................................................................................................................................................................................. 325 voip ep set rxgain......................................................................... 334 AT-RG613................................................................................... AT-RG623 and AT-RG656 Call Processes ........................ 323 voip ep set lec............................ 326 voip ep set vad............................................. 347 voip sip protocol set roundtriptime ............. 323 voip ep set offhook-time................................. 327 VoIP Lifeline Command Reference............................................................................................................................................................................................................................................................. 329 voip LIFELINE DISABLE....................... 345 voip sip protocol restart.............................................................................................................................................................................................................................................................................................................................................................................................. 332 SIP Messages.................................................................................................................................................................................................................................................................................................................. 353 voip sip proxyserver create......................................................................................................................................................................... 329 voip lifeline CLI commands................................................................ 352 VoIP SIP Proxyserver Command Reference.................................... 353 voip sip PROXYSERVER delete................... 320 voip ep set digitmap............................................................................................................................................................................................................... 344 voip sip protocol enable .................................................................................................................................................................................. 337 SIP Servers............................................................................................................................................................. 353 voip sip proxyserver CLI commands........................................................... 330 CHAPTER 15 VoIP SIP ................................................................................ 335 Calls Involving Another Terminal . 348 VoIP SIP Locationserver Command Reference.............................. 321 voip ep set idt-critical ..................................................... 335 Calls Involving a Terminal and a SIP Endpoint.......................................................... 337 Introduction .............................. 319 voip ep set dialmODE ........................ 331 SIP Protocol................................................................................................................................................................................................................................................................... 351 voip sip locationserver SET MASTER ............... 317 voip ep set codecs ........ 345 voip sip protocol set EXTENSION ................................................... 326 voip ep show......................................................................................................................................................................................... 324 voip ep set onhook-time.................................................................. 325 voip ep set txgain........................................................................................................................................................................................ 355 ............................. 354 voip sip PROXYSERVER list ..................... 346 voip sip protocol set NAT.. 350 voip sip locationserver delete........................................................................................................................................................................................................... 338 Users............................................................................................................................................................................ 348 voip sip protocol set SESSIONEXPIRE........................................................................................................... 354 voip sip PROXYSERVER SET MASTER ........................................................ 348 voip sip protocol show....... 341 VoIP SIP Command Reference ......... 318 voip ep set country.................... 347 voip sip protocol set NETINTERFACE............................................

................................................................................................................................... 379 voip H323 protocol set Q931PORT ...................................................................................................................................................... 367 Gatekeepers ...................................................................................................................... 370 Gateway Characteristics......... 376 voip h323 protocol enable.............................................................................. 383 voip H323 user CLI commands................................................................. 371 AT-RG613................ 362 voip sip fdb delete................ 381 voip H323 protocol set SECONDARYgatekeeper .............................................................. 366 H................................................ 369 H.............................................................................. 368 Audio CODEC............................................................................................................................................................................. 368 H........................................................................................ 376 VoIP h323 protocol CLI commands ........ 371 Calls Involving Another Terminal ....................... 385 xii ........................................................................................................................................................ AT-RG623 and AT-RG656 Call Processes ............................................................. 359 voip sip user remove......................................................................323 Protocols ....... 371 Calls Involving a Terminal and a H........................................................... 372 VoIP H323 Users ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 367 Terminals .......................................................................................................................................................................................................................................................... 377 voip H323 protocol set ALIAS............................................................................................................................................................. 380 voip h323 protocol set REsponse .................................................................................................................... 360 voip sip user show .............................................................................. 370 Gateway and Gatekeeper Characteristics ................................... 366 H........................................... 362 voip sip fdb CLI commands...... 383 voip h323 user add .......................... 362 voip sip fdb create................................................................................... 369 Real-Time Transport Protocol.......... 360 VoIP SIP FDB Command Reference ............................................. 356 voip sip user create. 369 H............................................................. 368 Protocols Specified by H....... 367 Gateways................................................. 373 Users.................................................................................. 374 VoIP H323 Command Reference ....................................................................................................................................................................................................................... 368 Video CODEC....................................................................................... 369 Real-Time Transport Control Protocol ................. 382 VoIP H323 User Command Reference...................................................................................245 Control Signaling........................ 356 voip sip user add................................................................................................ Admission.................................................... 384 voip h323 user delete....225 Call Signaling .................................. 369 Terminal Characteristics ...................................... 381 voip h323 protocol show ................................................................................................... 357 voip sip user delete............................................................ 378 voip H323 protocol set NETINTERFACE.....................................323 Components............................ 364 CHAPTER 16 VoIP H323............. 356 voip sip user CLI commands....................................................... 373 Introduction .......... 370 Gatekeeper Characteristics ................................................................................................................................................................................................................................................................................. 367 Multipoint Control Units........................................ 376 voip h323 protocol disable .....................................................................................................................................VoIP SIP User Command Reference...................323......................... 378 voip H323 protocol set gatekeeper ............................. 363 voip sip fdb list ........... 364 voip sip fdb show ............... 379 voip H323 protocol set RASPORT........................................................................................................................................................................................................225 Registration........................................................................................... 358 voip sip user list ........................................................................................................... 383 voip h323 user create ....................................................................................................................................................................................................................................................................................323 Endpoint......................................................... and Status .......................................... 366 Introduction .............................................................................................. 377 voip h323 protocol set CONNECT................................................................................................................................................................ 380 voip h323 protocol set REGISTRATION.....

............................................................................. 399 voip MGCP protocol show ................................... 404 voip qos SHOW ............................................... 410 Functional blocks ........ 404 voip qos SET DSCP.............................................. 397 voip MGCP protocol restart................................... 402 QoS.................................... 402 Introduction ............................................................................................................................................................................................................. 394 DeleteConnection ..................................................................................................................... 393 CreateConnection....................................................................................................................................................... 394 AuditEndpoint................................................................................................. 412 Storing Unit Configuration...................... 388 voip h323 fdb delete........................................ 393 ModifyConnection ........................... 391 MGCP Protocol Commands............................................................................... 399 voip MGCP callagent create ...................... 398 voip MGCP protocol set NETINTERFACE ................................................................................................................. 388 voip h323 fdb CLI commands ............................................................................................................................. 385 voip h323 user remove ............... 395 MGCP Command reference ...................................................................................................... 400 voip MGCP callagent delete ....................................................................................................................................................................................................... 410 Introduction . 404 voip qos SET TOS ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 393 Notify................ 395 AuditConnection........................................................................................................................... 410 ZTC Network Architecture.............................................................................................................................................................................. 388 voip H323 fdb create.................................................................................................................................................................................................................................................................... 397 voip MGCP protocol set NAT..................................................................... 391 Introduction . 396 voip MGCP protocol enable .......................................................................................................................... 390 CHAPTER 17 VoIP MGCP ................................................................................................................................ 406 voip MEDIA SET RTCP .............. 413 Pull-at-startup............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 389 voip H323 fdb list ........................... 407 voip MEDIA SHOW................................. 395 RestartInProgress.............................................................................................................................................................................................................................. 391 Connections & Endpoints........................................ 387 VoIP H323 FDB Command Reference ...................................................................................................................................... 393 NotificationRequest.......................................... 411 ZTC Client........................................................ 386 voip h323 user show.................................................................................................................................................................. 407 CHAPTER 19 ZTC .......................................................... 403 VoIP QoS Command Reference................................................................................AT-RG 600 Residential Gateway – Software Reference Manual xiii voip h323 user list....... 404 VoIP QoS CLI commands......... 400 voip MGCP callagent list......................................................................................................... 406 voip MEDIA SET PORTRANGE ..................... 402 Media .............................................. 413 ..................................................................... 397 voip MGCP protocol set defaultport...................................................... 398 voip MGCP protocol set PROFILE.. 405 VoIP Media Command Reference .................................................................................................................................................................................................. 406 voip MEDIA SET SESSIONTIMEOUT.......................................................................................................................................................................................................................................................................................................................................................................................................... 396 MGCP commands......................................................................................... 389 voip h323 fdb show...................... 406 VoIP Media CLI commands ................................................................................................................................................................. 396 voip MGCP protocol disable ...... 401 CHAPTER 18 VoIP QoS and Media .................................................

..... 419 Introduction ............................................... Error! Bookmark not defined............................................................................. SWUPDATE MAC.................................. SWUPDATE sTART ............................................. xiv .............................. Stop Time Scheduling. SWUPDATE set PAth......................... 417 ztcclient show............ 419 FTP server ... Retry Period Scheduling ....... 417 ztcclient set .................................. Error! Bookmark not defined....... SWUPDATE set retry period............................................................................................... SWUPDATE set PASSWORD..... 421 SwUpdate module........................................................................................................................... Error! Bookmark not defined................................................................................................................................................................. 425 server access..................................... Error! Bookmark not defined........ Error! Bookmark not defined.................................................................................................. SWUPDATE sTOP ............................................ Error! Bookmark not defined............................................................................................... 418 CHAPTER 20 Software Update .....................Scheduled-pull ...................................................... Error! Bookmark not defined.................................................................................................. Error! Bookmark not defined........................................................................................................ Error! Bookmark not defined................................... Error! Bookmark not defined......................................................................................................... Plug-and-play.... 416 ztcclient enable static........................................................................ 420 Windows™ Loader........ 420 TFTP server....................................... 416 ztcclient enable dynamic..................................................................... Error! Bookmark not defined.................................................. SWUPDATE set SERVER.................................................................................................. Error! Bookmark not defined.......................... Error! Bookmark not defined........ Error! Bookmark not defined.... SwUpdate Command reference................................. 418 ztcclient update........................................... Error! Bookmark not defined..................... 417 ztcclient disable.................................................................. 422 Start Time Scheduling............................................................. Enabling manually SwUpdate........................................................ Error! Bookmark not defined........................ SWUPDATE sTART TIME................................................................................................................................ 414 ZTC Command reference ................................. SWUPDATE sTop TIME......................................... 416 ZtcClient commands .... SWUPDATE set login ................................................................................................................................................................................................................................................. Swupdate commands ........................... Error! Bookmark not defined.............................................................................................. Error! Bookmark not defined....... SWUPDATE show .............................................................

............................. ....................................................................... 422 Figure 28......................................... Address Conservation using NAT ..................................... 35 Figure 2...... VoIP H323 subsystem configuration ........................... 373 Figure 22......................... VoIP subsystem configuration .............................basic steps.................................... 411 Figure 24.............................................. Access to the Residential Gateway TFTP server.............. 301 Figure 16...... 421 Figure 27.................... 61 Figure 6...................... 336 Figure 17................................ 173 Figure 12................... VLAN and IP layer architecture (the greyed area surrounds the entities always available in the system) .................................. . 63 Figure 7....... Scheduled-pull ZTC phase.. Error! Bookmark not defined... ........................................................................................ Error! Bookmark not defined.................................. ..................................................................... Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone....................... .......................................... External access to an FTP server .................................................323 Terminals on a Packet Network........... VoIP subsystem configuration ....................................... Subdivision of the 32 bits of an Internet address into network and host fields for class A........................... Figure 4............................................................................................................. Tagged frame format according to IEEE 802....................... 423 Figure 30..........................................................................................................AT-RG 600 Residential Gateway – Software Reference Manual xv List of figures Figure 1.... Firewall module and related objects.......................................................... 276 Figure 14............................................................................................... Phone --> AT-RG613/RG623 (A) --> SIP IP Phone.................................................. PPP is used by Internet Service Providers (ISPs) to allow dial-up users to connect to the Internet................ 54 Figure 4.............. IP Packet overview.................................basic steps............................................... 367 Figure 20...................... B and C networks................... Figure 29....................... Phone --> AT-RG613/RG623 (A) --> H323 IP Phone... 50 Figure 3................................................................. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone........................................................................................................................................................................ ISDN Basic Access................ 55 Figure 5........ 415 Figure 26......... 131 Figure 10......basic steps............... H................ 126 Figure 8.................................... 300 Figure 15.. ............ ........................................... 170 Figure 11............... 374 Figure 23.. Security interfaces on AT-RG6xx Residential Gateway series....................................................basic steps ..................... ...................................................................................... ZTC network architecture............... ..................................................................................... The Windows™ Loader...................... 372 Figure 21.................3ac standard................. 414 Figure 25....................................... Domain Name System .............................. Pull-at-Startup ZTC phase................... Normal SwUpdate operation mode................ IP packet or datagram. Security modules on AT-RG6xx Residential Gateway series.................................................................................................................... IP interface over VLAN ...... SwUpdate scheduling example 2............................................................. DHCPCONF like SwUpdate operation mode. 257 Figure 13.. Error! Bookmark not defined............................................... 338 Figure 19.............................................................................................. 127 Figure 9.................................................... 337 Figure 18....... SwUpdate scheduling example 1....... .... ......................................

AT-RG623 and AT-RG656 are Customer Promise Equipment (CPE) designed to provide data and VoIP access for multiple users in Small Office/Home Office (SOHO). Internet and Internet Video. The VoIP residential gateway. fax. AT-RG623 and AT-RG656 Residential Gateway. wanting very fast download combining broadband access with Internet telephony services.) • two analog VoIP ports for connecting two analog telephones or faxes (ATRG613TX(J) models) plus one analogue FXO port for connecting to PBX or to Local Exchange (AT-RG613TXJ model only) • two digital VoIP ports for connecting up to 8 digital telephones or faxes (ATRG623TX model) • Switching function using the same analogue terminal from VoIP to PSTN . fitted with a number of ports for interconnection of traditional domestic appliances (telephone. Small to Medium Enterprise (SME). AT-RG613. Branch Offices or customer residence. acts as an adapter for the conversion and management of all the necessary protocols for using advanced multimedia services: • Low cost telephony using Internet protocol (VoIP) • Fast Internet navigation • Video on demand • Interactive services The main features of the device are listed below: • one 10/100 BaseT Ethernet port for uplink (WAN port) • three 10/100 BaseT Ethernet ports for connecting user equipment (pc. Using these intelligent equipment the customer can use broadband integrated services for telephony.AT-RG 600 Residential Gateway – Software Reference Manual Preface Purpose of this Manual This manual is the complete reference to the configuration. personal computer). and includes detailed descriptions of all management commands. printer. management and operation of the AT-RG613. etc.

• IGMP v1/v2 snooping for multicast packet filtering • PPPOE • DHCP Server and Relay • DNS Relay • Compliant with SIP protocol and H323 v2 protocol • TFTP . or who manages a network of AT-RG613. protocols and routing. AT-RG623 and AT-RG656.1q tag based VLAN • QoS packet prioritization support: per port. It is assumed that the reader is familiar with: • The topology of the network in which the Residential Gateway is to be used.1p and DiffServ based • Programmable rate limiting. • Administration and operation of a computer network. and interfaces. AT-RG623 and AT-RG656 Residential Gateways. egress port.AT-RG 600 Residential Gateway – Software Reference Manual xvii • IEEE 802. • Basic principles of computer networking. ingress port.Network Time Protocol support Configuration and management of the device through: • Serial interface (CLI) • Telnet • SNMP • Zero Touch Configuration Moreover AT-RG613. Most of the commands described in this manual require superuser privilege and can only be entered from a terminal or port. network manager or communications technician who will configure and maintain AT-RG613. . which has been logged with superuser privilege.Trivial File Transfer Protocol support • NTP . AT-RG623 and AT-RG656 integrate advanced router features like: • Firewall • Dynamic Port Opening • Attack Detection and Blocking • Advanced Network Address Translation (NAT) Intended Audience This manual is intended for the system administrator. per port basis. 802.

PPPoE . Chapter 4.describes the implementation of the Internet Protocol (IP) and all the commands related to IP network configuration management. Network Address Translation – NAT.gives an introduction to the Point-To-Point Protocol over Ethernet and describes how to configure PPPoE services Chapter 14. AT-RG656 Residential Gateway. IGMP Snooping and IGMP Proxy .describes the commands related to the VLAN support provided by Layer 2 Switch and IP system stack.describes H323 protocol. the related call processes and all the commands related to H323 and User configuration management. Chapter 20. System Management . the “Dynamic Port Opening”. Chapter 15.describes the commands related to the integrated Layer 2 Switch configuration. Chapter 1. Chapter 16. .describes all the supported features concerning the IGMP Snooping and IGMP Proxy. User and FDB configuration management. VoIP SIP . SNTP . Security and Firewall . Chapter 8. Chapter 9.describes additional security features concerning NAT.gives a brief introduction to the Dynamic Host Configuration Protocol and describes how to configure the DHCP server/relay services Chapter 11. Voip MGCP Chapter 18. VoIP H323 . Chapter 10. Dynamic Host Configuration Protocol – DHCP . the “Attack Detection and Blocking”. IP . SwUpdate . VoIP QoS and Media Chapter 19.describes ZTC Client support and related commands. VLAN . Ethernet – describes the commands available to manage the Ethernet module Chapter 7. Chapter 17. Chapter 3.describes Sw Update support and related commands. Switch . Transports – describes the commands available to manage the Transport module.an introduction to AT-RG613. Domain Name System – DNS .describes all the supported features concerning the Firewall.describes the different type of access ports for VoIP services and how to configure Analogue and Digital ports.describes SIP protocol.gives an introduction to the Domain Name System and describes how to configure the DNS client/relay services Chapter 12. the related call processes and all the commands related to SIP.describes general operation. Command Line Interface access and user management. Chapter 6. Chapter 2. VoIP Analogue and Digital Access ports .xviii Structure of this Manual This manual is organized into the following chapters: Preface . Chapter 5. AT-RG623.gives an introduction to the Network Time Protocol and describes how to configure the SNTP services Chapter 13. ZTC .

AT-RG 600 Residential Gateway – Software Reference Manual

xix

For further information please refer to the “SNMP Reference Manual”

AT-RG 600 Residential Gateway – Software Reference Manual

1

Standards and Protocols
Supported Standards and Protocols Table 1 lists the protocols and standards supported by the AT-RG613, AT-RG623 and AT-RG656 Residential Gateway and the references where these protocols and standards are defined. Protocol/standard ARP Assigned Numbers DHCP DNS H.323 ICMP IEEE 802.2 IEEE 802.3 IGMP IP IP addressing ISDN Reference RFCs 826, 925. RFC 1700. RFCs 2131, 2132. RFCs 1034, 1035 ITU H.323, ITU H.225, ITU H.245 RFCs 792, 950. ANSI/IEEE Std 802.2-1985. ANSI/IEEE Std 802.3-1985, 802.3a, b, c, e-1988. RFCs 2236, 1112 RFCs 791, 821, 950, 951, 1009, 1055, 1122, 1144, 1349, 1542, 1812, 1858. RFC 1597. ITU-T I.430 (Basic Rate Access) ETSI ETS 300 402-1 (Layer 2) ETSI ETS 300 403-1 (Layer 3) RFCs 958, 1305, 1510. RFC 2516 RFC 1889, ITU G.711, ITU G.723, ITU G.729 RFC 2327 RFC 2543 RFCs 1155, 1157, 1213, 1239, 1315, 1398, 1493, 1514, 1573, 2233. RFC 793. RFCs 854–858, 932 1091. RFC 1350. RFC 768. IEEE Std 802.1Q

NTP PPP over Ethernet RTP-RTCP SDP SIP SNMP, MIBs TCP Telnet TFTP UDP VLAN

Table 1. Protocols and standards supported by AT-RG613, AT-RG623 and ATRG656 Residential Gateway. Obtaining Copies of Internet Protocols and Standards The Internet Protocols are defined in Requests For Comments (RFCs). RFCs are developed and published under the auspices of the Internet Engineering Steering

2

Preface

Group (IESG) of the Internet Engineering Task Force (IETF). For more information about the IESG and IETF, visit the IETF web site at http://www.ietf.org/. For more information about RFCs and Internet Drafts (the starting point for RFCs), visit the RFC Editor web site at http://www.rfc-editor.org/. This site has information about the RFC standards process, archives of RFCs and current Internet Drafts, links to RFC indexes and search engines, and a list of other RFC repositories. RFCs can be obtained electronically from many RFC repositories, mail servers, World Wide Web (WWW), Gopher or WAIS sites. A good starting point for finding the nearest RFC repository is to point your Web browser at http://www.isi.edu/innotes/rfc-retrieval.txt.

Background Reading
For an introduction to the Internet Protocols refer to: DDN Protocol Handbook, Elizabeth J. Feinler, 1991, DDN Network Information Center, SRI International, 333 Ravenswood Avenue, Menlo Park, CA 94025, USA. Email: nic@nic.ddn.mil. Internetworking with TCP/IP — Volume I: Principles, protocols and architecture (2nd Edition), Douglas E. Comer, 1991, Prentice-Hall International, Inc., New Jersey. ISBN 0-13-474321-0. Internetworking with TCP/IP — Volume II: Design, implementation, and internals, Douglas E. Comer and David L. Stevens, 1991, Prentice-Hall International, Inc., New Jersey. ISBN 0-13-472242-6. Internetworking with TCP/IP — Volume III: Client-server programming and applications, Douglas E. Comer and David L. Stevens, 1993, Prentice-Hall International, Inc., New Jersey. ISBN 0-13-474222-2. For a description of layered protocols refer to: Computer networks (2nd Edition), Andrew S. Tanenbaum, 1989, Prentice-Hall International, Inc., New Jersey. ISBN 0-13-162959-0. For an introduction to PPP refer to: Using and Managing PPP, Andrew Sun, O’Reilly; ISBN: 1565923219; (March 1999). For an introduction to network management refer to: The simple book — An introduction to management of TCP/IP-based Internets, Marshall T. Rose, 1991, Prentice-Hall International, Inc. ISBN 013812611-9. For an introduction to VOIP refer to: Internet Communications Using SIP, Henry Sinnreich, Alan B. Johnston. SIP: Understanding the Session Initiation Protocol, Alan B. Johnston. IP Telephony with H.323: Architectures for Unified Networks and Integrated Services, Vineet Kumar, Markku Korpi, Senthil Sengodan.

Publicly Accessible Documents
Allied Telesyn maintains an online archive of documents and files that customers can access via the World Wide Web or via anonymous FTP. For WWW access, point your Web browser at http://www.alliedtelesyn.com/.

AT-RG 600 Residential Gateway – Software Reference Manual

3

Conventions used in command definitions
A number of symbols, typographic and stylist conventions are used throughout this manual to help user in learning and to specify command syntax (see Table 2). This typeface ALL CAPS Is used for Command keywords to be typed as shown. Generally, keywords may be abbreviated to the shortest string that is unambiguous within the current context. Italics are used for denoting a user-specified value. Angle brackets denote compulsory command-line parameters or values. Square brackets denote optional command-line parameters or values.. Curly brackets, in conjunction with vertical bars, denote a set of alternative commandline parameters or values.

italics < > [ ] { | | }

Table 2. Typographic conventions used in this manual. Commands are described under Command Reference within the section to which they apply.

4

Chapter 1 – System Management

Chapter 1

System Management

This chapter provides some basic instructions about how login to the CLI and the different types of user access.

Logging into the CLI
It's possible to use two different connections in order to access the Command Line Interface:

Serial Connection
It's possible to access the CLI interface through a serial connection using a terminal emulator program like, for example, Windows Hyper Terminal with the following default parameters: • bit rate: 38400 bps • • • • data bits: parity: stop bits: flow control: 8 none 1 none

TCP/IP connection
It's possible to access the CLI interface through a TCP/IP connection by opening a Telnet session with the following default parameters: • ip address: 192.168.1.1 (factory default) • telnet port: 23

As soon the connection is established, a login and password are requested. The following default values give superuser access to the CLI commands and must be used only by administrators to configure the system and to create user access with restricted privileges: login: manager

AT-RG 600 Residential Gateway – Software Reference Manual

5

password: friend

Command Line Interface and Console
The CLI is the Command Line Interface used in the AT-RG613, AT-RG623 and ATRG656 Residential Gateway to configure and manage the unit. It provides full access to the following system modules: console dhcp client dhcp relay dhcp server dns client dns relay ethernet firewall igmp ip nat pppoe security sntp client switch system transport user vlan voip webserver ztc client

Webserver
The AT-RG613, AT-RG623 and AT-RG656 are designed to provide the ability to configure the system using a Graphical User Interface (GUI) instead of - or together with - the Command Line Interface (for future release). To keep the system design open to these future improvements, all CLI commands are actually processed by the webserver module that acts like a parsing and pre-processing layer between the user and the software module the command refers to. For this reason, syntax errors due to incorrect CLI commands, typically report the webserver source as reference for the cause of the error.

Webserver commands are accessible from the Command Line Interface for users with superuser access permission. Because the webserver is still under development it is strongly discouraged to make any changes to this module because this could lead to system instability or could block access to the command line.

6

Chapter 1 – System Management

File System
The AT-RG613, AT-RG623 and AT-RG656 application processes require that configuration information be accessible when they start up, and that configuration changes are retained for future operation. To fulfill the above requirements, two processes are provided, namely the ‘In Store File System’ and the ‘FLASH File System’. These two processes are referred to as isfs and flashfs, respectively, in this document. The two file systems provide a standard file interface to application processes. The isfs provides for volatile, run-time file storage; whereas the flashfs provides nonvolatile file storage. The critical period for such a system occurs when the flash memory itself is being updated, as a power failure could result in data corruption and hence an inoperable system. In the AT-RG613, AT-RG623 and AT-RG656, flash memory is divided into three main areas: BOOT code System configuration information Run-time images and their configuration information

Boot code
The Boot ROM program normally resides in flashfs, in a reserved portion of the first flash device. This code is run when the system is first booted and provides self-test code as well as the ability to load the main run-time images. The Boot ROM area is not normally accessible for either reading or writing by flashfs, so is rarely, if ever, rewritten.

System configuration information
System configuration information includes information such as the system MAC address. This information is rarely, if ever, updated once it has been set.

Run-time images
The flashfs file system provides permanent storage of files and is not normally used other than at start of day or when re-writing the flash. In addition to configuration files, flashfs stores the software image, which is loaded by the BOOT ROM after system restart. After system restart and during system initialization, flashfs files are copied into isfs so that they are accessible by application processes. Typically, applications use the isfs files to store their configuration data. Changes made to the configuration can be written back into isfs, and subsequently flashfs, with the config save command.

use the system list user or system list login commands. save backup configuration and restore factory settings. If the isfs copies are written back to the flashfs. Can also set up user login accounts. engineer user . respectively.can use CLI commands.AT-RG 600 Residential Gateway – Software Reference Manual 7 During a flashsfs update. use the system add user or system add login commands. Cannot access to console commands. The Command Line Interface doesn't allow access to the flashfs filing system or to the isfs in store file system because this is not required in typical user situations. It is used only for specific maintenance purposes. in store file system isfs and special debug functions can be access through a nested command line called the console. Normally the software image is not rewritten. To change user privileges. The accounts created by these commands default to low privileges. The Flash file system flashfs.can use CLI commands. The flashfs configuration files can be considered the ‘master’ copies. super user . To create new user accounts. The console command line can be used only if you have appropriate access permissions and is typically hidden from the user. the current settings will be will be preserved. To list the current user or login accounts. This Administration Manual doesn't cover console commands. use the system set user access or system set login access commands. and the isfs files the runtime copies. . Can access the full console command set.can use CLI commands. all configuration files in isfs are written back to flashfs irrespective of whether they have changed or not. Access permissions to the CLI There are three access level options for CLI users that provide different levels of allowed operations: default user . Can access to limited console commands.

System CLI commands The table below lists the system commands provided by the CLI: Command SYSTEM ADD USER SYSTEM ADD LOGIN SYSTEM CONFIG BACKUP SYSTEM CONFIG RESTORE SYSTEM CONFIG SAVE SYSTEM DELETE LOGIN SYSTEM DELETE USER SYSTEM INFO SYSTEM LIST ERRORS SYSTEM LIST USERS SYSTEM LIST LOGINS SYSTEM LOG SYSTEM LOG ENABLE|DISABLE SYSTEM LOG LIST SYSTEM NAME SYSTEM RESTART SYSTEM SET LOGIN ACCESS SYSTEM SET LOGIN MAYCONFIGURE SYSTEM SET LOGIN MAYDIALIN SYSTEM SET USER ACCESS SYSTEM SET USER MAYCONFIGURE SYSTEM SET USER MAYDIALIN SYSTEM ADD USER Syntax SYSTEM ADD USER <name> ["comment"] Description This command adds a user (typically a PPP user) to the system.8 Chapter 1 – System Management System Command Reference This section describes the commands available on the AT-RG613. Only a Super user can use this command. . AT-RG623 and AT-RG656 Residential Gateway to configure and manage the System module.

) Option dialin to the system login to the system configuration permissions access permissions Default Setting disabled enabled enabled default user . (A different set of defaults are applied to a new account added using the SYSTEM ADD LOGIN command. Default setting The default settings in the table below are applied to new accounts that are added using the system add login command.AT-RG 600 Residential Gateway – Software Reference Manual 9 Default Setting The default settings in the table below are applied to new accounts that are added using the system add user command. Default value N/A comment No comment added Example --> system add user ckearns ["Typical user"] See also SYSTEM SET USER ACCESS SYSTEM SET USER MAYDIALIN SYSTEM SET USER MAYCONFIGURE SYSTEM LIST USERS SYSTEM DELETE USER SYSTEM ADD LOGIN Syntax SYSTEM ADD LOGIN <name> ["comment"] Description This command adds a user to the system. An optional comment about the user that is displayed when you type the commands system list users and system list logins. Option name Description A unique user name made up of more than one character that identifies an individual user and lets the user access the system.) Option dialin to the system login to the system configuration permissions access permissions Default Setting enabled disabled disabled default user Options The following table gives the range of values for each option that can be specified with this command and a default value (if applicable). (A different set of defaults are applied to a new account added using the SYSTEM ADD USER command. Only a Superuser can use this command.

the backup copy is created in a volatile filesystem (isfs).conf. By default.backup file by default. Option Description A unique login name made up of more than one character that identifies an individual user and lets the user access the system. it's necessary to specify the target flashfs file system plus the filename. the backup copy is lost.10 Chapter 1 – System Management Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The filename MUST be preceded by either //isfs/ or //flashfs/. Upon turning off the unit or simply rebooting the unit. Default Value If a filename is not specified. An optional comment about the user that is displayed when you type the commands SYSTEM LIST USERS and SYSTEM LIST LOGINS. To make the backup copy permanent. the configuration is saved in //isfs/im. Option Description An arbitrary name that identifies the file that you want to save your configuration in. If you do not specify a filename. To prevent a user from overwriting the system with their own configuration. type //isfs/ or //flashfs/ (depending on which directory the backup file is stored in) followed by a filename value. only a Superuser can use this command.conf.backup filename . the configuration is saved in the //isfs/im. Default value name N/A comment Blank (No comment added) Example --> system add login ckearns "temporary contractor" See also SYSTEM DELETE LOGIN SYSTEM LIST LOGINS SYSTEM CONFIG BACKUP Syntax SYSTEM CONFIG BACKUP [filename] Description This command saves the current system configuration to a file. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To specify the file that you want to save configuration information in.

backup .factory file.backup file. The name of a file containing an alternative backup configuration to that stored in the //isfs/im. • Super users can restore the factory defaults from //isfs/im. the CLI will display a message telling you which modules could not be restored. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value N/A filename N/A FACTORY N/A Example --> system config restore backup Restoring backup configuration //isfs/im. • Super users can restore their backup configuration from a different file by typing //isfs/ or //flashfs/ (depending on which directory the backup file is stored in) followed by a filename value. use the following command: --> system config backup Saving to backup configuration //isfs/im.backup To make a backup copy of the current system configuration with a user defined flename. Restores the factory default configuration from the im. if you do not have all modules installed. Only Super users can use this command. use the following command: --> system config backup //flashfs/mybackup Saving to backup configuration //flashfs/mybackup See also SYSTEM CONFIG RESTORE SYSTEM CONFIG SAVE SYSTEM CONFIG RESTORE Syntax SYSTEM CONFIG RESTORE {BACKUP|[filename]|FACTORY} Description This command tries to restore all system modules.conf.factory.AT-RG 600 Residential Gateway – Software Reference Manual 11 Example To make a backup copy of the current system configuration with a default flename. The following options are available: • Superusers.conf.conf.conf.backup file.backup file.conf. Option BACKUP Description Restores the backup configuration from the im. The filename MUST be preceded by either //isfs/ or //flashfs/. Engineers and Default users can restore their backup configuration from the //isfs/im.conf.conf. Only Super users can use this command.

Option N/A Example --> system delete login ckearns See also SYSTEM ADD LOGIN SYSTEM DELETE USER Syntax SYSTEM DELETE USER <name> Description This command deletes a user that has been added to the system using the SYSTEM ADD USER command or the SYSTEM ADD LOGIN command. -->Configuration saved. -->Saving configuration.12 Chapter 1 – System Management See also SYSTEM CONFIG BACKUP SYSTEM CONFIG SAVE SYSTEM CONFIG SAVE Syntax SYSTEM CONFIG SAVE Description This command saves the system configuration in the im.. Description name Default value The name of an existing user. See also SYSTEM CONFIG BACKUP SYSTEM CONFIG RESTORE Super users can list all configuration files using the console command fm ls. SYSTEM DELETE LOGIN Sy/ntax SYSTEM DELETE LOGIN <name> Description This command deletes a user that has been added to the system using the SYSTEM ADD LOGIN command. Example --> system config save Wait for ‘configurataion saved’ message. Engineer and Super users can use this command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable)..conf file in flashfs.. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). . This allows all users to create their own backup files. Only a Super user can use this command.. Default. Only a Super user can use this command.

co. Example --> system info Global System Configuration: Vendor: Allied Telesis K.jp/ MAC address: 10:20:30:40:50:85 Hardware ver: RG613 A0 Software ver: 1-0-0_35 Build type: RELEASE System Name: SYSTEM LIST ERRORS Syntax SYSTEM LIST ERRORS Description This command displays a system error log. URL: http://www.AT-RG 600 Residential Gateway – Software Reference Manual 13 Option name Description The name of an existing user. base MAC address and hardware and software version details of the current Residential Gateway system.K. Default Value N/A Example --> system delete user ckearns See also SYSTEM ADD USER SYSTEM ADD LOGIN SYSTEM INFO Syntax SYSTEM INFO Description This command displays the vendor ID. URL. or invalid port name) --------------------------------------------------------------------------- . The error log contains the following information: • the time (in minutes) that an error occured.allied-telesis. calculated from the start of your login session • the module that was affected by the error • a brief description of the error itself Example --> system list errors Error log: When | Who | What ------------|------------|------------------------------------------------104 | webserver | webserver:Failed to create node type 'ImRfc1483' 104 | webserver | webserver:Invalid argument:Failed to open port a4 (may already be in use.

Default Value N/A list openfiles bun devuse appuse colour 0000004b 00000000 00400000 00000027 00000000 00400000 00000003 00000000 00400000 flags 3 5 5 lasterrno 0 0 0 See also SYSTEM LOG ENABLE|DISABLE SYSTEM LIST USERS Syntax SYSTEM LIST USERS Description This command displays a list of users and logins added to the system using the SYSTEM ADD USER and SYSTEM ADD LOGIN commands. | Dialin | Level | Comment -----|------------|----------|----------|------------|--------------------1 | admin | ENABLED | disabled | superuser | Default admin user --------------------------------------------------------------------------- . The same information is displayed by the SYSTEM LIST LOGINS command. Option name Example --> system qid console console console Description The name of a file which has open file handles associated with it. engineer or super user) • comment (any comments that were included when the user was added to the system) Example --> system list users Users: May May Access ID | Name | Conf.14 Chapter 1 – System Management See also SYSTEM LIST USERS SYSTEM LIST LOGINS SYSTEM LIST OPENFILES Syntax SYSTEM LIST OPENFILES <name> Description This command allows you to display low-level debug information about specific open file handles. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The list contains the following information: • user ID number • user name • configuration permissions (enabled or disabled) • dialin permissions (enabled or disabled) • access level (default.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Non-fatal errors are displayed. engineer or super user) • comment (any comments that were included when the user was added to the system) Example --> system list logins Users: May May Access ID | Name | Conf. Option NOTHING WARNINGS INFO Description No extra output is displayed. The list contains the following information: • user ID number • user name • configuration permissions (enabled or disabled) • dial in permissions (enabled or disabled) • access level (default. The same information is displayed by the SYSTEM LIST USERS command. | Dialin | Level | Comment -----|------------|----------|----------|------------|-------------------1 | admin | ENABLED | disabled | superuser | Default admin user -------------------------------------------------------------------------See also SYSTEM LIST ERRORS SYSTEM LIST USERS SYSTEM LOG Syntax SYSTEM LOG {NOTHING|WARNINGS|INFO|TRACE|ENTRYEXIT|ALL} Description This command sets the level of output that is displayed by the CLI for various modules. Setting a level also implicitly displays the level(s) below it.AT-RG 600 Residential Gateway – Software Reference Manual 15 See also SYSTEM LIST ERRORS SYSTEM LIST LOGINS SYSTEM LIST LOGINS Syntax SYSTEM LIST LOGINS Description This command displays a list of logins and users added to the system using the SYSTEM ADD LOGIN and SYSTEM ADD USER commands. Certain program messages are displayed. Also displays the values for the warnings Default Value N/A N/A N/A .

and so on. To display a list of modules and categories and their enable/disable status. it does not affect ip udp. Brief details of the packet are displayed to identify it. info and warnings options. The available values for module and category are displayed by the SYSTEM LOG LIST command. trace. For example. see SYSTEM LOG LIST. The output produced when a particular option is enabled depends on that option. sent or discarded due to an error. . The command is used for debugging purposes. The current list of supported modules is RIP and IP. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). info and warnings options. The RIP and IP modules provide separate categories which are enabled and disabled independently. if you enable ip rawip. A message is displayed every time a function call is entered or left. All output is displayed. and on the trace statements in the module which are executed. Each individual module has its own specific module category (see Examples). N/A ENTRYEXIT N/A ALL N/A Example --> system log all SYSTEM LOG ENABLE|DISABLE Syntax SYSTEM LOG {ENABLE|DISABLE} RIP {ERRORS|RX|TX} SYSTEM LOG {ENABLE|DISABLE} IP {ICMP|RAWIP|UDP|TCP|ARP|SOCKET} Description This command enables/disables the tracing support output that is displayed by the CLI for a specific module and module category. The general purpose of this tracing is to: • show how data packets pass through the system • demonstrate how packets are processed and what they contain • display any error conditions that occur • For example ip rawip tracing shows that an IP packet has been received. TRACE Detailed trace output is displayed.16 Chapter 1 – System Management option. Also displays the values for entryexit. Also displays the values for trace. Also displays the values for info and warnings options.

This can be either RIP or IP. The SYSTEM LOG LIST MODULE command displays the tracing options for an individual module specified in the command. Option module Description The name of a module that exists in your current image build. Default Value disable DISABLE Examples RIP --> system log enable rip rx enabled logging for the receiving of RIP packets See also SYSTEM LOG LIST SYSTEM LOG SYSTEM LOG LIST Syntax SYSTEM LOG LIST [<module>] Description The system log list command displays the tracing options for the modules available in the current image that you are using. Both commands display the current status of the tracing options set using the command SYSTEM LOG ENABLE|DISABLE. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value N/A Examples system log list --> system log list rip errors (ENABLED) rip rx (disabled) rip tx (disabled) ip icmp (disabled) ip rawip (ENABLED) ip udp (disabled) ip tcp (disabled) ip arp (disabled) ip socket (disabled) system log list <module> --> system log list ip ip icmp (disabled) ip rawip (ENABLED) ip udp (disabled) ip tcp (disabled) . Disables tracing support output for a specified specific module and module category.AT-RG 600 Residential Gateway – Software Reference Manual 17 Option ENABLE Description Enables tracing support output for a specified specific module and module category.

18 Chapter 1 – System Management ip ip arp (disabled) socket (disabled) See also SYSTEM LOG SYSTEM LOG ENABLE|DISABLE SYSTEM NAME Syntax SYSTEM NAME {NONE | <sys-name>] Description This command sets the system name. To show the current system name use the system info command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Access permissions for a user. Example --> system restart SYSTEM SET LOGIN ACCESS Syntax SYSTEM SET LOGIN <name> ACCESS {DEFAULT|ENGINEER|SUPERUSER} Description This command sets the access permissions of a user who has been added to the system using the SYSTEM ADD LOGIN command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value none Example --> system name myRG600 SYSTEM RESTART Syntax SYSTEM RESTART Description This command restarts the Residential Gateway. Option sys-name Description The name of the system. Option name DEFAULT/ ENGINEER/ SUPERUSER Description The name of an existing user. Only a Super user can use this command. Default Value N/A Default Example --> system set login ckearns access engineer .

Determines whether or not a user can configure the system. Only a Super user can use this command. Default Value N/A enabled Example --> system set login ckearns mayconfigure disabled See also SYSTEM SET LOGIN ACCESS SYSTEM SET LOGIN MAYDIALIN SYSTEM SET LOGIN MAYDIALIN Syntax SYSTEM SET LOGIN <name> MAYDIALIN {ENABLED|DISABLED} Description This command sets dialin permissions for a user who has been added to the system using the SYSTEM ADD LOGIN command. Option name ENABLED/ DISABLED Description The name of an existing user. Only a Super user can use this command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value N/A disabled Example --> system set login ckearns maydialin enabled See also SYSTEM SET LOGIN ACCESS SYSTEM SET LOGIN MAYCONFIGURE . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name ENABLED/ DISABLED Description The name of an existing user. SYSTEM SET LOGIN MAYCONFIGURE Syntax SYSTEM SET LOGIN <name> MAYCONFIGURE {ENABLED|DISABLED} Description This command sets configuration permissions for a user who has been added to the system using the ADD SYSTEM LOGIN or the ADD SYSTEM USER command. Determines whether or not a user can dialin to the system. see Access permissions to the CLI.AT-RG 600 Residential Gateway – Software Reference Manual 19 See also SYSTEM SET LOGIN MAYCONFIGURE SYSTEM SET LOGIN MAYDIALIN For more information on the types of user access permissions.

Determines whether or not a user can configure the system. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Allows you to set the access permissions for a user. Default Value N/A default Example --> system set user ckearns access default See also SYSTEM SET USER MAYCONFIGURE SYSTEM SET USER MAYDIALIN SYSTEM SET USER MAYCONFIGURE Syntax SYSTEM SET USER <name> MAYCONFIGURE {ENABLED|DISABLED} Description This command sets configuration permissions for a user who has been added to the system using the ADD SYSTEM USER command. Option name DEFAULT/ ENGINEER/ SUPERUSER Description The name of an existing user. Only a Super user can use this command. Option name ENABLED/ DISABLED Description The name of an existing user.20 Chapter 1 – System Management SYSTEM SET USER ACCESS Syntax SYSTEM SET USER <name> ACCESS {DEFAULT|ENGINEER|SUPERUSER} Description This command sets the access permissions of a user who has been added to the system using the SYSTEM ADD USER command. Default Value N/A disabled Example --> system set user ckearns mayconfigure enabled See also SYSTEM SET USER ACCESS SYSTEM SET USER MAYDIALIN SYSTEM SET USER MAYDIALIN Syntax SYSTEM SET USER <name> MAYDIALIN {ENABLED|DISABLED} . Only a Super user can use this command.

Determines whether or not a user can dialin to the system. Option name ENABLED/ DISABLED Description The name of an existing user. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Only a Super user can use this command. Default Value N/A enabled Example --> system set user ckearns maydialin enabled See also SYSTEM SET USER ACCESS SYSTEM SET USER MAYCONFIGURE .AT-RG 600 Residential Gateway – Software Reference Manual 21 Description This command sets dial in permissions for a user who has been added to the system using the SYSTEM ADD USER command.

22 Chapter 1 – System Management User Command Reference This section describes the commands available on the AT-RG613. Example --> user password Enter new password ***** Again to verify ***** USER CHANGE Syntax USER CHANGE <name> Description This command allows you to change your login to that of another named user. Example --> user logout Logging out. When you change your login to that of a user with Default or Engineer access permissions. AT-RG623 and AT-RG656 Residential Gateway to configure and manage system Users. Engineer and Super users can use this command. Engineer and Super users can use this command. Login: USER PASSWORD Syntax USER PASSWORD Description This command allows you to change your user password. User CLI commands The table below lists the user commands provided by the CLI: Command USER LOGOUT USER PASSWORD USER CHANGE USER LOGOUT Syntax USER LOGOUT Description This command logs you out of the system. Super users can use this command. Default. you lose your Super user privileges and inherit the access permissions of either the Default or Engineer user. Default. Options The following table gives the range of values for each option which can be specified .

. See also SYSTEM ADD USER . Option name Description A unique login name made up of more than one character that identifies an individual user and lets the user access the system..AT-RG 600 Residential Gateway – Software Reference Manual 23 with this command and a default value (if applicable). Default Value N/A Example --> user change admin You are now logged in as user `admin' .

Default Value enable . Web Server CLI commands The table below lists the Web Server commands provided by the CLI: Command WEBSERVER CLEAR STATS WEBSERVER ENABLE|DISABLE WEBSERVER SET INTERFACE WEBSERVER SET MANAGEMENTIP WEBSERVER SET PORT WEBSERVER SET UPNPPORT WEBSERVER SHOW INFO WEBSERVER SHOW STATS WEBSERVER CLEAR STATS Syntax WEBSERVER CLEAR STATS Description This command sets all of the Web Server process counters to 0. Example --> webserver clear stats See also WEBSERVER SHOW INFO WEBSERVER ENABLE|DISABLE Syntax WEBSERVER {ENABLE|DISABLE} Description This command enables or disables the Web Server process. Option ENABLE DISABLE Description Enables the Web Server process. Disables the Web Server process.24 Chapter 1 – System Management Web Server Command Reference This chapter describes the Web Server CLI commands. By default. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). the Web Server process is enabled.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 25 Example --> webserver disable WebServer is disabled WEBSERVER SET INTERFACE Syntax WEBSERVER SET INTERFACE <interface> Description This command specifies the name of an IP interface that the system will use for UPnP (Universal Plug and Play) communication with other devices on the local area network. Default Value Iplan Example --> webserver set interface ip See also WEBSERVER SET UPNPPORT WEBSERVER SET MANAGEMENTIP Syntax WEBSERVER SET MANAGEMENTIP {ip-address} Description This command causes connections to the Webserver to be allowed from only one IP address. You must save your configuration (see SYSTEM CONFIG SAVE) and restart your system (see SYSTEM RESTART) to activate the Web Server settings. To display interface names.0.102.0).168.3 . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the ip list interfaces command. Option Description The only IP address that the Web Server will allow connection requests from. Universal Plug and Play support is for future releases. (e.168. The IP address is displayed in the following format: 192. from an IP address that is used by a management device) or from any IP address (by setting the IP address to 0.0.0.0 Example --> webserver set managementip 192.3 Default Value ip-address 0.102.0. Option interface Description A name that identifies an existing IP interface.g.

26 Chapter 1 – System Management Management IP address is 192.102.168. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).3 WEBSERVER SET PORT Syntax WEBSERVER SET PORT <port> Description This command sets the HTTP port number that the Web Server process will use for accepting connections (from a WEB Browser). Default Value 80 Example --> webserver set port 100 HTTP port number is 100 See also WEBSERVER SET UPNPPORT WEBSERVER SET UPNPPORT Syntax WEBSERVER SET UPNPPORT <port> Description This command sets the TCP port number that the Web Server process will use for UPnP communication. Option port Description A valid UPnP port number that must be between 0 and 65535. Universal Plug and Play support is for future releases. Default Value N/A Example --> webserver set upnpport 280 See also WEBSERVER SET PORT WEBSERVER SHOW INFO Syntax WEBSERVER SHOW INFO . Option port Description A valid port number that must be between 0 and 65535. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). You must save your configuration (see SYSTEM CONFIG SAVE) and restart your system (see SYSTEM RESTART) to activate the Web Server settings.

2. Example --> webserver show stats Web Server statistics: Bytes transmitted: 2122 Bytes received: 0 See also WEBSERVER SHOW INFO .AT-RG 600 Residential Gateway – Software Reference Manual 27 Description This command displays the following information about the Web Server process: • EmWeb (Embedded Web Server) release details • Web Server enabled status (true or false) • Interface set • HTTP port set • UPnP port set • Management IP address Example --> webserver show info Web server configuration: EmWeb release: R6_0_0E_ISOS Enabled: true Interface: lan HTTP port: 80 UPnP port: 280 Management IP address: 1.4 See also WEBSERVER CLEAR STATS WEBSERVER SHOW STATS Syntax WEBSERVER SHOW STATS Description This command tells you how many bytes have been transmitted and received by the Web Server.3.

You can find a list of usable commands with a link to further information about each usable command at the start of each chapter in this manual. Option Description A usable console command. bridge . The Console module is used only for engineer troubleshooting and is not supported a as user accessible module.28 Chapter 1 – System Management Console Access Command Reference This section describes the commands available on the AT-RG613.type `exit' to return See also CONSOLE PROCESS CONSOLE PROCESS Syntax CONSOLE PROCESS <console command> Description This command allows you to enter a single usable console command without switching to console mode. Users with Engineer or Super user access can use this command. Example --> console enable Switching from CLI to console mode . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Only Super users can use this command. AT-RG623 and AT-RG656 Residential Gateway to access the Console module. Default Value console command N/A Example The following console process example enters the usable console command. You cannot enter blacklisted console commands using this CLI command. Console access CLI commands The table below lists the console access commands provided by the CLI: Command CONSOLE ENABLE CONSOLE PROCESS CONSOLE ENABLE Syntax CONSOLE ENABLE Description This command allows you to enter console mode in order to use the console commands.

Syntax EXIT Description This console command allows you to return to the CLI after you have entered console mode using the command CONSOLE ENABLE. This is a special console command to allow Super users to return to the CLI from the console. you need to type exit in the root of the console. Only Super users can use this command. When you want to exit console mode and return to the CLI. Example --> exit Returning to CLI from console See also CONSOLE ENABLE .AT-RG 600 Residential Gateway – Software Reference Manual 29 portfilter: --> console process bridge portfilter portfilter 2 all portfilter 3 all See also CONSOLE ENABLE CONSOLE COMMAND .EXIT This console command has not been replaced by a CLI command.

1p and DiffServ based • Integrated look-up engine with dedicated 1 K unicast MAC addresses • Automatic address learning. QoS priority. high performance memory bandwidth (wire speed) and an extensive feature set including tag port based VLAN.3x & half-duplex back pressure flow control • Automatic MDI/MDI-X crossover for plug-and-play on all the ports Switch Core Functional Overview Address Look-up The internal look up table stores MAC addreses and their associated information. The following is the complete set of features available in the switch module: • IEEE 802. 802. egress port. VoIP signaling and traffic. ingress port. per port basis • Programmable rate limiting. . VLAN tagging and MIB counters. firewall and NAT security modules. per port basis.30 Chapter 2 – Switch Chapter 2 Switch Introduction The AT-RG613. address aging and address migration • Full duplex IEEE 802.1q tag based VLAN (up to 16 VLANs) • VLAN ID tag/untag options. The layer 2 switch uses one 100Base-TX port as an internal port to communicate to the central processor in order to access layer 3 services such as routing. It contains a 1K unicast address table plus switching information. • IGMP v1/v2 snooping for multicast packet filtering • QoS packet prioritization support: per port. AT-RG623 and AT-RG656 residential gateways include an integrated layer 2 managed switch providing 5 Fast Ethernet transceivers supporting 10Base-T and 100Base-TX modes.

Migration The internal look up engine monitors whether a station has moved. • the received packet is good. Aging The look up engine updates the timestamp information of a record whenever the corresponding Source Address appears. In this case the look up engine updates the existing record in the table with the new source port information. To see the current look up entries use the SWITCH SHOW FDB command. along with the port number and VLAN information (see below). If a record is not updated for a period of time. The time stamp is used in the aging process. the packet is assigned to the default port VID of the ingress port. If the table is full. the VID in the tag will be used. the last entry of the table is deleted for the new entry. The look up engine constantly performs the aging process and is continuously removing expired records. If so.AT-RG 600 Residential Gateway – Software Reference Manual 31 Learning The internal look up engine updates its table with a new entry in the following conditions: • the received packet's Source Address does not exist in the look up table. the look up engine removes the record from the table. The look up engine inserts the qualified Source Address into the table. The aging period can be set to normal (300 seconds) or fast (800 usecs) or can be disabled. • If the VID is not valid. Migration happens in the following conditions: • the received packet Source Address is in the table but the associated source port information is different. • If the packet is untagged or tagged with a null VID. the switch assign a VID to every ingress packet. The 12 bit VID value is converted to a 4 bit FID value (an internal value that represents up to 16 VLANs). it updates the table accordingly. . Use the SWITCH SET AGINGTIMER command to change aging period or use SWITCH DISABLE AGINGTIMER to disable aging. Forwarding If 802. • the received packet is good: the packet has no receive errors and is of legal length.1q VLAN mode is enabled. the packet has no receive errors and is of legal length. the packet will be dropped and no address learning will take place. The look up process will start from the VLAN table look up. • If the packet is tagged with a non-null VID.

the flow control will be triggered. . • If FID+SA lookup fails. At the beginning of each interval.0Kfps (Kilo frame per second) and 6. Limitation on the maximum routing rate is necessary to preserve system resources for high priority tasks like VoIP and IGMP proxy. All the ports are allowed to use any free buffer in the buffer pool. Both the combinations FID+DA (Destination Address) and FID+SA (Source Address) are looked for in the forwarding table.32 Chapter 2 – Switch • If the VID is valid. the forwarding FID is retrieved. Rate limiting support The integrated layer 2 switch supports hardware rate limiting on "receive" and "transmit" independently on a per port basis. Layer 3 routing rate limiting The integrated layer 2 switch is able to limit traffic that goes to the Residential Gateway network processor where routing tasks need to be performed. There is an option provided for flow control to prevent packet loss. if the number of bytes exceeds the programmed limit.0Kfps with 0. the packet will be broadcasted to all the members (excluding the ingress port) of the VLAN. The switch uses one second as an interval. the flow control will be triggered. This resource is shared between all five ports (4 ports user accessible and one internal reserved for communication to system main processor). If the rate limit is set to 128kbps or greater and the byte counter is 8Kbytes below the limit. This is structured as 512 buffers. If the rate limit is set to less than 128kpbs and the byte counter is 2Kbytes below the limit. The rate limit starts from 0kbps and goes up to the line rate in steps of 32 kbps. To set the maximum routing rate limit use the SWITCH SET ROUTING-LIMIT command. the counter is cleared to zero. For receive. with each buffer 128 bytes in size. It operates in store and forward mode while the efficient switching mechanism reduces overall latency The integrated layer 2 switch has a 64kB internal frame buffer pool. and the rate limit mechanism starts to count the number of bytes during this interval. The FID+DA look up determines the forwarding ports. packet buffers. the switch will stop receiving packets on the port until the "one second" interval expires. In this case there is no filter to the traffic arriving to the network processor and system stability could be affected if traffic is too high. Switching engine The integrated layer 2 switch features a high performance switching engine to move data to and from the MAC's.5Kfps granularity. • If FID+DA lookup fails to find a match. the FID+SA will be learned (ie added to the forwarding table). It also supports rate limiting in a priority or non-priority environment. The maximum routing rate can be selected between 1. Selecting NONE equals to disable the support for routing rate limiting.

AT-RG 600 Residential Gateway – Software Reference Manual 33 If the number of frame per seconds that need to be routed to the network processor are higher than the selected maximu rate.1p Traffic Priority The IEEE 802.1p is a spin-off of the 802. routers. respectively.1q (VLANs tagging) standard and they work in tandem (see Figure 1). • if the received frames are untagged. The VLAN tag has two parts: The VLAN ID (12-bit) and User Priority (3-bit).1p implementation defines this prioritization field. can set these priority bits in the three-bit User Priority field. the Default Priority value of the egress port is compared with the switch Base Priority: • if port Default Priority is equal or greater than switch Base Priority. The 802. traffic is prioritized into two egress queues. otherwise frames are sent to low priority egress queue. according the following logic: • if the received frames are tagged. The User Priority field was never defined in the VLAN standard. the layer 2 switch discards packets addressed to the network processor in order to force the average traffic rate to be below the target rate. 802. On the AT-RG613. the Default Priority value of that port is assigned to the User Priority field in the outgoing frames.1p tagging (Layer 2) and Differentiated Services (DS) as an advanced architecture of ToS (Layer 3). AT-RG623 and AT-RG656 residential gateway. The 802. servers. even desktop systems. The VLAN tag carries VLAN information. 802. otherwise frames are sent to low priority egress queue If the egress port is tagged. . use the SWITCH SHOW and SWITCH SHOW PORT commands. To show the current switch Base Priority and port Default Priority values. the frames are sent to the high priority egress queue. no bandwidth reservations are established. the frames are sent to the high priority egress queue. Switches.1Q standard specifies a tag that appends to a MAC frame.1P signaling technique is an IEEE endorsed specification for prioritizing network traffic at the data-link/MAC sublayer (OSI Reference Model Layer 2). 802. the User Priority field in the TAG header is compared with an internal value in the switch called the Base Priority: • if the received priority value is equal to or greater than the switch Base Priority.1p traffic is simply classified and sent to the destination. high priority and low priority. Class of Service and Differentiated Services The integrated layer 2 switch support two Class of Service (CoS) mechanisms: IEEE 802. which allows packets to be grouped into various traffic classes.

according to the DSCP value in the IP header of the received frames. AT-RG623 and AT-RG656 Residential Gateway it is possible to assign frames to two different egress priority queues. use the SWITCH SHOW QOS command. . respectively. The DSCP replaces the ToS Octet in the Ipv4 header (see Figure 1). high priority and low priority. This allows up to 64 different classifications for service levels. To show the current DSCP priority scheme.34 Chapter 2 – Switch To change the switch Base Priority and port Default Priority use the SWITCH SET PRIORITY and SWITCH SET PORT commands. To change the current DSCP priority scheme. Differentiated Services Code Point (DSCP) The DSCP octet in the IP header classifies the packet service level. use the SWITCH SET QOS command. only the first six bits are used. Two bits of the DSCP are reserved for future definitions. On the AT-RG613. Currently.

. IP Packet overview.AT-RG 600 Residential Gateway – Software Reference Manual 35 7 octects 1 octects 6 octects 6 octects 2 octects 2 octects 2 octects PREAM BLE START FRAM DELIM E ITER DESTINATIO ADDRESS N SO URCE ADDRESS LENGTH/TYPE = 802.1Q TagType TAGCO NTRO INFO ATION L RM M CLIENT LENGTH/TYPE AC M Header AC 1 0 0 0 0 0 0 1 0 0 0 0 CFI 0 0 0 0 TAG header user priority VLANidentifier VID(12 bit) IP Header IP Header Version precedence D T IHL R M 0 TO S 42 .1500 octects IP Payload Total Length 4 octects FRAM CHECK SEQ E UENCE Identification flags fragm offset ent TTL Protocol Header Checksum Protocol Source IP Address Destination IP Address Figure 1.

Example --> switch disable ageingtimer See also SWITCH ENABLE AGEINGTIMER SWITCH SHOW . the look up entries in the fdb are kept permanently until the SWITCH ENABLE AGEINGTIMER command entered or the switch is reset. If the ageing timer is disabled. To show the current switch status.36 Chapter 2 – Switch Switch Command Reference This section describes the commands available on the Residential Gateway to configure and manage switch ports and the address look up table. switch CLI commands The table below lists the switch commands provided by the CLI: Command SWITCH DISABLE AGEINGTIMER SWITCH DISABLE LEARNING SWITCH DISABLE PORT SWITCH ENABLE AGEINGTIMER SWITCH ENABLE LEARNING SWITCH ENABLE PORT SWITCH RESET SWITCH SET PORT SWITCH SET PRIORITY SWITCH SET QOS SWITCH SET ROUTING-LIMIT SWITCH SHOW SWITCH SHOW FDB SWITCH SHOW PORT SWITCH SHOW QOS SWITCH DISABLE AGEINGTIMER Syntax SWITCH DISABLE AGEINGTIMER Description This command stops the aging timer used by the look up engine to remove expired fdb entries. use the SWITCH SHOW command.

use the SWITCH ENABLE LEARNING command. To restore the learning process. To show the current port status. SWITCH DISABLE PORT Syntax SWITCH DISABLE PORT <port-name> [FLOW JAMMING] Description This command disables the selected switch port. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 37 SWITCH DISABLE LEARNING Syntax SWITCH DISABLE LEARNING Description This command stops the learning engine used to update the look up table when frame are received from new Source Addresses. use the SWITCH Example --> switch disable learning See also SWITCH ENABLE LEARNING SWITCH SHOW SHOW command. If jamming is specified. Available ports are: • wan • lan1 • lan2 • lan3 Default Value port-name N/A Example --> switch disable port lan1 See also SWITCH ENABLE PORT SWITCH SHOW PORT SWITCH ENABLE AGEINGTIMER Syntax SWITCH ENABLE AGEINGTIMER Description This command restarts the aging timer used by the look up engine to update the aging of fdb entries. To show the current switch status. . or disables a flow control mechanism on the port. the jamming signal used for flow control on half duplex ports will be disabled. use the SWITCH SHOW PORT command. Option Description One of the switch ports to be disabled.

If jamming is specified. use the SWITCH SHOW command. To show the current switch status. flow control on half duplex ports is enabled.38 Chapter 2 – Switch To show the current switch status. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Example --> switch enable ageingtimer See also SWITCH DISABLE AGEINGTIMER SWITCH SHOW SWITCH ENABLE LEARNING Syntax SWITCH ENABLE LEARNING Description This command restarts the learning process used by the look up engine to update the fdb when frames from new addresses are received. Example --> switch enable learning See also SWITCH DISABLE LEARNING SWITCH SHOW SWITCH ENABLE PORT Syntax SWITCH ENABLE PORT <port-name> [FLOW JAMMING] Description This command enables the selected switch port. use the SWITCH SHOW PORT command. Available ports are: • wan • lan1 • lan2 • lan3 Default Value port-name N/A Example --> switch enable port lan1 See also SWITCH DISABLE PORT SWITCH SHOW PORT SWITCH RESET Syntax SWITCH RESET [PORT <port-name> [COUNTERS]] . To show the current port status. use the SWITCH SHOW command. Option Description One of the switch ports to be enabled.

all internal switch counters are reset and fdb entries removed.. Example . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 39 Description This command completely resets the switch or resets and individual switch port if a port is specified. Available ports are: • wan • lan1 • lan2 • lan3 Default Value port-name N/A Example --> switch reset --> switch reset port wan See also SWITCH SHOW SWITCH SHOW PORT SWITCH SET AGEINGTIMER Syntax SWITCH SET AGEINGTIMER {FAST | NORMAL} Description This command sets the threshold value of the ageing timer. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). FAST sets the aging timer to 800 µSec. while NORMAL sets the aging timer to 300 Sec. after which an unrefreshed dynamic entry in the Forwarding Database is automatically removed. only the selected port is reset without removing any fdb entries. Option port-name Description One of the switch ports to be configured. Default Value N/A . It's possible to specify the resetting of just the counters associated with a port. In this case the physical layer is not reset and no link interruption occurs. Option Description One of the switch ports to be reset. If a port is specified. If no port is specified.-> switch set ageingtimer fast SWITCH SET PORT Syntax SWITCH SET PORT <portname> { DEFAULTPRIORITY <default-priority> | INFILTERING {OFF | ON} | NOQOS | QOS |RCVLIMIT <limit>| <speed > {100MFULL | 100MHALF | 10MFULL | 10MHALF | AUTONEGOTIATE} } Description This command modifies the values of parameters for switch ports.

If OFF is specified. The infiltering parameter enables or disables Ingress Filtering of frames admitted on the specified ports. Ingress Filtering is disabled. then rate limiting is turned off. The speed parameter specifies the configured line speed and duplex mode of the port.1p priority scheme. then if the port Default Priority is equal or greater than switch Base Priority. the port will autonegotiate the line speed and duplex mode with the device attached to the port. If INFILTERING is Enabled then tagged packets arriving at the port will only be admitted if the VID in the packet’s tag is equal to the VID of one of the VLANs that the port is a member of. If autonegotiate is specified. N/A N/A default-priority 0 INFILTERING N/A limit 0 speed autonegotiate . the frames are sent to the high priority egress queue. NOQOS QOS Disable 802. the reception of frames will be limited to that bandwith. otherwise frames are sent to low priority egress queue.40 Chapter 2 – Switch Available ports are: • wan • lan1 • lan2 • lan3 The priority value associated with the port. Untagged frames are also admittedif the port in an untagged member of some VLAN. Each port on the switch belongs to one or more VLANs.1p priority scheme. If the value none or 0 is specified. If any other value is specified. and no frames are discarded by this part of the Ingress Rules. Enable 802. The rcvlimit parameter specifies a rate limiting on reception bandwith for the port. The value of this parameter represents kbit per second reception rate above which the incoming data will be discarded. If the port is set to receive untagged frames. Available values are from 0 to 7.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).37 priority high SWITCH SET ROUTING-LIMIT Syntax SWITCH SET ROUTING-LIMIT <limit> .1p_base_priority Description The system priority value. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 41 If any other option is specified. The six bit TOS field in the IP header is decoded as 64 entries and for each one it is possible to specify the priority. Default Value 4 Example --> switch set priority 7 SWITCH SET QOS Syntax SWITCH SET QOS <dscpcode> PRIORITY {HIGH | LOW} Description This command maps the priority levels for Quality of Service. Default Value dscpcode N/A Example To set the high priority for DSCP values 24 and 37. Available values are from 0 to 7. Example --> switch set port wan rcvlimit 10000 SWITCH SET PRIORITY Syntax SWITCH SET PRIORITY <802. the port will be forced to the speed and duplex mode given. use the command: --> switch set qos 24.1p_base_priority> Description This command sets the switch base priority. Option Description dscpcode-list is a comma-separate list of numbers in the range 0-63 which represent the DSCP (Differentiated Service Code Point) value in the most significant 6 bits of the TOS field in IPv4 header. Option 802.

5Kfps 2. it is used as the source address in pause control frames. The time in hours:minutes:seconds since the switch was last powered up. Default Value limit none Example --> switch set routing-limit 6.42 Chapter 2 – Switch Description This command set the maximum number of frame per seconds that the layer2 switch forward to the Residential Gateway network processor for routing purposes.5Kfps 3. Option Description It's the traffic maximum rate (frame per seconds) sent to the network processor. after which a dynamic entry is removed from the Forwarding Database.5Kfps 5.0Kfps 5. The value of the ageing timer. Whether or not the ageing timer is enabled. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The bottom end of the range of priority values assigned to the high priority egress queue.5Kfps 4.0Kfps none None equals disable the routing limit. rebooted.0Kfps 3. Learning Ageing timer Ageing time UpTime Base Priority Routing-limit Whether or not the switch’s dynamic learning and updating of the Forwarding Database is enabled. Available values are: 1. The maximum number of frame per sencond that the switch forwards to the processor.0kfps SWITCH SHOW Syntax SWITCH SHOW Description This command shows the following switch parameters: Switch address The MAC address of the switch. .0Kfps 2.5Kfps 6.0Kfps 4. or restarted.0Kfps 1.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). (NORMAL) UpTime 00:41:28 802. One of the switch ports. The PORT parameter specifies that only those entries in the Forwarding Database which were learned from the specified port are to be displayed. Default Value macadd N/A port-name N/A vlanname N/A Examples To display all the fdb content: --> switch show fdb Switch Forwarding Database -------------------------------------------------------------------------- . Option Description The ADDRESS parameter specifies the MAC address of the device for which the contents of the Forwarding Database are to be displayed. Available ports are: • wan • lan1 • lan2 • lan3 The VLAN parameter specifies the VLAN identifier of the VLAN for which the contents of the Forwarding Database are to be displayed.AT-RG 600 Residential Gateway – Software Reference Manual 43 Example --> switch show Switch configuration -----------------------------------------------------------------------Switch address 10-20-30-40-50-6f Learning ON Ageing timer ON Ageing time 300 Sec.1p Base Priority 4 Routing-limit none -----------------------------------------------------------------------See also SWITCH SHOW PORT SWITCH SHOW FDB Syntax SWITCH SHOW FDB [{ADDRESS <macadd> | PORT <port-name> | VLAN <vlanname>}] Description This command displays the contents of the Forwarding Database relevant to the port or the mac address or the vlan specified.

Status The admin status of the “ENABLED” or “DISABLED”. Port Port reference. one of .44 Chapter 2 – Switch VLAN MAC address Port Status -------------------------------------------------------------------------1 00-00-cd-08-25-30 wan Dynamic 1 00-05-b7-00-0f-5e wan Dynamic 1 00-30-84-25-77-3e wan Dynamic 10 00-30-84-ee-40-60 lan1 Dynamic 10 00-30-84-ee-40-83 lan1 Dynamic 20 00-90-fb-07-9d-c9 lan2 Dynamic 30 00-a0-d2-18-49-fa lan3 Dynamic 30 00-c0-b7-a3-d0-40 lan3 Dynamic -------------------------------------------------------------------------- To display only the fdb content related to a specific MAC address: --> switch show fdb address 00-05-b7-00-0f-5e Switch Forwarding Database -------------------------------------------------------------------------VLAN MAC address Port Status -------------------------------------------------------------------------1 00-05-b7-00-0f-5e wan Dynamic -------------------------------------------------------------------------To display only the fdb content related to a specific switch port: --> switch show fdb port lan1 Switch Forwarding Database --------------------------------------------------------------------------VLAN MAC address Port Status --------------------------------------------------------------------------10 00-30-84-ee-40-60 lan1 Dynamic 10 00-30-84-ee-40-83 lan1 Dynamic To display only the fdb content related to a specific VLAN: --> switch show fdb vlan 30 Switch Forwarding Database --------------------------------------------------------------------------VLAN MAC address Port Status --------------------------------------------------------------------------30 00-a0-d2-18-49-fa lan3 Dynamic 30 00-c0-b7-a3-d0-40 lan3 Dynamic SWITCH SHOW PORT Syntax SWITCH SHOW PORT <port-name> [COUNTERS] Description This command displays general information about the specified switch port. port.

Flow control parameters set for the port. The limit of the rate of reception of unicast frames for this port. The port speed and duplex mode configured for this port. If flow control is implemented on the switch. The current status for Default Priority: one of “on” or "off" If the counters parameter is specified the following information are reported: • Combined receive/transmit packets by size (octets) counter packets size <= 64 octects Number of 64 octet packets received and transmitted. The count in hours:minutes:seconds of the elapsed time since the port was last reset or initialised. The maximum acceptable frame size.AT-RG 600 Residential Gateway – Software Reference Manual 45 Link state Uptime The link state of the port. Port based VLAN Ingress filtering 802. in frames per second. One of “Autonegotiate” or a combination of a speed (one of “10 Mbps” or “100 Mbps”) and a duplex mode (one of “half duplex” or “full duplex”). if any.1p Default Priority 802. Port media type Configured speed/duplex Acceptable frame type Broadcast rate limit Multicast rate limit Receive rate limit Current learned. one of “Up” or “Down”. The limit of the rate of reception of multicast frames for this port. lock state Enabled flow control(s) Send tagged pkts for VLAN(s) The name and VLAN Identifier (VID) of the tagged VLAN(s). The number of MAC addresses currently learned on this port and the state of locking for this port. in frames per second. . to which the port belongs. The limit of the rate of reception of broadcast frames for this port. in kbit per second. The MAC entity type. packets size 65 – 127 Number of 65 . one or two of “Jamming” and “Pause”.127 octet packets received and transmitted. locked by limit” or “locked by command”. The state of Ingress Filtering: one of “on” or "off" The current value set for Default Priority. then this kind of flow control is applied to the port. zero. The lock state is one of “not locked”.1p Priority The name and VLAN Identifier (VID) of the port-based VLAN to which the port belongs.

The number of valid PAUSE MAC Control frames. .1023 octet packets received and transmitted. The number of fragments.1522 octet packets received and transmitted. The number of packets. The number of frames with alignment errors. The number of broadcast packets. The number of MAC Control frames (Pause and Unsupported). The number of multicast packets.e.511 octet packets received and transmitted. not Pause). Number of 1024 . The number of undersized packets. The number of octets. The number of frames with invalid data symbols. The number of jabbers frames. The number of frames deferred once before successful transmission. The number of packets. The number of frames which experienced exactlyone collision. The number of frames containing a Frame Check Sequence error. The number of PAUSE MAC Control frames. The number of MAC Control frames with unsupported opcode (i. Number of 256 .255 octet packets received and transmitted.46 Chapter 2 – Switch packets size 128 – 255 packets size 256 – 511 packets size 512 – 1023 packets size 1024 – 1522 Number of 128 . • Receive Octets Pkts FCSerrors MulticastPkts BroadcastPkts PauseMACctlFrms OversizePkts Fragments Jabbers MACControlFrms UnsupportCode AlignmentErrors SymErDurCarrier UndersizePkts • Transmit Octets Pkts MulticastPkts BroadcastPkts PauseMACctlFrms FrameWDeferrdTx SingleCollsnFrm The number of octets. The number of multicast packets. The number of oversize packets. The number of broadcast packets. Number of 512 .

The number transmission.AT-RG 600 Residential Gateway – Software Reference Manual 47 MultCollsnFrm LateCollsns ExcessivCollsns CollisionFrms • Miscellaneous Counters DropEvents totalPktTxAbort The number of frames which experienced 2 to 15 collisions (including late collisions).255 777 1024 . before The number of packets discarded at ingress port. The number of frames aborted transmission after 16 collisions.1023 26 128 .127 1119 512 .511 31 65 .1522 6 General Counters: Receive: Octets Pkts FCSerrors MulticastPkts 377801 3627 0 7 Transmit: Octets Pkts MulticastPkts BroadcastPkts 1108 17 0 0 . not locked Enabled flow control(s) Pause Send tagged pkts for VLAN(s) Port based VLAN default (1) Ingress filtering ON 802. The number of frames which experienced late collisions.1p Priority Disabled ---------------------------------------------------------------------------> switch show port wan counters Switch Counter -------------------------------------------------------------------------Port: wan Received packets by size (octets) counters: 64 1668 256 . of packets aborted during Examples --> switch show port wan Switch Port information -------------------------------------------------------------------------Port: wan Status Enabled Link state Up UpTime 00:29:38 Port media type ISO8802-3 CSMACD Configured speed/duplex Autonegotiate Actual speed/duplex Acceptable frame type packet sizes up to 1536 bytes (inclusive) Broadcast rate limit Multicast rate limit Receive rate limit Current learned. lock state 10. Total number of collisions.1p Default Priority 0 802.

.48 Chapter 2 – Switch BroadcastPkts PauseMACctlFrms OversizePkts Fragments Jabbers MACControlFrms UnsupportCode AlignmentErrors SymErDurCarrier UndersizePkts 1377 0 0 0 0 0 0 0 0 PauseMACctlFrms FrameWDeferrdTx SingleCollsnFrm MultiCollsnFrm LateCollsns ExcessivCollsns CollisionFrames 0 0 0 0 0 0 0 Miscellaneous Counters: DropEvents 0 totalPktTxAbort 0 -------------------------------------------------------------------------- SWITCH SHOW QOS Syntax SWITCH SHOW QOS Description This command displays the current mapping of user priority level to QOS egress queue for the switch.

AT-RG 600 Residential Gateway – Software Reference Manual 49 Chapter 3 VLAN INTRODUCTION VLAN is a networking technology that allows networks to be segmented logically without having to be physically rewired. the network logical topology is independent of the physical topology of the wiring. regardless of their actual physical locations. By replacing hubs with VLAN switches. Many Ethernet switches support virtual LAN (VLAN) technologies. The disadvantage is that additional configuration is required to set up and establish the VLANs when implementing these switches. the network administrator can create a virtual network within existing network. and computers with the same VLAN ID can act and function as though they are all on the same physical network. VLAN TAGGING VLAN technology introduces the following three basic types of frame: • Untagged frames • Priority-tagged frames • VLAN-tagged frames . the traffic on a VLAN is isolated and thus all communications remain within the VLAN. This isolation will help to reduce unnecessary traffic so better network performance. VLAN switches can function in different ways. Each computer can be assigned a VLAN identification number (ID). With VLAN. The assignment of VLAN IDs is done by the switches and can be managed remotely using network management software. They can be switched at the datalink layer (layer 2 of the Open Systems Interconnection reference model) or the network layer (layer 3). depending on the type of switching technology used. So. The main advantage of using VLAN technologies is that users can be grouped together according to their need for network communication.

and shall not contain the value of the null VLAN ID (see Table 3).1500 octects Figure 2. either the originator of the frame or a VLAN-aware switch. . This classification mechanism requires the association of a specific VLAN ID. The PVID for a given port provides the VID for untagged and priority-tagged frames received through that port. The PVID for each port shall contain a valid VID value. This header is inserted immediately following the destination MAC Address and source MAC Address fields of the frame to be transmitted.. Tagging of frames is performed for the following purposes: • To allow user priority information to be added to frames carried on IEEE 802 LAN MAC types that have no inherent ability to signal priority information at the MAC protocol level. • Recomputation of the Frame Check Sequence (FCS). the Port VLAN Identifier.3/Ethernet MACs. When relaying a tagged frame between 802. The presence of a tag header carrying a non-null VID means that some other device. 7 octects 1 octects 6 octects 6 octects 2 octects 2 octects 2 octects PREAMBLE START FRAME DELIMITER DESTINATION ADDRESS SOURCE ADDRESS LENGTH/TYPE = 802.50 Chapter 3 – VLAN An untagged frame or a priority-tagged frame does not carry any identification of the VLAN to which it belongs.1QTagType TAG CONTROL INFORMATION MAC CLIENT LENGTH/TYPE MAC CLIENT DATA PAD 4 octects FRAME CHECK SEQUENCE 1 0 0 0 0 0 0 0 CFI 0 0 0 0 0 0 1 0 TAG header user priority VLAN identifier VID (12 bit) 42 . has mapped this frame into a VLAN and has inserted the appropriate VID. • To allow the frame to indicate the format of MAC Address information carried in MAC user data. Such a frame is classified as belonging to a particular VLAN based on the value of the VID that is included in the tag header. it carries a non-null VID. • To allow a frame to carry a VID.3ac standard. • To allow VLANs to be supported across different MAC types. Tagging a frame requires: • The addition of a tag header to the frame. Tagged frame format according to IEEE 802. with each of the switch ports. Such frames are classified as belonging to a particular VLAN based on parameters associated with the receiving port. or PVID. A VLAN-tagged frame carries an explicit identification of the VLAN to which it belongs. i. a switch may adjust the PAD field such that the minimum size of a transmitted tagged frame is 68 octets.e.

This VID value shall not be configured as a PVID. identifies values of the VID field that have specific meanings or uses. and contains user priority. 0 through 7. VID value (hexadecimal) 0 • • Meaning/Use The null VLAN ID. and that all MAC Address information that may be present in the MAC data carried by the frame is in Canonical format (C). CFI reset indicates that all MAC Address information that may be present in the MAC data carried by the frame is in Canonical format. illustrates the structure of the TCI field: • User priority. The default PVID value used for classifying frames on ingress through a switch port. The PVID value can be changed by management on a per-port basis. Figure . This field allows the tagged frame to carry user priority information across Bridged LANs in which individual LAN segments may be unable to signal priority. indicates that the E-RIF field is not present in the tag header. Indicates that the tag header contains only user priority information.1QTagType). • Canonical Format Indicator (CFI). When reset. no VLAN identifier is present in the frame. Reserved VID values.AT-RG 600 Residential Gateway – Software Reference Manual 51 The tag header carries the following information (see Figure 2): • The Tag Protocol Identifier (TPID) carrying an Ethernet Type value (802. The TCI field is two octets in length. The value of 802. CFI has the following meanings: When set. configured in any Filtering Database entry. which identifies the frame as a tagged frame. The Canonical Format Indicator (CFI) is a single bit flag value. or used in any Management operation. transmitted using 802... the remaining values of VID are available for general use as VLAN identifiers. Table 3. A priority-tagged frame is a tagged frame whose tag header contains a VID value equal to the null VLAN ID. and that the NCFI bit in the RIF determines whether MAC Address information that may be present in the MAC data carried by the frame is in Canonical (C) or Non-canonical (N) format. indicates that the E-RIF field is present in the tag header. 1 . The user priority field is three bits in length.3/Ethernet MAC methods. CFI and VID (VLAN Identifier) fields.1QTagType is 81-00 • Tag Control Information (TCI). • VLAN Identifier (VID). The VID is encoded as an unsigned binary number. In an Ethernet-encoded tag header. interpreted as a binary number. The twelve-bit VLAN Identifier field uniquely identifies the VLAN to which the frame belongs. The user priority is therefore capable of representing eight priority levels. The meaning of the CFI when set depends upon the variant of the tag header in which it appears.

If a non tagged or null-VID tagged packet is received. A port can accept tagged or untagged frames on the same VLAN in a mutually exclusive way (when ingress filtering is enabled): . Table 3. • If a port is member of two or more VLANs it can accept untagged frames for one VLAN only and tagged frames for the remaining VLANs. AT-RG623 and AT-RG656 Residential Gateway supports up to 16 VLAN (irrespective of whether they are carrying tagged or untagged frames) The Residential Gateway provides a 16 entry VLAN table that converts VID (12bits) to an internal value called FID (4 bits) for address look up. LAN1. Reserved VID values. used in any Management operation. WAN.52 Chapter 3 – VLAN FFF Reserved for implementation use. VLAN definition and port tagging By default the Residential Gateway starts with only one VLAN defined with name default and VID=1. VLAN SUPPORT ON AT-RG600 RESIDENTIAL GATEWAY AT-RG613. If the VID is valid. LAN2 and LAN3 ports are added (if required) to the VLAN using the VLAN ADD PORT command. When a port is added it's necessary to specify the frame format in which packets associated with that VLAN will be transmitted from that port: untagged or tagged. FID + DA is used to determine the destination port. All the system ports are members of the default VLAN. Use the VLAN SHOW command to display the current VLAN status on the residential gateway. The look up process starts with a VLAN table look up to determine whether the VID is valid. or can accept tagged frames for all the VLANs. If the VID is not valid the packet will be dropped and its address will not be learned. FID is retrieved for further look up. specifying a name for the VLAN and its VID value. the ingress port VID is used for look up. This VID value shall not be configured as a PVID. • If a port is member of one VLAN only it can accept tagged or untagged frames. configured in any Filtering Database entry. Creating and configuring a new VLAN is a two step process: • • A VLAN is created with the VLAN ADD VID command. Note that a physical port can be a member of one or more VLANs. FID + SA is used for learning purposes. or transmitted in a tag header.

for example. the Layer 3 routing process is able to treat VLAN IP interfaces as though they were distinct Ethernet ports. Each primary IP interface uses the VLAN data transport services (frame tagging and untagging and related layer 2 forwarding) as though it were an Ethernet port. Based on this approach. The routing of packets between VLANs is based on the classical layer 3 routing method as. specifying the required frame format. . the VLAN becomes a transport device supporting ethernet traffic (see Figure 3). To change the tagged/untagged frame format of a port for a specific VLAN it's necessary remove the port from the VLAN with the VLAN DELETE command and then re-add the port to the VLAN with the VLAN ADD PORT command. The Default VLAN (VID=1) cannot be removed. The Residential Gateway solves this limitation by offering a packet routing service between different VLANs. To remove a VLAN it is necessary to remove all ports that are members of the VLAN with the command VLAN DELETE PORT and then remove the VLAN with the command VLAN DELETE VID. For the system point of view. there is the requirement that each VLAN that you wish to be involved in the routing of packets must have an associated IP interface. only tagged frames will be permitted. the port is automatically added to the default VLAN with the untagged attribute. In this way. VLAN versus IP Interface One of the major constraints when using VLANs is that packets exchanged between hosts that are members of the same VLAN cannot be received by hosts that are members of a different VLAN. When a port is removed from a VLAN and the same port is not a member of any other VLAN. and route rules apply as they would for a multiport router. only untagged frames will be permitted • if the port is assigned to a VLAN as tagged. a typical router performs between IP interfaces. when a VLAN is used to support an IP interface.AT-RG 600 Residential Gateway – Software Reference Manual 53 • If a port is assigned to a VLAN as untagged.

This command constructs a new IP interface with the specified IP address and netmask but doesn't bind the IP interface to any port. routing between these interfaces is immediately enabled without requiring any route to be explicitly defined. The default VLAN and the IP interface attached to it cannot be removed. To create a primary IP interface and connect it to a VLAN.54 Chapter 3 – VLAN IP routing IP layer IP Interface ip0 IP Interface <name> IP Interface <name> Transport (VLAN) VLAN default VLAN <vlanname> VLAN <vlanname> Virtual port Ethernet 0 Ethernet 1 Ethernet 1 Layer 2 switch Physical port lan1 lan2 lan3 wan Figure 3. This command instructs the system that a new (virtual) transport device has been added to the system. the Residential Gateway starts with one IP interface attached to the default VLAN in order to provide remote access to the system via telnet. It's possible to remove all the ports from the default VLAN if one or more other VLANs exist. Bind the IP interface to the VLAN using the IP ATTACH TRANSPORT command. When more than one IP interfaces is defined. VLAN and IP layer architecture (the greyed area surrounds the entities always available in the system) The maximum number of primary IP interfaces that can be defined is 16 and is equal to the maximum number of VLANs that it is possible to create on the residential gateway. the following steps must be performed (see Figure 4): • • • Create a VLAN using the VLAN ADD VID command Add ports to the VLAN using the VLAN ADD PORT command Add the VLAN to the ethernet transports list using the ETHERNET ADD TRANSPORT command. By default. • • At this point the IP interface is available for any process requiring access to the IP network. . Create an IP interface with the IP ADD INTERFACE command.

VLAN Ethernet Transport Adding IP and VLAN Attach IP Interface on VLAN Figure 4.AT-RG 600 Residential Gateway – Software Reference Manual 55 Default Configuration VLAN Creation IP Interface Creation VLAN Port Adding IP Interface Config.basic steps . IP interface over VLAN .

The port is then called a tagged port for this VLAN. To display the existing VLANs. configure and manage VLANs. lan1. the frame is transmitted without a VLAN tag. AT-RG623 and AT-RG656 residential Gateway to create. a VLAN tag is added to frames prior to transmission.56 Chapter 3 – VLAN VLAN Command Reference This section describes the commands available on the AT-RG613. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). • If untagged is specified. • If tagged is specified. vlan CLI commands The table below lists the vlan commands provided by the CLI: Command VLAN ADD PORT VLAN ADD VID VLAN DELETE VLAN SHOW VLAN ADD PORT Syntax VLAN ADD <vlanname> PORT <portname> FRAME {TAGGED | UNTAGGED} Description This command adds an Ethernet port to an existing named VLAN that has been created with the command VLAN ADD VID. Valid port names (case insensitive) are: wan. The port is then called an untagged port for this VLAN. lan2. use the VLAN SHOW command. A name that identifies an Ethernet port. Default Value N/A portname N/A FRAME N/A Example --> vlan add voip port lan1 frame untagged . The FRAME parameter specifies whether a VLAN tag header is included in each frame transmitted on the specified ports. lan3. Option vlanname Description A name that identifies an existing VLAN.

Option Description An arbitrary name that identifies the VLAN.1p_priority <priority>] Description This command defines a new VLAN which has the specified VID value. This command specifies also the priority value of the tagged packets that from the network processor are sent to the layer2 switch and then to the network.' or the slash symbols '/'. The name must not be already in use for another VLAN. Available values are from 0 to 7. .AT-RG 600 Residential Gateway – Software Reference Manual 57 See also VLAN SHOW VLAN ADD VID Syntax VLAN ADD <vlanname> VID <vlanID> [802.1p_priority 7 See also VLAN SHOW VLAN DELETE Syntax VLAN DELETE <vlanname> [PORT <portname>] Description This command deletes an existing VLAN created with the VLAN ADD VID command. • If untagged ports are added to this VLAN. The default port based VLAN has a VID of 1. it cannot start with a digit and cannot contain dots '. The VLAN name can be 16 characters length. the specified VID only acts as an identifier for the VLAN in the Forwarding Database. The VLAN name can be a maximum of 16 chars long.1p of the tagged packets that from the Residential Gateway network processor are sent to the switch and then outside to the network. the specified VID is used in the VID field of the tag in outgoing frames. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The VLANID parameter specifies a unique VLAN Identifier (VID) for the VLAN. • If tagged ports are added to this VLAN. Default Value vlanname N/A vlanID N/A priority 0 Example --> vlan add voip vid 10 802. It's the priority value as defined in 802.

The numerical VLAN identifier of the VLAN (VID). Valid port names (case insensitive) are: Wan. The status of the VLAN (only static VLAN are supported) A list of untagged ports that belong to the VLAN. use the VLAN SHOW command.1. Default Value N/A portname N/A Example --> vlan delete voip port lan2 --> vlan delete voip See also VLAN ADD PORT VLAN ADD VID VLAN SHOW VLAN SHOW Syntax VLAN SHOW Description This command display the following information about all the VLANs defined in the system: • Name • Identifier • Status The name of the VLAN. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). A name that identifies a port members of the VLAN. The value of the 802. Option vlanname Description A name that identifies an existing VLAN. lan2. To display the existing VLANs. • Untagged port(s) • Tagged port(s) • 802. lan1.58 Chapter 3 – VLAN To completely remove a VLAN it is necessary to first remove all port members of the vlan.1p priority Example --> vlan show VLAN information --------------------------------------------Name: default Identifier 1 Status static 802. lan3. A list of tagged ports that belong to the VLAN.p priority assigned to packets sent from the Residential Gateway processor.1p Priority 7 Untagged port(s) lan3. wan Tagged port(s) cpu Name: voip Identifier 10 Status static .

AT-RG 600 Residential Gateway – Software Reference Manual 59 802.1p Priority Untagged port(s) Tagged port(s) 7 lan2 lan1 --------------------------------------------See also VLAN ADD PORT VLAN ADD VID .

A packet consists of a header followed by the data (see Figure 5 and Table 4). A connection is not maintained between the source and destination addresses. The basic unit of data sent through an Internet is a packet or datagram. rather. In recent times the term Internet (with a lowercase “i”) has also come to refer to any network (usually a wide area network). IP protocols are widely used and available on nearly all hosts and PC systems. that of a generalized network which uses IP as the transport protocol. A large number of government. The header contains the information necessary to move the packet across the Internet. the destination address is placed in the header and the packet is transmitted on a best effort basis. worldwide network of networks based on the original concepts of the ARPAnet. There is a strong analogy with the postal delivery system in that letters are placed in individually addressed envelopes and put into the system in the ‘hope’ that they . file transfer and Email. using the information in the header. and use it to exchange traffic such as Email. An IP network functions by moving packets between routers and/or hosts. which utilizes the Internet Protocol.e. The remainder of this chapter will concentrate on the latter definition. i. They provide a range of services including remote login. It must be able to cope with missing and duplicated packets as well as possible fragmentation (and reassembly) of the original packet.60 Chapter 4 – IP Chapter 4 IP INTRODUCTION This chapter describes the main features of the Internet Protocol (IP) and how to configure and operate the AT-RG613. Packets are sent using a connectionless transport mechanism. Successive packets may take different routes through the network to the destination. academic and commercial organizations are connected to the Internet. AT-RG623 and AT-RG656 IP interface. The Internet uses the TCP/IP protocols for all routing. THE INTERNET The Internet (with a capital “I”) is the name given to the large. It is up to the intermediate systems (routers and gateways) to deliver the packet to the correct address.

in which both parties verify that they are talking to the correct person before exchanging highly sequenced data (if both talk at once then nothing intelligible results!). Field Ver IHL Type of service Total length Identification Flags Fragment offset Time to live Protocol Header checksum Function The version of the IP protocol that created the datagram. higher layers (such as TCP and Telnet) are responsible for ensuring that packets are delivered in a reliable and sequenced way.25 would be a telephone call.25 is an example of a connection-oriented protocol. and if so. whether other later fragments exist The offset in the original datagram of the data being carried in this datagram. A 16-bit value assigned by the originator of the datagram.AT-RG 600 Residential Gateway – Software Reference Manual 61 will arrive. The quality of service (precedence. throughput. for fragmented datagrams The time in seconds the datagram is allowed to remain in the Internet system The high level protocol used to create the message (analogous to the type field in an Ethernet packet) A checksum of the header . in octets. Its not hard to imagine the chaos if the telephone system delivered words in the wrong order. In contrast to a connectionless transport mechanism. a connection-oriented transport mechanism requires a connection to be maintained between the source and destination for as long as necessary to complete the exchange of packets between source and destination. The length of the IP header in 32-bit words (the minimum value is 5). used during reassembly Control bits indicating whether the datagram may be fragmented. A good analogy to X. The length of the datagram (both header and user data). the postal system is very reliable. In an Internet. Like an Internet. and reliability) desired for the datagram. X. delay. IP packet or datagram. 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 2 0 1 2 3 4 5 6 7 8 9 3 0 1 Version IHL Identification TTL TOS flags Protocol Source IP Address Destination IP Address Total Length fragment offset Header Checksum User Data Figure 5. and the connection is maintained until both parties have finished talking.

Addresses are organised into five classes (see Table 5).384 2. They must not be confused with physical addresses (such as an Ethernet address). All bits set to zero—used to pad the datagram header to a length that is a multiple of 32 bits.536 255 Table 5. The actual data being sent. . Most packets also require a source address so that the sender of the packet is known.777. Addresses are 32-bit quantities which are logically divided into fields.152 Reserved Class Reserved Class Maximum number of hosts per network 16. Internet Protocol address classes and limits on numbers of networks and hosts. Table 4. ADDRESSING Internet addresses are fundamental to the operation of the TCP/IP Internet. Each packet must contain an Internet address to determine where to send the packet. they serve only to address Internet Protocol packets. Class A B C D E Maximum number of possible networks 127 16. Functions of the fields in an IP datagram.097.62 Chapter 4 – IP Source IP address Destination IP address Options Padding User data 32-bit IP address of the sender 32-bit IP address of the recipient An optional field primarily used for network testing or Debugging.216 65. Each class differs in the number of bits assigned to the host and network portions of the address (Figure 6).

including PCs. 255) is reserved as the broadcast address.0.8. Class C sets the three MSBs to ‘110’ and allocates the next 21 bits to designate the network while the remaining 8 are left to the user to assign as host or subnet numbers.9. B and C networks. The term host refers to any attached device on a subnet. Class B sets the two MSBs to 10 and allocates the next 14 bits to designate the network while the remaining 16 refer to the host. For example: 10. Some older versions of UNIX use a broadcast value of all zeros. mainframes and routers.9 .0 refers to any host (not every host) on any subnet within the class B address 172. .16 .16. The address 172. In general a router is only interested in the network portion of an address. In other words they have a single IP address.190 is a class A address is the DDN assigned network number are (possibly) user assigned subnet numbers is the user assigned host number is a class B address is the DDN assigned network number is the user assigned subnet number is the user assigned host number The value 0.2 10 .AT-RG 600 Residential Gateway – Software Reference Manual 63 1 CLASS A 0 7 NETWORK 24 HOST 1 1 CLASS B 1 0 14 NETWORK 16 HOST 1 1 1 CLASS C 1 1 0 21 NETWORK 8 HOST Figure 6.4.0.0.2 172. Routers are connected to more than one network and can have multiple IP addresses.16. The IP address is expressed in dotted decimal notation by taking the 32 binary bits and forming 4 groups of 8 bits. Subdivision of the 32 bits of an Internet address into network and host fields for class A. Class A sets the Most Significant Bit (MSB) to 0 and allocates the next 7 bits to define the network and the remaining 24 bits to define the host. while a value of all ones in any host portion (i.190 172.0 is used to define the default address. Most hosts are connected to only one network.4.e. each separated by a dot.8 . The addressing scheme is designed to allow routers to efficiently extract the host and network portions of an address.16. therefore both the value ‘0’ and the value ‘255’ are reserved within any user assigned host portion.

This mask is needed by the routers to ascertain which subnets are available at each site.16. To do otherwise can make the allocation of numbers rather difficult and prone to errors.0.0. whereas 172. This could be to increase the number of hosts or simply to make administration easier. Thus the addressing system is not scalable.56.255.0 <----network----> <subnet> <-host-> . Proxy ARP and subnetting.64 Chapter 4 – IP Similarly 172. defines a host by its connection to a particular network. A common method for class B is to simply use the higher octet to refer to the subnet.11111111. This makes the allocation of a subnet mask easier. For example the DDN may assign a class B address as 172. the rapid growth of the Internet has meant a proliferation in the number of addresses which must be handled by the core routers. A related problem can occur when an organisation which has a class C address finds that they need to upgrade to class B. although this is not a requirement. For example 172. A subnet is formed by taking the host portion of the assigned address and dividing it into two parts.16. This allows a simple bit-wise logical AND to determine if the address should be forwarded or not. This is overcome by minimising the number of network addresses by sharing the same IP prefix (the assigned network number) with multiple physical networks. There are two main ways of achieving this. Proxy ARP will be discussed later in this section. Although the standard does not require that the subnet mask must select contiguous bits. The router uses this terminology to indicate where packets are to be sent. These subnets need not be physically on the same media.16.16. although it is unique. Some sites may have a requirement for multiple subnets on the same LAN. Bits in the mask are set to ‘1’ if the router is to treat the corresponding bit in the IP address as belonging to the network portion or set to ‘0’ if it belongs to the host portion. This involves a total change of every address for all hosts and routers.255 is a broadcast to subnet 56 of network 172. To reduce loading. Generally these would all be within the same organisation. hence most broadcasts are ‘directed’. The situation is analogous to the postal system. In this case it is normal (but not required) that the subnets be assigned contiguously for this site.255. An address with ‘0’ in the host portion refers to ‘this particular host’ while an address with ‘0’ in the network portion refers to ‘this particular network’.00000000 = 255. Thus there are 254 subnets (0 and 255 are reserved) each with 254 hosts. The system manager would then assign the lower two octets in some way which makes sense for this particular network.0 refers to any host on subnet 9.11111111. subnet 3 another and so on. A major problem with the IP type of addressing is that it defines connections not hosts. More addresses means more loading and tends to slow the system down. Some example masks are: 11111111. Subnets Related to the two issues discussed above.16.9. Generally they would be allocated geographically with subnet 2 being one site. it is normal practice to do so. As mentioned above a value of all ‘1’ (255) is a broadcast. The first part is the ‘set of subnets’ while the second refers to the hosts on each subnet.255 is a packet addressed to every host on subnet 9.9. A particular address. IP consciously tries to limit broadcasts to the smallest possible set of hosts. Therefore if the host is moved to another network the address must also change.

--subnet-><host> This would give 4094 subnets on a class B network. the command: ip add interface ip1 192. Packets trasmitted through a pppoe connection or ethernet connection will have different frame format even if the convey the same type of information to the IP layer. for example. Because the system support VLANs.101. one or more interfaces must be added to the IP stack and attached to a transport. Each interface (real and virtual) must have a unique subnet.255. these define the range of addresses which can be reached via the interface without passing through any other routers.255.11110000 = 255.2 255. each with 14 hosts or. each with 254 hosts. IP interfaces use typically the services provided by ethernet transports. Instead ethernet transports are mapped to VLANs that from a logical point of view they act like an ethernet segment as an ethernet port would do in a simple system without VLANs To attach an ethernet transport to the Residential Gateway the following steps must be performed: Create an ethernet transport using the command: ethernet add transport eth1 myvlan Create an interface to the IP stack: using.11111111. In situations where there is no local subnet associated with an interface. is pppoe.AT-RG 600 Residential Gateway – Software Reference Manual 65 This would give 254 subnets on a class B network. Each interface must be configured with an IP address and a subnet mask. Adding and attaching IP interfaces IP interfaces are added and attached using the commands provided in the ip and ethernet module respectively. unnumbered interfaces may be used. for example. the range of addresses on each interface must not overlap with any other interface. IP SUPPORT ON AT-RG6XX RESIDENTIAL GATEWAY SERIES In order to use the IP stack. the same ethernet port can be shared between different VLANs.255. Another type of transport is. Therefore it's not possible map an ethernet transport directly to a physical ethernet port.168.11111111. 11111111. Together.0 Attach the transport to the interface using the command: ip attach ip1 eth1 .255. Ethernet transport is an abstraction layer used to classify the format of the IP packets that will be transferred through the network. 14 subnets on a class C network each with 14 hosts.240 <------network--> <.

0. • the packet should be forwarded to another interface Locally received packets A packet will be received locally if: • the destination address of the packet matches any of the IP stack interface addresses (real or virtual interface. for example to prevent broadcast packets from being forwarded.2). it will try to forward the packet. Forwarding packets If the IP stack determines that a packet is not destined to be received locally. primary or secondary addresses). because calculating the checksum on all packets adds significantly to the forwarding time and reduces throughput. • a route has been added. • the packet has the Router Alert option set.0 is unconfigured.Hosts (section 3. the checksum of forwarded IP packets is not checked. For more information about these tests. An interface is added as unconfigured when it is to be configured at a later time. for example. see RFC1122: Requirements for Internet . Locally terminated packets always have their checksum checked. the IP stack must be able to find a suitable route to that host. • the packet is a broadcast. an ICMP “Destination Unreachable” error will be returned to the sender. If the packet cannot be forwarded. specifying a suitable gateway via which that destination may be reached.0. Several address tests are applied before forwarding a packet. Unconfigured interfaces An interface with an IP address of 0. For a local application to successfully send a packet back to another host. The packet will be forwarded if: • the destination of the packet can be reached directly via any of the IP stack’s interfaces. or passed up to an application via the appropriate protocol processing (for example. This default setting is common in most IP routers. TCP or UDP data). . by IPCP or DHCP. the IP stack determines whether: • the packet should be received locally. • the packet is a multicast to a group that the IP stack belongs to.66 Chapter 4 – IP IP stack and incoming packets When a packet arrives on an IP interface. either manually or by a routing protocol. By default. The packet is either processed internally within the IP stack (for example. This is for reasons of efficiency. ICMP or IGMP control messages).

or by specifying an IP address of 0. An unconfigured interface is created by adding an interface without specifying an IP address (ip add interface myinterface). for example.0). An unnumbered interface is different .AT-RG 600 Residential Gateway – Software Reference Manual 67 No traffic will be forwarded from an unconfigured interface. Unnumbered interfaces can only be used on point-to-point links. An unconfigured interface should not be confused with an unnumbered interface. in addition to the other two subnets.0.0. The main use of the router id is as the source address for packets sent on an unnumbered interface from local applications or . by IPCP or DHCP. An unnumbered link does not have an IP address.0. The unnumbered interfaces can either use different router id values. However. an unconfigured interface may still receive certain types of traffic.255. This includes PPP. You cannot use unnumbered interfaces with Ethernet Unconfigured interfaces v unnumbered interfaces An unnumbered interface is not the same as an unconfigured interface.0 (ip add interface myinterface 0. You would add an unconfigured interface if the interface address were to be set automatically later. but a router id which is the IP address of one of the router’s other interfaces. Configuring unnumbered interfaces Unnumbered interfaces are created using the following CLI command: ip add interface <name> <ipaddress> 255. Whatever their value. The router id must be set to the IP address of one of the router’s normal interfaces. It cannot be used for normal traffic. An unnumbered interface does not have a subnet associated with it and simply serves as one end of a point-to-point link. You can have multiple unnumbered interfaces as long as you have at least one normal (numbered) IP interface in your router so that you can use its IP address as the router id.255.it is used for normal traffic but does not have its own IP address or a local subnet associated with it.0.168. consider two routers that are joining two different subnets via a point-to-point link. • 192. It would usually be necessary to allocate a whole subnet just for the link between the routers.255. Unnumbered interfaces In a routed network.255. such as responses to DHCP requests.255 In this command: • myinterface is the unnumbered interface name.168. or use the same router id value.255 For example: ip add interface myinterface 192.3 255.101.101.3 is the router id. the router id(s) must match the address of a normal interface.

0 subnet will be sent to the address 192.10 as their next hop.0 gateway 192. these features allow many configurations which would not otherwise be possible. on the same Ethernet port. Together. routes are added with a gateway to be used for a particular destination. for example. . You must also add a route before your unnumbered interface can send packets. without specifying a gateway address.101. Creating a route Because an unnumbered interface does not have a local subnet associated with it. you can add a route through the interface. Virtual interfaces allow you to attach more than one IP interface to the same transport. so 192.255 is a special subnet mask that identifies an unnumbered interface and distinguishes it from any other type of interface. Secondary IP addresses allow you to associate more than one IP address with the same IP interface.168.0. Virtual Interfaces Usually. But.0 interface myinterface All packets for the specified destination will be sent via the unnumbered interface called myinterface.0 255.101.0. for point-to-point links.255.0. Router IDs are described in RFC1812 “Requirements for IP v4 Routers”. no packets can be routed to an unnumbered interface until a route is added.68 Chapter 4 – IP routing protocols.168. for example: ip add route myroute 10.101. Let us just consider how this is done. the two interfaces share the transport that is only attached to one of the interfaces.255. The gateway must be reachable directly. For example: ip add route myroute 10. Virtual interfaces allow you to create multiple router interfaces on the same transport. each transport only has one router interface associated with it. • 255.0.0.0.0.0. This type of route can be used for all interfaces with point-topoint links.10 must be on a subnet served by one of the local interfaces. but instead of attaching it to a transport. Usually. you need to attach it to a second IP interface that already has a transport attached to it.0.168. not just unnumbered interfaces. Configuring virtual interfaces To configure a virtual interface you need to create an IP interface.10 This means that all packets for the 10.0.and each router interface has only one IP address and local subnet associated with. In this way. for ethernet interface. This allows the IP stack to communicate with and route between multiple subnets existing on the same LAN.0 255.

168. virtual interfaces must have a unique subnet which does not overlap with other interfaces. then create an Ethernet transport and attach the IP interface to the transport: ip add interface real_ip 192. Like real interfaces.0 ethernet add transport eth1 myvlan ip attach real_ip eth1 (ii) Create the virtual interface: ip add interface virtual_ip 192. Similarities interfaces between virtual interfaces and real A virtual interface is similar to a real interface: • virtual interfaces may be manipulated in the same way as real interfaces using the CLI.255. If there is no match.AT-RG 600 Residential Gateway – Software Reference Manual 69 The original interface attached directly to a transport is called the real interface. In order to have the router respond to more than one IP address on the same subnet.255. so you need to know which interfaces the packet passes between. the IP stack assumes that the packet arrived on the real interface. The source address of the incoming packet is compared with the subnet of each virtual interface on that transport.255.2 255. The interface that the packet arrived on is important in two scenarios: • When the Firewall is in use . If the real interface is deleted.101. then all associated virtual interfaces are detached automatically.255.50. To configure a virtual interface using the CLI: (i) Create the real interface. and the interface that is attached to the real interface is called the virtual interface.168.0 (iii) Attach the virtual interface to the real interface: ip attachvirtual virtual_ip real_ip You can add more than one virtual interface to the same real interface. the IP stack must decide which interface the packet arrived on. secondary addresses must be used instead of virtual interfaces. portfilters and validators) are configured between different interfaces.10 255. . • the IP stack will route between virtual interfaces and real interfaces in the same way that it routes between real interfaces. Virtual interfaces are created by attaching them to a real interface instead of directly to a transport.different rules (such as policies. Differences interfaces between virtual interfaces and real When the IP stack receives a packet from a transport that has associated virtual interfaces.

are deemed to be received on the real interface. for example DHCP or BOOTP requests. The secondary addresses share the same subnet with the interface. therefore security-related decisions should not be based on the ability to distinguish between virtual interfaces on the same transport. the only reasonable way of selecting an interface is based on source address as described above. For example. DHCP server. one or more additional addresses on the same subnet can be added to the interface.70 Chapter 4 – IP • Some applications are written to only respond to traffic received on a specific interface. Remember that the source address of the packet can be spoofed by the sender. After setting the main interface address. You should use virtual interfaces instead. Configuring secondary IP addresses You can create and configure secondary IP addresses using the CLI. • Any packets from an unconfigured host. Support for adding secondary IP addresses including subnet mask specification will be withdrawn in a future software release. even if the next hop would be reached through the virtual interface when sending to that destination. The following CLI commands allow you to create and configure secondary IP addresses: ip ip ip ip interface interface interface interface add secondaryipaddress clear secondaryipaddresses delete secondaryipaddress list secondaryipaddresses The ability to specify a subnet mask with a secondary address is superseded by the functionality of virtual interfaces. • Packets that arrive with a source address that does not match a local subnet are deemed to have been received on the real interface. Because the traffic for all virtual interfaces is received in the same way as the real interface. This means that: • A virtual interface only receives packets with a source address matching its interface subnet. Secondary IP addresses Secondary IP addresses differ from virtual interfaces because there is no concept of a separate local subnet associated with a secondary address. . providing packets arrive via the real interface that the virtual interface is attached to. Secondary addresses therefore allow the IP stack to have more than one address on the same subnet.

Currently. as well as real interfaces. the Residential . The IP stack can ensure that the VoIP traffic is given preference to other types of traffic. network traffic tends to arrive in bursts. • The architecture of the IP stack can enable specially written local applications to receive an enhanced level of service compared to other applications. This is similar to configuring a virtual interface as an unnumbered interface. IP Quality of Service The IP stack includes features which enable different levels of service to be provided to different classes of routed traffic. These features are applicable to both forwarded and locally terminated traffic. On Point-to-Point links. and compared to other classes or forwarded traffic For example.AT-RG 600 Residential Gateway – Software Reference Manual 71 Functionality of secondary IP addresses On Ethernet interfaces. One or more devices on the LAN wish to send voice over IP (VoIP) traffic over the WAN connection. even when other devices are also sending traffic to the WAN connection at the same time. Example of use of Prioritization • When forwarding traffic between interfaces where one or more interface has a limited bandwidth. secondary IP addresses must be on the same subnet as the interface. certain classes of traffic can be given priority over other types of traffic. The IP stack is routing traffic between a fast Ethernet LAN and a limitedbandwidth WAN connection. • Lower latency. Secondary addresses may be added to virtual interfaces. This is not a common configuration. two traffic classes are offered: • the Expedited traffic class • the Default (or Best-effort) traffic class Expedited class The Expedited class differs in two ways from the default level of service: • Lower packet loss. It is important that the VoIP traffic has low packet loss and latency. in overload conditions (where there is more traffic than the IP stack can route) packets from the default traffic class will be dropped in preference to packets from the expedited traffic class. the IP stack ensures that the latency of expedited traffic is reduced to a minimum by never queuing packets in the expedited traffic class behind packets in the default traffic class. This will provide an additional address which the IP stack will respond to for traffic arriving on that interface. secondary addresses may be added on a different subnet to the main interface address. but with no associated local subnet.

not packets forwarded to that interface. it is passed to the classifier.72 Chapter 4 – IP Gateway provides routing to a LAN as well as terminating VoIP traffic. or by a previous router which has already classified the packets and marked them using this field. or the IP Protocol and TCP/UDP source and/or destination port numbers. there are currently two Quality of Service Classes: Expedited and Default. Configuring Flow Qualifiers To create and configure qualifier rules using the CLI. For example. when used in conjunction with checking the TOS/DS field. The classifier configuration on an interface only affects packets arriving on that interface. . In cases where the packets cannot be identified by their TOS/DS field. Rules are added to the classifier separately for each IP Interface. • The source IP address. The classifier’s job is to examine certain fields in each IP packet and assign a specific Quality of Service Class to the packet. etc). This field may be set by the IP stack originating the packet if the application has requested it. This is usually used in conjunction with the fields described above. or just by IP protocols. Firewall. The IP stack can ensure that the VoIP application can send and receive packets with low packet loss and low latency even in the presence of other routed traffic. Quality of Service support There are three components to the Quality of Service support: • packet classification • link bandwidth prioritization • CPU prioritization Only packet classification can be configured by CLI. • The IP Protocol. The following fields can be examined: • the TOS (Type of Service) / DS (Differentiated Services) field in the IP header. this would ensure that only certain hosts could receive expedited service. Each rule states that values must be present in fields in order for the packet to be classified as Expedited. use the commands described in this section. rules may be added to identify certain traffic sent to or from certain applications by the TCP or UDP source and/or destination port numbers. The classifier is also known as the Flow Qualifier. or traffic to other applications (like DHCP server. Packet Classification When the IP stack first receives a packet. Packets are assumed to be in the Default class unless they match a specific rule added to the classifier. other hosts would be ignored even if they set the correct values in the TOS/DS field. As mentioned before.

CPU prioritization The CPU resources of the system may be constrained in certain circumstances. you can also base the flow qualifier on the source and destination port of incoming packets: ip interface add fq protocol You can also classify packets based on the protocol and the source address of incoming packets. to an interface on a low speed link. such as DSL. use the following command. which would make them unavailable for use by expedited traffic. When a packet is received. the classifier assigns a QoS class to it (Expedited or Default). use the command: ip interface add fq codepoint Once you have created flow qualifier rules. such as Ethernet. This ensures that expedited traffic is not delayed by best-effort traffic while awaiting transmission. If the protocol you specify is TCP or UDP. it marks the packet with a priority that is to be used during packet transmission. This ensures that when default traffic is sent to the interface faster than it can be transmitted. • When traffic is queued for transmission. you can configure them using the following CLI commands: ip interface clear fqs ip interface delete fq ip interface list fqs Link bandwidth prioritization If you are routing from an interface on a high speed link. and the DS (Differentiated Services) codepoint field of each IP packet header. When the IP stack sends a packet to a device driver. The device driver itself is responsible for prioritizing the transmission of packets. The QoS class determines what priority the packet is given. the default packets are discarded. The device driver will handle expedited traffic differently from default traffic in two ways: • When traffic is queued for transmission. for example: . expedited traffic must be queued ahead of default traffic. the number of packets of default traffic on the queue must be limited. the router may forward more traffic from the Ethernet interface to the DSL interface than can be transmitted. use the command: ip interface add fq srcaddr codepoint To classify packets based on the DS (Differentiated Services) field only.AT-RG 600 Residential Gateway – Software Reference Manual 73 To classify packets based on a specified protocol. This is necessary in order to prevent the system from running out of buffers. using: ip interface add fq srcaddr protocol To classify packets based on both the source address of incoming packets.

• application resource requirements. To ensure that CPU resources are available to preferentially handle expedited traffic. because this added latency would be apparent when making VoIP calls. This ensures lower latency for expedited traffic. . the speed of the interfaces may be so fast that packets are sent to the IP stack faster than it can route them. Here. there may be enough CPU to route all packets. ICMP and ARP protocol processing). but you do not want individual packets to be delayed while another process is running. and local VoIP applications run at a higher priority compared to the rest of the system. the system incorporates the following features: • Process priorities. For example. but also reduces the adverse effect on latency of best-effort traffic bursts that arrive immediately before an expedited packet. Under heavy traffic. This not only ensures that expedited packets are still handled even under CPU overload conditions. certain parts of the IP stack. • Division of tasks. The IP stack is split into separate tasks. these are used to ensure that tasks handling expedited traffic run at a higher priority than the rest of the system. if a user is retrieving pages from the embedded webserver). with a division between: • the part of the stack that quickly makes the routing decision and forwards traffic between interfaces • and the part of the stack which performs more lengthy but less time-critical tasks (such as TCP. the throughput of the IP stack may be constrained by the amount of available processing power. after classification. packets are processed in priority order within the forwarding path. • Post-classification priority processing. device drivers and encapsulation protocols. other applications that run on the same processor as the router may consume a significant amount of CPU (for example.74 Chapter 4 – IP • constrained throughput.

IP Tracing commands You can carry out tracing in the IP stack using the following system commands: • SYSTEM LOG ENABLE|DISABLE. IP CLI commands The table below lists the IP commands provided by the CLI: Command IP ADD DEFAULTROUTE GATEWAY IP ADD DEFAULTROUTE INTERFACE IP ADD INTERFACE IP ADD ROUTE IP ATTACH IP ATTACH VIRTUAL IP CLEAR ARPENTRIES IP CLEAR INTERFACES IP CLEAR RIPROUTES IP CLEAR ROUTES IP DELETE INTERFACE IP DELETE ROUTE IP DETACH INTERFACE IP INTERFACE ADD FQ CODEPOINT IP INTERFACE ADD FQ PROTOCOL IP INTERFACE ADD FQ SRCADDR CODEPOINT IP INTERFACE ADD FQ SRCADDR PROTOCOL IP INTERFACE ADD PROXYARPENTRY IP INTERFACE ADD PROXYARPEXCLUSION IP INTERFACE ADD SECONDARYIPADDRESS IP INTERFACE CLEAR FQS IP INTERFACE CLEAR PROXYARPENTRIES . displays the tracing options for the modules available in the current image. enables/disables the tracing support output for a specific module and category. • SYSTEM LOG LIST.AT-RG 600 Residential Gateway – Software Reference Manual 75 TCP/IP Command Reference This section describes the commands available on the Residential Gateway to manage the TCP/IP module.

76 Chapter 4 – IP IP INTERFACE CLEAR SECONDARYIPADDRESS IP INTERFACE DELETE FQ IP INTERFACE DELETE PROXYARPENTRIES IP INTERFACE DELETE PROXYARPEXCLUSION IP INTERFACE DELETE SECONDARYIPADDRESS IP INTERFACE LIST FQS IP INTERFACE LIST PROXYARPENTRIES IP INTERFACE LIST SECONDARYIPADDRESSES IP LIST ARPENTRIES IP LIST CONNECTIONS IP LIST INTERFACES IP LIST RIPROUTES IP LIST ROUTES IP PING IP SET INTERFACE DHCP IP SET INTERFACE IPADDRESS IP SET INTERFACE MTU IP SET INTERFACE NETMASK IP SET INTERFACE RIP ACCEPT IP SET INTERFACE RIP MULTICAST IP SET INTERFACE RIP SEND IP SET INTERFACE TCPMSSCLAMP IP SET INTERFACE RIP SEND IP SET RIP ADVERTISEDEFAULT IP SET RIP AUTHENTICATION IP SET RIP DEFAULTROUTECOST IP SET RIP HOSTROUTES IP SET RIP PASSWORD IP SET RIP POISON IP SET ROUTE COST IP SET ROUTE DESTINATION IP SET ROUTE GATEWAY IP SET ROUTE INTERFACE IP SHOW .

3 It's possible to create only one default route.AT-RG 600 Residential Gateway – Software Reference Manual 77 IP SHOW DEBUGINFO IP SHOW INTERFACE IP SHOW ROUTE IP ADD DEFAULTROUTE GATEWAY Syntax IP ADD DEFAULTROUTE GATEWAY <gateway_ip> Description This command creates a default route.103.0 0.0.0.0. It acts as a shortcut command that can be used instead of typing the following: ip add route default 0. A default route will not be created if a default route has already been created using the IP ADD ROUTE command or the IP ADD DEFAULTROUTE INTERFACE command. 192.0.0. It acts as a shortcut command that can be used instead of typing the following: ip add route default 0.0.0. . see THE IP SET RIP ADVERTISEDEFAULT and IP SET RIP DEFAULTROUTECOST commands. displayed in the IPv4 format (e.168.0.0 gateway 192.168.0 0.g.102.168. To have RIP advertise a default route with a default cost metric.3 See also IP ADDROUTE IP ADD DEFAULT ROUTE INTERFACE IP ADD DEFAULTROUTE INTERFACE Syntax IP ADD DEFAULTROUTE INTERFACE <interface> Description This command creates a default route. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable) Option gateway_ip Description The IP address of the gateway that this route will use by default.3) Default Value N/A Example --> ip add defaultroute gateway 192.0 interface ip3 A default route will not be created if a default route has already been created using the IP ADD ROUTE command or the IP ADD DEFAULTROUTE INTERFACE command.103.

By default. but it cannot start with a digit. but if it is not specified in this command.102. See PPPoE CLI commands The IP stack automatically creates a loopback interface for address 127.0. the interface will be unconfigured.0. Default Value N/A Example --> ip add defaultroute interface ip3 See also IP ADDROUTE IP ADD DEFAULT ROUTE GATEWAY IP ADD INTERFACE Syntax IP ADD INTERFACE <name> [<ipaddress> <netmask>] Description This command adds a named interface and optionally sets its IP address. There are three ways that the IP address can be set later: • using the ip set interface ipaddress command • it is possible to set the interface to obtain its configuration via Dynamic Host Configuration Protocol (DHCP) using the IP SET INTERFACE DHCP ENABLED command.0.168. The IP address is not mandatory at this stage.0.0. The IP address of the interface displayed in the IPv4 format (e. Option Description An arbitrary name that identifies the IP interface.255.0 . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable) Option interface Description The name of the existing interface that this route will use. the interface is marked as unconfigured. This value is used when the Default Value name N/A ipaddress 0. 192.0. see the IP SET RIP ADVERTISEDEFAULT and IP SET RIP DEFAULTROUTECOST commands.g.0. DHCP is disabled.3) If the IP address is set to the special value 0.1 subnet mask 255. use the IP LIST INTERFACES command. • the interface can obtain its IP configuration via PPP IPCP (Internet Protocol Control Protocol) negotiation.0. This interface is not displayed by the IP LIST INTERFACES command.78 Chapter 4 – IP To have RIP advertise a default route with a default cost metric. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display interface names. It can be made up of one or more letters or a combination of letters and digits.255.

together with a mask to indicate what range of addresses the network covers.255. the route with the most specific mask is chosen.255. A route specifies a destination network (or single host). netmask N/A Example --> ip add interface ip1 192. the IP address parameter is used to specify the router-id of the interface. so they are not relevant only to routers. see DHCP Client CLI commands. IP ADD ROUTE Syntax IP ADD ROUTE <name> <dest_ip> <netmask> {GATEWAY <gateway_ip> | INTERFACE <interface>} Description This command creates a static route to a destination network address via a gateway device or an existing interface. and setting netmask to 255.255. a system with a single interface is likely to have a single route as a default route to the router on the network that it most often needs to use. Route metric can only be set using the IP SET ROUTE COST command.103. If there is a choice of routes for a destination.g.255. 255. Options The following table gives the range of values for each option which can be specified .255. and a next-hop gateway address or interface.168.255.0 See also IP ATTACH IP SHOW INTERFACE IP SET INTERFACE IPADDRESS IP SET INTERFACE DHCP For information on setting DHCP client configuration options.0) The special value 255. It also allows the creation of a default route.AT-RG 600 Residential Gateway – Software Reference Manual 79 interface address is obtained automatically. The netmask address of the interface displayed in the IPv4 format (e. A default route will not be created if a default route has already been created using the IP ADD ROUTE command or the IP ADD DEFAULTROUTE INTERFACE command. For unnumbered interface.255.255.255 is used to indicate an unnumbered interface.255.3 255. However. An unnumbered interface is configured by setting the IP address to the interface's router-id value. Routes are used when sending datagrams as well as forwarding them. The router-id should be the same as the IP address of one of the router's numbered interfaces.

255. type default as the route name.255.4 255. Default Value name N/A dest_ip N/A netmask N/A gateway_ip N/A interface N/A Examples There are two examples in this section. Example 2 routes through an existing interface. a VLAN) so that data can be transported via the selected transport.e.80 Chapter 4 – IP with this command and a default value (if applicable).3) The name of the existing interface that this route will use.255.3) The destination netmask displayed in the IPv4 format (e.168. This command implicitly enables the transport being attached.g. Example 1 routes through a gateway.g.g. 255. i. Example 1 --> ip add route route1 192.103. To create a default static route to a destination address.0 gateway 192. 192.102. Option Description An arbitrary name that identifies the route. 192.103.168.3 Example 2 --> ip add route route2 192.0) The IP address of the gateway that this route will use.168.0 interface ip1 See also LIST INTERFACES IP ATTACH Syntax IP ATTACH {<name>|<number>} <transport> Description This command attaches an existing IP interface to an existing transport (i.3 255.255.168. It can be made up of one or more letters or a combination of letters and digits. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display interface names.168. displayed in the IPv4 format (e.e.102. .255. IP frames passing through the VLAN used as transport could reach the system main processor.102. It's possible create one route called default. The IP address of the destination network displayed in the IPv4 format (e. use the IP LIST INTERFACES command. but it cannot start with a digit.255.

The IP interface should not have a transport attached to it. use the IP LIST INTERFACES command.e. Option Description A name that identifies an existing IP interface that will be the virtual interface. use the IP LIST INTERFACES command. use the IP LIST INTERFACES command. use the IP LIST INTERFACES command. To display interface numbers. The number appears in the first column under the heading ID. voip is the name of an ethernet transport created using the ETHERNET ADD TRANSPORT command: --> ip attach ip1 voip See also IP ADD INTERFACE IP LIST INTERFACES IP ATTACHVIRTUAL Syntax IP ATTACHVIRTUAL {<name>|<number>} <real_interface> Description This command creates a virtual interface. To display interface names. and a default value (if applicable). To display the interface names. VLAN). Default Value N/A number N/A transport N/A Example In the example below. To display interface numbers. A number that identifies an existing IP interface. The virtual interface is associated with a ‘real’ IP interface that has already been attached to a transport using the IP ATTACH command. The IP interface should not have a transport attached to it. use the TRANSPORT LIST command. Default Value name N/A number N/A . which can be specified with this command. A number that identifies an existing IP interface that will be the virtual interface. A name that identifies an existing transport (i.AT-RG 600 Residential Gateway – Software Reference Manual 81 Option name Description A name that identifies an existing IP interface. To show the existing transports. You can attach multiple virtual interfaces to one ‘real’ IP interface. Options The following table gives the range of values for each option. The number appears in the first column under the heading ID.

N/A Example --> ip attachvirtual ip_virtual ip_real See also IP LIST INTERFACES IP CLEAR ARPENTRIES Syntax IP CLEAR ARPENTRIES Description This command clears all ARP entries listed in the IP ARP table. This interface must already be attached to a transport. Example --> ip clear riproutes See also IP CLEAR ROUTES IP SET RIP HOSTROUTES IP SET INTERFACE RIP ACCEPT IP SET INTERFACE RIP SEND IP CLEAR ROUTES Syntax IP CLEAR ROUTES . It does not delete the static routes. This is the ‘Real’ interface that the virtual interface will be associated with. Example --> ip clear arpentries IP CLEAR INTERFACES Syntax IP CLEAR INTERFACES Description This command clears all IP interfaces that were created using the IP ADD INTERFACE command. To display the interface names. see the IP CLEAR ROUTES command. Example --> ip clear interfaces See also IP DELETE INTERFACE IP CLEAR RIPROUTES Syntax IP CLEAR RIPROUTES Description This command deletes all the existing dynamic routes that have been obtained from RIP.82 Chapter 4 – IP Real_interface A name that identifies an existing IP interface. use the IP LIST INTERFACES command.

Option name Description A name that identifies an existing IP interface. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 83 Description This command clears all static routes that were created using the IP ADD ROUTE command. Option name number Description A name that identifies an existing route. Example --> ip clear routes See also IP DELETE ROUTE IP DELETE INTERFACE Syntax IP DELETE INTERFACE {<name>|<number>} Description This command deletes a single IP interface that was created using the IP ADD INTERFACE command. use the IP LIST ROUTES command. Default Value N/A N/A . The number appears in the first column under the heading ID. To display interface numbers. A number that identifies an existing route. A number that identifies an existing IP interface. To display interface names. To display route names. use the IP LIST INTERFACES command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the IP LIST INTERFACES command. Default Value N/A number N/A Example --> ip delete interface ip1 See also IP CLEAR INTERFACES IP LIST INTERFACES IP DELETE ROUTE Syntax IP DELETE ROUTE {<name>|<number>} Description This command deletes a single route that was created using the IP ADD ROUTE command.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). which can be specified with this command. Options The following table gives the range of values for each option. Example --> ip delete route route1 See also IP LIST ROUTES IP DETACH INTERFACE Syntax IP DETACH {<name>|<number>} Description This command detaches an IP interface from a transport (i. To display interface numbers. a VLAN) where it was previously attached using the IP ATTACH INTERFACE command. Incoming packets that match this rule are given a higher quality of service (qos) value. Option name Description A name that identifies an existing IP interface. To display interface names. A number that identifies an existing IP interface. The number appears in the first column under the heading ID. which allows them to be handled at a higher priority than other packets that do not match this rule. The number appears in the first column under the heading ID. use the IP LIST ROUTES command.84 Chapter 4 – IP To display route numbers.e. Option name Description A name that identifies an existing IP Default Value N/A . Default Value N/A number N/A Example --> ip detach ip1 See also IP LIST INTERFACES IP INTERFACE ADD FQ CODEPOINT Syntax IP INTERFACE {<name>|<number>} ADD FQ <fqname> CODEPOINT <ds_codepoint> Description This command adds a flow qualifier rule that classifies IP packets based on the DS (Differentiated Services) codepoint field of the IP packet header. use the IP LIST INTERFACES command. and a default value (if applicable). use the IP LIST INTERFACES command.

which allows them to be handled at a higher priority than other packets that do not match this rule. Options The following table gives the range of values for each option. use the IP LIST INTERFACES command. which recommends a codepoint of 101110. The PHB supported here is Expedited Forwarding. A number that identifies an existing IP Default Value N/A N/A . A flow qualifier is a rule that allows you to select a quality of service value to assign to an incoming packet. If the protocol specified is TCP or UDP. To display interface names. use the IP LIST INTERFACES command. The number appears in the first column under the heading ID. but it cannot start with a digit. To display interface numbers. which can be specified with this command. you can also specify the protocol source and destination port. To display interface names. number N/A fqname N/A ds_codepoint N/A Example --> ip interface ip1 add fq myfq codepoint 101110 See also IP LIST INTERFACES IP INTERFACE LIST FQS IP INTERFACE ADD FQ PROTOCOL Syntax IP INTERFACE {<name>|<number>} ADD FQ <fqname> PROTOCOL {<proto> | TCP [<srcport>] [<dstport>] | UDP [<srcport>] [<dstport>]} Description This command adds a flow qualifier rule that classifies IP packets based on the specified protocol. Incoming packets that match this rule are given a higher quality of service (qos) value. DS RFCs defines recommended DS codepoint values for various PHBs (Per Hop Behaviors). It can be made up of one or more letters or a combination of letters and digits. and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 85 interface. Option name number Description A name that identifies an existing IP interface. A number that identifies an existing IP interface. A codepoint is a 6 digit binary number set in the DS (Differentiated Services) field of the IP packet header. use the IP LIST INTERFACES command. An arbitrary name that identifies the flow qualifier (fq).

The number appears in the first column under the heading ID. If you set this to 0. This is only used if you have set TCP or UDP as the fq protocol.86 Chapter 4 – IP interface. The destination port of incoming packets. see RFC1700 The source port of incoming packets. A flow qualifier is a rule that allows you to select a quality of service value to assign to an incoming packet. An arbitrary name that identifies the flow qualifier (fq). packets arriving from any port are classified. The protocol can be TCP. To display interface numbers. UDP. packets destined for any port are classified. Incoming packets that match this rule are given a higher quality of service (qos) value. and the DS (Differentiated Services) codepoint field of each IP packet header. GRE or any numeric value. If you set this to 0. which allows them to be handled at a higher priority than other packets that do not match this rule. ICMP. but it cannot start with a digit. . It can be made up of one or more letters or a combination of letters and digits. The protocol type that you want to classify. For a list of protocol numbers. This is only used if you have set TCP or UDP as the fq protocol. fqname N/A proto N/A srcport N/A dstport N/A Example To prioritise TCP packets with source port 50000 and dest port 80 --> ip interface ip1 add fq myfq1 protocol tcp 50000 80 --> ip interface ip3 add fq myfq1 protocol udp 0 5001 See also IP LIST INTERFACES IP INTERFACE LIST FQS IP INTERFACE ADD FQ SRCADDR CODEPOINT Syntax IP INTERFACE {<name>|<number>} ADD FQ <fqname> SRCADDR <srcaddr> CODEPOINT <ds_codepoint> Description This command adds a flow qualifier rule that classifies IP packets based on both the source IP address of incoming packets. use the IP LIST INTERFACES command.

168.AT-RG 600 Residential Gateway – Software Reference Manual 87 Options The following table gives the range of values for each option. Option name Description A name that identifies an existing IP interface. The PHB supported here is Expedited Forwarding. A number that identifies an existing IP interface. The IP address that will be compared against the source IP address of incoming packets. A flow qualifier is a rule that allows you to select a quality of service value to assign to an incoming packet.101.102. but it cannot start with a digit. It can be made up of one or more letters or a combination of letters and digits. which allows them to be handled at a higher priority than other packets that do not match this rule. use the IP LIST INTERFACES command. you can also specify the protocol source and destination port. Default Value N/A number N/A fqname N/A srcaddr N/A ds_codepoint N/A Example --> ip interface ip1 add fq myfq1 srcaddr 192.2 codepoint 101110 See also IP LIST INTERFACES IP INTERFACE LIST FQS IP INTERFACE ADD FQ SRCADDR PROTOCOL Syntax IP INTERFACE {<name>|<number>} ADD FQ <fqname> SRCADDR <srcaddr> PROTOCOL {<proto> | TCP <srcport> <dstport> | UDP <srcport> <dstport>} Description This command adds a flow qualifier rule that classifies IP packets based on the source address and protocol of the packet. and a default value (if applicable).168. use the IP LIST INTERFACES command. which can be specified with this command. If the protocol specified is TCP or UDP. An arbitrary name that identifies the flow qualifier (fq).3 A codepoint is a 6 digit binary number set in the DS (Differentiated Services) field of the IP packet header. . The number appears in the first column under the heading ID. which recommends a codepoint of 101110. displayed in the following format: 192. DS RFCs define recommended DS codepoint values for various PHBs (Per Hop Behaviors). Incoming packets that match this rule are given a higher quality of service (qos) value. To display interface names. To display interface numbers.

168. The source port of incoming packets. with source port 50000 and destport 80 --> ip interface ip1 add fq fq1 srcaddr 192. A flow qualifier is a rule that allows you to select a quality of service value to assign to an incoming packet. If you set this to 0. displayed in the following format: 192. which can be specified with this command. RFC1700. The IP address that will be compared against the source IP address of incoming packets. use the IP LIST INTERFACES command.101. The protocol can be TCP. This is only used if you have set TCP or UDP as the fq protocol.2.3 The protocol type that you want to classify. This is only used if you have set TCP or UDP as the fq protocol. UDP. and a default value (if applicable). Default Value N/A number N/A fqname N/A srcaddr N/A proto N/A srcport 0 dstport 0 Example To prioritise TCP packets from 192. Option name Description A name that identifies an existing IP interface. packets destined for any port are classified.168. The number appears in the first column under the heading ID. A number that identifies an existing IP interface.2 protocol tcp 50000 80 See also IP LIST INTERFACES IP INTERFACE LIST FQS IP INTERFACE ADD PROXYARPENTRY Syntax IP INTERFACE {<name>|<number>} ADD PROXYARPENTRY <ipaddress> [<netmask>] . packets arriving from any port are classified. For a list of protocol numbers. use the IP LIST INTERFACES command. To display interface names. An arbitrary name that identifies the flow qualifier (fq).102. GRE or any numeric value. The destination port of incoming packets.168. It can be made up of one or more letters or a combination of letters and digits. To display interface numbers. ICMP. but it cannot start with a digit.88 Chapter 4 – IP Options The following table gives the range of values for each option. If you set this to 0.101.

which can be specified with this command.168. Option name Description A name that identifies an existing IP interface. 192. use the IP LIST INTERFACES command. You can configure proxy ARP functionality on a single address or a range of addresses. you can set one or more addresses in the range to NOT respond with proxy ARP.255.255. you can set one or more addresses in the range to NOT respond to proxy ARP using the IP INTERFACE ADD PROXYARPEXCLUSION command. The number appears in the first column under the heading ID.AT-RG 600 Residential Gateway – Software Reference Manual 89 Description This command configures proxy ARP functionality on an existing IP interface. Options The following table gives the range of values for each option.168. which can be specified with this command.0: --> ip interface ip1 add proxyarpentry 192. Once you have configured a range of proxy ARP interfaces. A number that identifies an existing IP interface. The IP address (or range of addresses) of the address for which you wish to make proxy ARP replies.100. displayed in the IPv4 format (e. Option Description Default Value . and a default value (if applicable). displayed in the IPv4 format: (e. and a default value (if applicable).g. 255.3) The netmask of the subnet for which you wish to make proxy ARP replies. use the IP LIST INTERFACES command. This means that an interface responds to ARP requests for both its own address and for any address that has been configured as a proxy ARP address. To display interface numbers. To display interface names. Options The following table gives the range of values for each option.255.g. This means that once you have configured an interface with a range of proxy ARP addresses.0) Default Value N/A number N/A ipaddress N/A netmask N/A Example The following command adds proxy ARP support to the entire subnet 192.255.102.100.0 See also IP INTERFACE ADD PROXYARPEXCLUSION IP INTERFACE LIST PROXYARPENTRIES IP INTERFACE ADD PROXYARPEXCLUSION Syntax IP INTERFACE {<name>|<number>} ADD PROXYARPEXCLUSION <ipaddress> [<netmask>] Description This command configures proxy ARP exclusion functionality on an existing IP interface.0 255.168.

This applies to all interface types. A secondary address may be used to create an extra IP address on an interface for management purposes.3) The netmask of the subnet you wish to exclude from proxy ARP. EXCEPT for addresses 192.168.0 --> ip interface ip1 add proxyarpexclusion 192.254: --> ip interface ip1 add proxyarpentry 192. use the IP LIST INTERFACES command.g.0 . You should use virtual interfaces instead. .100.100.g. The second command excludes proxy ARP support from 192.255.168. To display interface names. 192.0 255.168.0 / 255.100. The IP address (or range of addresses) that you want to set as a proxy ARP exclusion entry.100.255.100. or to allow the IP stack to route between two subnets on the same interface.100.0) N/A number N/A ipaddress N/A netmask N/A Example The first command below adds proxy ARP support to the subnet 192.255.100.255.255. The ability to specify a subnet mask with a secondary address is superseded by the functionality of virtual interfaces.168. displayed in the IPv4 format (e. you do not need to specify a subnet mask for that secondary address. See also IP INTERFACE ADD PROXYARPENTRY IP INTERFACE LIST PROXYARPENTRIES IP INTERFACE ADD SECONDARYIPADDRESS Syntax IP INTERFACE {<name>|<number>} ADD SECONDARYIPADDRESS <ipaddress> [<netmask>] Description This command adds a secondary IP address to an existing IP interface. The number appears in the first column under the heading ID. 255.0. To display interface numbers.168. displayed in the IPv4 format (e.255.10 255.168.255.102. The functionality of secondary IP addresses depends on several parameters including the type of IP interface and the netmask: • if a secondary address is on the same subnet as the primary interface address.168. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).90 Chapter 4 – IP name A name that identifies an existing IP interface.168.11.10 / 255.10 and 192.255. use the IP LIST INTERFACES command.255.255. A number that identifies an existing IP interface.254 This means that the Residential Gateway will make proxy ARP responses for the entire subnet 192.

and a default value (if applicable).0 See also IP LIST INTERFACES IP INTERFACE LIST SECONDARYIPADDRESSES IP INTERFACE CLEAR FQS Syntax IP INTERFACE {<name>|<number>} CLEAR FQS Description This command deletes all flow qualifiers that have been added to an existing IP interface using the IP INTERFACE ADD FQ commands. Option name Description A name that identifies an existing IP interface.3 255. use the IP INTERFACE LIST SECONDARYIPADDRESSES command.g. use the IP LIST INTERFACES command. A number that identifies an existing IP interface. 192.168. Options The following table gives the range of values for each option. 255. Default Value N/A number N/A netmask N/A ipaddress N/A Example --> ip interface ip1 add secondaryipaddress 192.255.255.0) To display the secondary IP addresses. use the IP LIST INTERFACES command. use the IP INTERFACE LIST SECONDARYIPADDRESSES command. The number appears in the first column under the heading ID. use the IP LIST INTERFACES command.3) To display the secondary IP addresses. To display interface names. use the IP LIST INTERFACES command. A secondary IP address that you want to add to the main IP interface.102. The IP address is displayed in the IPv4 format (e.255. To display interface numbers. To display interface names. You can add any number of secondary IP addresses.168. The Default Value N/A number N/A .AT-RG 600 Residential Gateway – Software Reference Manual 91 Option name Description A name that identifies an existing IP interface. The netmask of the secondary IP address displayed in the Iov4 format (e.102.g. A number that identifies an existing IP interface. which can be specified with this command.255. To display interface numbers.

The number appears in the first column under the heading ID. A number that identifies an existing IP interface. To display interface names. use the IP LIST INTERFACES command. Options The following table gives the range of values for each option. To display interface numbers. Default Value N/A number N/A Example --> ip interface ip1 clear proxyarpentries See also IP INTERFACE ADD PROXYARPENTRY IP INTERFACE ADD PROXYARPEXCLUSION IP INTERFACE CLEAR SECONDARYIPADDRESSES Syntax IP INTERFACE {<name>|<number>} CLEAR SECONDARYIPADDRESSES Description This command deletes all additional IP addresses that have been added to an existing IP interface using the IP INTERFACE ADD SECONDARYIPADDRESS command. which can be specified with this command. use the IP LIST INTERFACES command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description Default Value .92 Chapter 4 – IP number appears in the first column under the heading ID. and a default value (if applicable). Option name Description A name that identifies an existing IP interface. Example --> ip interface ip1 clear fqs See also IP LIST INTERFACES IP INTERFACE DELETE FQ IP INTERFACE CLEAR PROXYARPENTRIES Syntax IP INTERFACE {<name>|<number>} CLEAR PROXYARPENTRIES Description This command clears all proxy arp entries and exclusions that were created using the IP INTERFACE ADD PROXYARPENTRY and IP INTERFACE ADD PROXYARPEXCLUSION commands.

The number appears in the first column under the heading ID. To display interface names. A number that identifies an existing IP interface. To display interface names. use the IP LIST INTERFACES command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display interface numbers. N/A number N/A Example --> ip interface ip1 clear secondaryipaddresses See also IP LIST INTERFACES IP INTERFACE ADD SECONDARYIPADDRESS IP INTERFACE DELETE SECONDARYIPADDRESS IP INTERFACE LIST SECONDARYIPADDRESSES IP INTERFACE DELETE FQ Syntax IP INTERFACE {<name>|<number>} DELETE FQ <fqname> Description This command deletes a single flow qualifier that has been added to an existing IP interface using the IP INTERFACE ADD FQ commands. Default Value N/A number N/A fqname N/A Example --> ip interface ip1 delete fq myfq See also IP LIST INTERFACES IP INTERFACE LIST FQS . use the IP LIST INTERFACES command. use the IP LIST INTERFACES command. A number that identifies an existing IP interface.AT-RG 600 Residential Gateway – Software Reference Manual 93 name A name that identifies an existing IP interface. use the IP INTERFACE LIST FQS command. use the IP LIST INTERFACES command. To display flow qualifier names. To display interface numbers. The number appears in the first column under the heading ID. A name that identifies the flow qualifier (fq). Option name Description A name that identifies an existing IP interface.

Option name Description A name that identifies an existing IP interface. and a default value (if applicable). use the IP INTERFACE LIST PROXYARPENTRIES command. The number appears in the first column under the heading ID. and a default value (if applicable). Default Value N/A . Default Value N/A number N/A entrynumber N/A Example --> ip interface ip1 delete proxyarpentry 1 See also IP INTERFACE ADD PROXYARPENTRY IP INTERFACE LIST PROXYARPENTRIES IP INTERFACE DELETE PROXYARPEXCLUSION Syntax IP INTERFACE {<name>|<number>} DELETE PROXYARPEXCLUSION <entrynumber> Description This command deletes a single proxy arp exclusion entry that was created using the IP INTERFACE ADD PROXYARPEXCLUSION command. which can be specified with this command. Options The following table gives the range of values for each option. To display interface numbers. The number appears in the first column under the heading ID. Option name Description A name that identifies an existing IP interface. To display interface names. Options The following table gives the range of values for each option.94 Chapter 4 – IP IP INTERFACE DELETE PROXYARPENTRIES Syntax IP INTERFACE {<name>|<number>} DELETE PROXYARPENTRIES <entrynumber> Description This command deletes a single proxy arp entry that was created using the IP INTERFACE ADD PROXYARPENTRY command. To display entry numbers. use the IP LIST INTERFACES command. To display interface names. which can be specified with this command. use the IP LIST INTERFACES command. A number that identifies an existing ProxyArp entry on this IP interface. A number that identifies an existing IP interface. use the IP LIST INTERFACES command.

use the IP INTERFACE LIST SECONDARYIPADDRESSES command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 95 number A number that identifies an existing IP interface. Option name Description A name that identifies an existing IP interface. The number appears in the first column under the heading ID. The number appears in the first column under the heading ID. use the IP INTERFACE LIST PROXYARPENTRIES command. use the IP LIST INTERFACES command. To display interface names. To display interface numbers. To display entry numbers. use the IP LIST INTERFACES command. A number that identifies an existing IP interface. The number appears in the first column under the heading ID. A number that identifies an existing ProxyArpExclusion entry on this IP interface. To display interface numbers. The number that identifies a secondary IP address that you want to delete from the main IP interface. To display secondary IP address numbers. The number appears in the first column under the heading ID. Default Value N/A number N/A secondary ipaddress number N/A Example --> ip interface ip1 delete secondaryipaddress 1 . use the IP LIST INTERFACES command. N/A entrynumber N/A Example --> ip interface ip1 delete proxyarpexclusion 2 See also IP INTERFACE ADD PROXYARPEXCLUSION IP INTERFACE LIST PROXYARPENTRIES IP INTERFACE DELETE SECONDARYIPADDRESS Syntax IP INTERFACE {<name>|<number>} DELETE SECONDARYIPADDRESS <secondaryipaddress number> Description This command deletes a single secondary IP address that has previously been added to an existing IP interface using the IP INTERFACE ADD SECONDARYIPADDRESS command.

The following information are displayed: • interface ID numbers • IP address and netmask of proxy ARP entries and exclusions • Exclusion status. To display interface numbers.168. . which can be specified with this command. Default Value N/A number N/A Example --> ip interface ip1 list fqs Flow Qualifiers for interface: ip1 ID | Name | Src IP Address | Proto | Src Port | Dst Port | ds ---|------|----------------|-------|----------|----------|------1 | fq1 | 192. use the IP LIST INTERFACES command.101. which can be specified with this command. use the IP LIST INTERFACES command. A number that identifies an existing IP interface. To display interface names. false for inclusions Options The following table gives the range of values for each option. true for exclusions. and a default value (if applicable).2 | tcp | 50000 | 80 |101110 ----------------------------------------------------------------- IP INTERFACE LIST PROXYARPENTRIES Syntax IP INTERFACE {<name>|<number>} LIST PROXYARPENTRIES Description This command displays information about proxy arp entries and exclusions that were created using the IP INTERFACE ADD PROXYARPENTRY and IP INTERFACE ADD PROXYARPEXCLUSION commands. and a default value (if applicable). Option name Description A name that identifies an existing IP interface. Options The following table gives the range of values for each option.96 Chapter 4 – IP See also IP LIST INTERFACES IP INTERFACE LIST SECONDARYIPADDRESSES IP INTERFACE LIST FQS Syntax IP INTERFACE {<name>|<number>} LIST FQS Description This command lists all flow qualifiers that have been added to an existing IP interface using the IP INTERFACE ADD FQS command. The number appears in the first column under the heading ID.

168.255. --> ip interface ip1 list secondaryipaddresses ID | IP Address | Netmask -----|----------------------------------1 | 192. Default Value N/A number N/A Example In the example output below. To display interface numbers.255.168. A number that identifies an existing IP interface. To display interface names.168. The number appears in the first column under the heading ID. The number appears in the first column under the heading ID.0 by default. use the IP LIST INTERFACES command. use the IP LIST INTERFACES command.168.100.255. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).255. use the IP LIST INTERFACES command.0 | 255.6 | 255.168.255.2 | 255.255.0 3 | 192.0.0 ----------------------------------------- .103.100.8 | 255.0 2 | 192.103.255. To display interface numbers.255. secondary IP addresses without netmasks associated with them appear as 0.104. Option name Description A name that identifies an existing IP interface.AT-RG 600 Residential Gateway – Software Reference Manual 97 Option name Description A name that identifies an existing IP interface.4 | 255. A number that identifies an existing IP interface.254| true ----------------------------------------------- IP INTERFACE LIST SECONDARYIPADDRESSES Syntax IP INTERFACE {<name>|<number>} LIST SECONDARYIPADDRESSES Description This command lists the secondary IP addresses that have been added to an existing IP interface using the IP INTERFACE ADD SECONDARYIPADDRESS command. To display interface names. Default Value N/A number N/A Example --> ip interface ip1 list proxyarpentries ID | IP Address | Netmask | Exclude ---|---------------|----------------|---------1 | 192.0.255.0 | false 2 | 192. use the IP LIST INTERFACES command.255.

`yes' for static entries added by the user.10.20. Example --> ip list arpentries IP ARP table entries: IP address | MAC address | Interface | Static -----------------|-------------------|--------------|-------10.30.30 | 00:20:2b:03:09:c4 | 1 | no ------------------------------------------------------------- IP LIST CONNECTIONS Syntax IP LIST CONNECTIONS Description This command lists the active TCP/UDP connections in use by applications running on the device.19:23 | 192.98 Chapter 4 – IP See also IP LIST INTERFACES IP LIST INTERFACE SECONDARYIPADDRESS IP LIST ARPENTRIES Syntax IP LIST ARPENTRIES Description This command displays the ARP table. Example The example below shows an active telnet connection.`no' for dynamically generated ARP entries.10 | 00:20:2b:e0:03:87 | 3 | no -----------------|-------------------|--------------|-------20.30. It displays the following information: • Protocol type (TCP or UDP) • Local connection address and port number • Remote connection address and port number • Connection state for TCP connections This command does not show raw socket connections or UDP connections opened internally within the IP stack.91.91. • IP interface on which the host is connected • Static status . TFTP server and SNMP: --> ip list connections Local TCP/UDP connections: Proto | Local address | Remote address | State -------|------------------------|------------------------|-----------tcp | 192. and the listen sockets of the WebServer.10. which lists the following information: • IP addresses and corresponding MAC addresses obtained by ARP.20 | 00:20:2b:03:0a:72 | 2 | no -----------------|-------------------|--------------|-------30.168.20.168.18:1080 | ESTABLISHED tcp | *:80 | *:* | LISTEN udp | *:69 | *:* | udp | *:161 | *:* | .

the name of the existing interface that this route uses Example --> ip list riproutes .102.The number of hops counted as the cost of the route. and if so.1. It displays the following information: • destination IP addresses • destination netmask • gateway address • cost .AT-RG 600 Residential Gateway – Software Reference Manual 99 ---------------------------------------------------------------------- IP LIST INTERFACES Syntax IP LIST INTERFACES Description This command lists information about IP interfaces that were added using the ip add interface command. • timeout .168. • source interface . The name of the attached virtual interface is displayed in the Transport column in square brackets. The following information is displayed: • interface ID numbers • interface names • IP addresses (if previously specified) • DHCP status • Whether a transport is attached to the interface.the number of seconds that this RIP route will remain in the routing table unless updated by RIP. the name of the transport • Whether a virtual interface is attached to a real interface. for example [ip2] Example --> ip list interfaces IP Interfaces: ID | Name | IP Address | DHCP | Transport -----|--------------|------------------|----------|--------------1 | ppp_device | 192.1 | disabled | default -----------------------------------------------------------------See also IP SHOW INTERFACE IP SET INTERFACE DHCP IP LIST RIPROUTES Syntax IP LIST RIPROUTES Description This command lists information about the routes that have been obtained from RIP.2 | disabled | pppoe1 2 | ip0 | 192.168.

100 Chapter 4 – IP IP RIP routes: Destination | Mask | Gateway | Cost | Time | Source ---------------|---------------|-----------------|------|------|------192.168.10.10. It displays the following information: • route ID numbers • route names • destination IP addresses (if previously specified) • destination netmask address (if previously specified) • Either the gateway address or the name of the destination interface (whichever is set) Example --> ip list routes IP routes: ID | Name | Destination | Netmask | Gateway/Interface -----|----------|------------------|------------------|----------------2 | route2 | 192.50 | 255. displayed in the IPv4 Default Value N/A .168.101.68 ----------------------------------------------------------------------See also IP SHOW ROUTE IP PING Syntax IP PING <dest-ip> Description This command pings a specified destination IP address.50.0 | 10.10 | 1 | 3000 | ip2 ----------------------------------------------------------------------See also IP SET RIP HOSTROUTES IP SET INTERFACE RIP ACCEPT IP SET INTERFACE RIP SEND IP LIST ROUTES Syntax IP LIST ROUTES Description This command lists information about existing routes.255.3 | 255.102.255.168. Option dest-ip Description The IP address of the destination machine that you want to ping.168.255.255.0 | 192.255.1 | 255. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).68.0 | ip1 1 | route1 | 192.255.

use the IP LIST INTERFACES command.AT-RG 600 Residential Gateway – Software Reference Manual 101 format (192. use the IP LIST INTERFACES command. Option name Description A name that identifies an existing IP interface.3 ip: ping .3) Example --> ip ping 192.168. which can be specified with this command. and a default value (if applicable).reply received from 192.168.no reply received. A number that identifies an existing IP interface. To display interface names. IP SET INTERFACE IPADDRESS Syntax IP SET INTERFACE {<name>|<number>} IPADDRESS <ipaddress> [<netmask>] Description This command sets the IP address for an existing IP interface. The interface does not use DHCP client configuration information.168. Options The following table gives the range of values for each option. Default Value N/A number N/A enabled disabled disabled Example --> ip set interface ip2 dhcp enabled See also IP SET INTERFACE IPADDRESS IP SET INTERFACE MTU IP LIST INTERFACES For information on setting DHCP client configuration options. To display interface numbers. The number appears in the first column under the heading ID.102.3 If ping was unsuccessful.102. IP SET INTERFACE DHCP Syntax IP SET INTERFACE {<name>|<number>} DHCP {ENABLED|DISABLED} Description This command specifies whether a named interface should obtain its configuration via DHCP. the following output is displayed: ip: ping . . see DHCP Client CLI commands. The interface obtains its configuration information from DHCP client.102.

the IP address parameter is used to specify the router-id of the interface. This value is used when the interface address is obtained automatically.0 See also IP SET INTERFACE MTU IP SET INTERFACE DHCP IP LIST INTERFACES IP SET INTERFACE MTU Syntax IP SET INTERFACE {<name>|<number>} MTU <mtu> Description This command sets the MTU (Maximum Transmission Unit) for an existing IP interface.0) The special value 255. The router-id should be the same as the IP address of one of the router's numbered interfaces.255.g. and a default value (if applicable). and setting netmask to 255.0 netmask If no netmask is supplied.255. the interface is marked as unconfigured.0. To display interface names. 192.255.3) If the IP address is set to the special value 0.102. Example --> ip set interface ip4 ipaddress 192. The IP address of the interface displayed in the following IPv4 format (e.255.0.255.0.255 is used to indicate an unnumbered interface. the natural mask of the IP address is used.0.g. 255.255.168. which can be specified with this command. For unnumbered interfaces. use the IP LIST INTERFACES command. Option name Description A name that identifies an existing IP interface. . An unnumbered interface is configured by setting the IP address to the interface's router-id value.0. To display interface numbers.168.3 255. A number that identifies an existing IP interface.255. The netmask of the interface displayed in the IPv4 format (e. Options The following table gives the range of values for each option.102.102 Chapter 4 – IP Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The number appears in the first column under the heading ID.255. use the IP LIST INTERFACES command. Default Value N/A number N/A ip address 0.255.

use the IP LIST INTERFACES command. Default Value N/A number N/A mtu 1500 Example --> ip set interface ip2 mtu 800 See also IP SET INTERFACE IPADDRESS IP SET INTERFACE DHCP IP LIST INTERFACES IP SET INTERFACE NETMASK Syntax IP SET INTERFACE {<name>|<number>} netmask Description This command sets the netmask for an existing IP interface. For example. To display interface numbers. use the IP LIST INTERFACES command. Ethernet and most other transports support an MTU of 1500 bytes. whereas PPPoE supports an MTU of 1492 bytes. To display interface numbers. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 103 Option name Description A name that identifies an existing IP interface. use the IP LIST INTERFACES command. Default Value N/A number N/A . Option name Description A name that identifies an existing IP interface. To display interface names. The number appears in the first column under the heading ID. The number appears in the first column under the heading ID. The MTU should be set to a value appropriate for the transport attached to the interface (typically from 576 to 1500 bytes). To display interface names. use the IP LIST INTERFACES command A number that identifies an existing IP interface. A number that identifies an existing IP interface. Maximum Transmission Unit: maximum packet size (in bytes) that an interface can handle.

The interface accepts RIP version 1 (RFC1058) and RIP version 2 (RFC1723) messages. and setting netmask to 255. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).255.255 is used to indicate an unnumbered interface. use the IP LIST INTERFACE command. You can specify what version of RIP messages are accepted by the interface.0 See also IP SET INTERFACE IPADDRESS IP LIST INTERFACES IP SET INTERFACE RIP ACCEPT Syntax IP SET INTERFACE {<name>|<number>} RIP ACCEPT {NONE|V1|V2|ALL} Description This command specifies whether or not an existing interface accepts RIP messages.255. use the IP LIST INTERFACES command. N/A Example --> ip set interface ip6 netmask 255.255.255.0) The special value 255.g. An unnumbered interface is configured by setting the IP address to the interface’s router-id value.255.255. The interface only accepts RIP version 1 messages (RFC1058).104 Chapter 4 – IP netmask The netmask of the interface displayed in the IPv4 format (e. The interface only accepts RIP version 2 messages (RFC1723). 255.255. none Default Value N/A number N/A NONE V1 V2 ALL Example --> ip set interface ip3 rip accept none See also IP SET INTERFACE RIP SEND IP SET INTERFACE RIP MULTICAST . Option name Description A name that identifies an existing IP interface. The number appears in the first column under the heading ID. A number that identifies an existing IP interface. To display interface numbers. The interface does not accept RIP messages. the IP stack tries to use the information it has available to determine the appropriate subnet mask for the addresses received.255. When receiving RIP v1 messages.255. To display interface names.

A number that identifies an existing IP interface. Allows RIP version 2 messages to be sent via multicast. Messages are sent via broadcast instead. To display interface names. The number appears in the first column under the heading ID. disabled Default Value N/A number N/A ENABLED DISABLED Example --> ip set interface ip1 rip multicast enabled See also IP LIST INTERFACES IP SET INTERFACE RIP SEND IP SET INTERFACE RIP SEND Syntax IP SET INTERFACE {<name>|<number>} RIP SEND {NONE|V1|V2|ALL} . If this command is disabled. Disables RIP version 2 messages being sent via multicast. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). You need to set RIP to send v2 messages using the IP SET INTERFACE RIP SEND command in order for the IP SET INTERFACE RIP MULTICAST ENABLED command to send version 2 messages via multicast. To display interface numbers. use the IP LIST INTERFACES command. Option name Description A name that identifies an existing IP interface. RIP version 2 messages are sent via broadcast and are received by all the hosts on the network. RIP version 2 messages sent via multicast are only received by the hosts on the network that are configured to listen to the RIP v2 multicast address. use the IP LIST INTERFACES command.AT-RG 600 Residential Gateway – Software Reference Manual 105 IP SET RIP HOSTROUTES IP SET RIP POISON IP SHOW IP LIST INTERFACES IP SET INTERFACE RIP MULTICAST Syntax IP SET INTERFACE {<name>|<number>} RIP MULTICAST {ENABLED | DISABLED} Description This command allows you to enable/disable whether RIP version 2 messages are sent via multicast.

To display interface numbers. A number that identifies an existing IP interface. RIP version 1 does not allow specification of subnet masks. Options The following table gives the range of values for each option. Option name Description A name that identifies an existing IP interface. If set. When TCP MSS Clamp is enabled on an interface.106 Chapter 4 – IP Description This command specifies whether or not an existing interface can send RIP messages. If a TCP SYN (synchronize/start) segment is sent with a maximum segment size larger than . To display interface names. use the IP LIST INTERFACES command. The interface does not accept RIP messages. The interface sends RIP version 1 (RFC1058) and RIP version 2 (RFC1723) messages. Default Value N/A number N/A NONE RIP SEND V1 none RIP SEND V2 RIP SEND ALL Example --> ip set interface ip1 rip send v1 See also IP SET INTERFACE RIP ACCEPT IP SET RIP HOSTROUTES IP SET RIP POISON IP SHOW IP LIST INTERFACES IP SET INTERFACE TCPMSSCLAMP Syntax IP SET INTERFACE <name> TCPMSSCLAMP {ENABLED|DISABLED} Description This command enables/disables TCP MSS (Maximum Segment Size) Clamp functionality on an existing IP interface. RIP version 2 is used on all non-loopback interfaces. all TCP traffic routed through that interface will be examined. use the IP LIST INTERFACES command. The interface only sends RIP version 1 messages (RFC1058) The interface only sends RIP version 2 messages (RFC1723). and treating it as a route to the whole network may be the best way to make use of the information. a RIP version 1 route that appears to be to an individual host might in fact be to a subnet. The number appears in the first column under the heading ID. which can be specified with this command. and a default value (if applicable). Routing information is broadcast every 30 seconds or when the RIP routing table is changed. You can specify which version of RIP messages will broadcast routing information on the interface.

The IP stack will not examine or modify TCP traffic routed through this interface.AT-RG 600 Residential Gateway – Software Reference Manual 107 the interface MTU (Maximum Transmission Unit). TCP SYN segments routed through this interface will be examined and. To display interface names. Option ENABLED Description Enables RIP to advertise a default route with the cost metric set using the IP SET RIP DEFAULTROUTECOST command. You must enable default advertising before you create the default route. Option name Description A name that identifies an existing IP interface. the route will also be added to those advertised by the RIP protocol. modified. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Disables advertisement of a default route. if necessary. Default Value N/A ENABLED disabled DISABLED Example --> ip set interface ip2 tcpmssclamp enabled See also IP SET INTERFACE MTU IP SHOW IP SET RIP ADVERTISEDEFAULT Syntax IP SET RIP ADVERTISEDEFAULT {ENABLED | DISABLED} Description This command enables/disables the advertising of a default route via RIP. The cost associated with the route is the value set using the IP SET RIP DEFAULTROUTECOST command. then create a default route using the IP ADD DEFAULTROUTE commands. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). If you set this to enabled. use the IP LIST INTERFACES command. the MSS option will be rewritten in order to allow TCP traffic to pass through the interface without requiring fragmentation. Default Value disabled DISABLED Example --> ip set rip advertisedefault enabled See also IP ADD DEFAULTROUTE GATEWAY .

Packets with no authentication or the wrong password are rejected.108 Chapter 4 – IP IP ADD DEFAULTROUTE INTERFACE IP SET RIP DEFAULTROUTECOST IP SET RIP AUTHENTICATION Syntax IP SET RIP AUTHENTICATION {ENABLED | DISABLED} Description This command enables/disables RIP v2 plain text authentication. which can be specified with this command. Packets with no authentication or the wrong password will be rejected. Option Description Accepts RIP v2 packets that contain an authentication entry with the correct password string. Rejects RIP v2 packets containing an authentication entry. RIP v2 packets will only be accepted if they contain an authentication entry with the correct password string. a plain text authentication string is placed in RIP v2 packets. Default Value ENABLED disabled DISABLED Example --> ip set rip authentication enabled See also IP SET RIP PASSWORD IP SHOW IP SET RIP DEFAULTROUTECOST Syntax IP SET RIP DEFAULTROUTECOST <cost> Description This command sets the number of hops counted as the cost of a default route advertised via RIP. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The cost value can be any positive integer between 1 and 15. Option cost Description The number of hops counted as the cost of the default route. use the IP SET RIP PASSWORD command. If enabled. Default Value 1 . and a default value (if applicable). Options The following table gives the range of values for each option. To set an authentication password.

AT-RG 600 Residential Gateway – Software Reference Manual 109 Example --> ip set rip defaultroutecost 10 See also IP ADD DEFAULTROUTE GATEWAY IP ADD DEFAULTROUTE INTERFACE IP SET RIP ADVERTISEDEFAULT IP SET RIP HOSTROUTES Syntax IP SET RIP HOSTROUTES {ENABLED | DISABLED} Description Specifies whether IP interfaces will accept RIP routes to specific routes. Options The following table gives the range of values for each option. RIP version 2 routes to individual hosts are ignored. and treating it as a route to the whole network may be the best way to make use of the information. disabled Default Value DISABLED Example --> ip set rip hostroutes enabled See also IP SET INTERFACE RIP ACCEPT IP SET INTERFACE RIP SEND IP SHOW IP SET RIP PASSWORD Syntax IP SET RIP PASSWORD <password> Description This command sets an authentication string that is placed in RIP v2 packets if ip set rip authentication is enabled. use the IP SHOW command. RIP version 1 routes to individual hosts are treated as routes to the network containing the host. To display the current state of rip hostroutes. and a default value (if applicable). a RIP version 1 route that appears to be to an individual host might in fact be to a subnet. . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). RIP version 1 does not allow specification of subnet masks. Sets the hostroutes flag to off. The interface accepts RIP routes to specific hosts. which can be specified with this command. Option ENABLED Description Sets the hostroutes flag to on.

This process results in a quicker updating of other hosts routing tables. the AT-RG613. Option Description Sets the poisoned reverse flag to on. and let other hosts eventually age them out. Sets the poisoned reverse flag to off. ATRG623 and AT-RG656 performs poisoned reverse as defined in RFC 1058. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). AT-RG623 and AT-RG656 TCP/IP performs poisoned reverse as defined in RFC 1058. use the IP SHOW command. The ATRG613. if those routes are no longer accessible for some reason. Default Value ENABLED disabled DISABLED Example --> ip set rip poison enabled See also IP SET INTERFACE RIP ACCEPT IP SET INTERFACE RIP SEND IP SET RIP HOSTROUTES IP SHOW IP SET ROUTE COST Syntax IP SET ROUTE {<name>|<number>} COST <cost> . The alternative is to simply not advertise the inaccessible routes. If this flag is on. with metric set to 16. The password is a string of 0 to 16 characters. Hosts receiving these advertisements will then mark these routes as unusable. the effect of Poison Reverse is to specifically advertise routes. In short.110 Chapter 4 – IP Option Description An authentication password used by RIP v2 packets if ip set rip authentication is enabled. though. To display the current state of the poisoned reverse flag. see that RFC for discussion of the details. Default Value password N/A Example --> ip set rip password vancouver See also IP SET RIP AUTHENTICATION IP SHOW IP SET RIP POISON Syntax IP SET RIP POISON {ENABLED | DISABLED} Description Enables or disables the poisoned reverse flag.

which can be specified with this command. and a default value (if applicable). use the IP LIST ROUTES command. The number of hops counted as the cost of the route. The number appears in the first column under the heading ID. To display route numbers. Option name Description A name that identifies an existing route. The number appears in the first column under the heading ID. Options The following table gives the range of values for each option. A number that identifies an existing route. This may affect the choice of route when the route is competing with routes acquired from RIP. The cost value can be any positive integer. A number that identifies an existing route. The IP address of the destination network Default Value N/A number N/A dest-network N/A . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the IP LIST ROUTES command. (Using a mixture of RIP and static routing is not advised). Option name Description A name that identifies an existing route. To display route names. use the IP LIST ROUTES command. Default Value N/A number N/A cost 1 Example --> ip set route route1 cost 3 See also IP ADD ROUTE IP SET ROUTE DESTINATION IP SET ROUTE GATEWAY IP LIST ROUTES IP SET ROUTE DESTINATION Syntax IP SET ROUTE {<name>|<number>} DESTINATION <dest-network> <netmask> Description This command sets the destination network address of a route previously created using the IP ADD ROUTE command. use the IP LIST ROUTES command. To display route names. To display route numbers.AT-RG 600 Residential Gateway – Software Reference Manual 111 Description This command sets the number of hops counted as the cost of the route for a route previously created using the IP ADD ROUTE command.

255. Option name Description A name that identifies an existing route.168.3 255. 192.g. If you want the route to go directly to its destination and not via a gateway.255.255.0 so that no gateway is specified.3 See also IP ADD ROUTE IP SET ROUTE DESTINATION . To display route numbers.0) N/A Example --> ip set route route1 destination 192.0 as the gateway.112 Chapter 4 – IP displayed in the IPv4 format (e.103.0. A number that identifies an existing route.102.3) netmask The destination netmask displayed in the IPv4 format (e. specify 0. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).0. The numbers appear in the first column under the heading ID. use the IP LIST ROUTES command. Default Value N/A number N/A gateway N/A Example --> ip set route route1 gateway 192.3) If you added a route directly to an interface.255.g.102. the gateway address is set by default to 0.0.255. which is the next device along the path to the destination network. To display route names. use the IP LIST ROUTES command.168.102.g.168.0. 192. displayed in the IPv4 format (e.168.0 See also IP SET ROUTE GATEWAY IP SET ROUTE COST IP LIST ROUTES IP SET ROUTE GATEWAY Syntax IP SET ROUTE {<name>|<number>} GATEWAY <gateway> Description This command sets the gateway address of a route previously created using the IP ADD ROUTE command. The IP address of the gateway.

use the IP LIST ROUTES command. Example --> ip show Global IP configuration: Host routes: true Poison reverse: false .AT-RG 600 Residential Gateway – Software Reference Manual 113 IP SET ROUTE COST IP LIST ROUTES IP SET ROUTE INTERFACE Syntax IP SET ROUTE {<name>|<number>} INTERFACE {<interface>|NONE} Description This command sets the interface used by a route previously created by the IP ADD ROUTE command. The number appears in the first column under the heading ID. This is used for routes that route via a gateway device instead of an interface. displayed in the IPv4 format (e.g.3) To display interface names. A number that identifies an existing route. If you want the existing route to route to an address via a gateway device. Default Value N/A number N/A interface N/A NONE N/A Example --> ip set route r1 interface eth1 See also IP LIST INTERFACES IP LIST ROUTES IP SHOW Syntax IP SHOW Description Shows current RIP configuration and any other information global to the router. use the IP LIST INTERFACES command. use none so that no interface is set. No interface is set. 192. To display route numbers. use the IP LIST ROUTES command. Option name Description A name that identifies an existing route. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display route names. The name of the existing interface that the ip routes through.102.168.

255.168. To display interface names.102.virtual [ip2] IP address: Netmask: MTU: DHCP: 192.255. The number appears in the first column under the heading ID.255.0 1500 disabled . use the IP LIST INTERFACES command.3 255.0 1500 disabled TCP MSS Clamp: disabled Accept Send Accept Send Multicast RIP RIP RIP RIP RIP V1: V1: V2: V2: V2: true false true false disabled --> ip show interface ip3 IP Interface: ip3 . To display interface numbers. use the IP LIST INTERFACES command.255. Option name Description A name that identifies an existing IP interface.114 Chapter 4 – IP See also IP SET RIP HOSTROUTES IP SET RIP POISON IP SHOW INTERFACE Syntax IP SHOW INTERFACE {<name>|<number>} Description This command displays the following information about a named interface: • IP address and netmask (if set) • MTU (Maximum Transmission Unit) • Status of DHCP and NAT • Status of TCP MSS Clamp • Status of RIP send and RIP accept • Status of RIP multicast Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).168.50. A number that identifies an existing IP interface.10 255. Default Value N/A number N/A Example --> ip show interface ip2 IP Interface: ip2 IP address: Netmask: MTU: DHCP: 192.

Option name Description A name that identifies an existingroute.3 Netmask: 255.108. use the IP LIST ROUTES command.AT-RG 600 Residential Gateway – Software Reference Manual 115 TCP MSS Clamp: Accept RIP V1: Send RIP V1: Accept RIP V2: Send RIP V2: Multicast RIP V2: disabled true false true false disabled See also IP SHOW IP SHOW ROUTE IP LIST INTERFACES IP SHOW ROUTE Syntax IP SHOW ROUTE {<name>|<number>} Description This command displays the following information about a named route: • Destination IP address • Netmask • Gateway IP address (if applicable) • Cost: the number of hops counted as the cost of the route • Interface name (if applicable) Options The following table gives the range of values for each option. use the IP LIST ROUTES command. Default Value N/A number N/A Example --> ip show route route3 IP route: route3 Destination: 192.168. which can be specified with this command.102.3 Cost: 1 Interface: See also IP SHOW IP LIST ROUTES . To display route numbers.255. and a default value (if applicable).0 Gateway: 192. A number that identifies an existing route.168. To display route names. The number appears in the first column under the heading ID.255.

the syntax <transport_module> is used to generically represent a transport module like PPPOE or Ethernet. see PPPoE CLI commands • For Ethernet commands.116 Chapter 5 – Transports Chapter 5 Transports This section describes the commands available on the AT-RG613. see the corresponding transport module chapter: • For PPPoE commands. AT-RG623 and AT-RG656 residential Gateway to manage the Transport module. Throughout this section. see Ethernet CLI commands . This module allows you to clear. delete. list and display information about existing transports that were created using the <transport_module> add transport commands. To carry out more detailed configuration of transports.

A number that identifies an existing transport.AT-RG 600 Residential Gateway – Software Reference Manual 117 Transports CLI commands The table below lists the Transports commands provided by the CLI: Command TRANSPORTS CLEAR TRANSPORTS DELETE TRANSPORTS LIST TRANSPORTS SHOW TRANSPORTS CLEAR Syntax TRANSPORTS CLEAR Description This command deletes all transports that were created using the <transport_module> ADD TRANSPORT command. use the TRANSPORTS LIST command. Options The following table gives the range of values for each option which can be specified with this command and a default value for each option (if applicable). To display transport names. Example --> transports clear See also TRANSPORTS DELETE TRANSPORTS DELETE Syntax TRANSPORTS DELETE {<name>|<number>} Description This command deletes a single transport that was created using the <transport_module> ADD TRANSPORT command. Option name Description A name that identifies an existing transport. To display transport numbers. Default Value N/A number N/A Example --> transports delete eth1 See also TRANSPORTS CLEAR TRANSPORTS LIST . use the TRANSPORTS LIST command.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value N/A number N/A Example --> transports show default Ethernet Status Service Creator Description Ethernet Vlan : CLI : default : default . use the TRANSPORTS LIST command. To display transport names. A number that identifies an existing transport. To display transport numbers. use the TRANSPORTS LIST command.118 Chapter 5 – Transports TRANSPORTS LIST Syntax TRANSPORTS LIST Description This command lists all currently existing transports. It displays the following information about the transports: • transport identification number • transport name • transport type (PPP or Ethernet) • Number of transmitted/received packets for each transport Example --> transports list Services: ID | Name | Type -----|--------------|----------------------------------------------------1 | default | Ethernet | TxPkts: 142/0 RxPkts: 10625/0 2 | voip | Ethernet | TxPkts: 0/0 RxPkts: 0/0 -------------------------------------------------------------------------See also TRANSPORTS SHOW TRANSPORTS SHOW Syntax TRANSPORTS SHOW {<name>|<number>} Description This command displays detailed information about an existing transport. Option name Description A name that identifies an existing transport.

AT-RG 600 Residential Gateway – Software Reference Manual 119 If In Octets : 953676 If Out Octets : 8962 If In Errors : 0 If Out Errors : 0 Packets Sent : 142 Good Packets Received : 10726 Enabled : true Termination : Ip Interface: ip0 Ether Channel Port See also TRANSPORTS LIST : ethernet0 .

Default Value N/A . AT-RG623 and AT-RG656 residential Gateway to manage the Ethernet module Ethernet CLI commands The table below lists the Ethernet commands provided by the CLI.120 Chapter 6 – Ethernet Chapter 6 Ethernet This section describes the commands available on the AT-RG613. See VLAN SHOW command to see the VLANs currently defined in the system. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option vlanname Description A name that identifies an existing VLAN. Command ETHERNET ADD TRANSPORT ETHERNET CLEAR TRANSPORTS ETHERNET DELETE TRANSPORT ETHERNET LIST PORTS ETHERNET LIST TRANSPORTS ETHERNET SHOW TRANSPORT ETHERNET ADD TRANSPORT Syntax ETHERNET ADD TRANSPORT <vlanname> Description This command adds a named ethernet transport that will manage traffic related only to the specified VLAN.

use the ETHERNET LIST TRANSPORTS command.AT-RG 600 Residential Gateway – Software Reference Manual 121 Example --> ethernet add transport voip See also ETHERNET LIST TRANSPORTS ETHERNET LIST PORTS VLAN SHOW ETHERNET CLEAR TRANSPORTS Syntax ETHERNET CLEAR TRANSPORTS Description This command deletes all ethernet transports that were created using the ETHERNET ADD TRANSPORT command. Be very careful when using this command due to side effects.e. All the other IP interfaces will not be able to communicate externally. via a telnet connection). A number that identifies an existing Ethernet transport. Description This command deletes a single ethernet transport. use the ETHERNET LIST TRANSPORTS command. Option Description A name that identifies an existing Ethernet transport. Example --> ethernet clear transports See also ETHERNET DELETE TRANSPORT ETHERNET DELETE TRANSPORT Syntax ETHERNET DELETE TRANSPORT {<name>|<number>} Removing the transport named "default" results in system failure. To display transport names. To display transport numbers. Removing all the transports result in detaching all the IP interfaces from the VLANs and therefore the unit can not longer be reached by any IP interface (i. Default Value name N/A number N/A Example --> ethernet delete transport eth1 . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

A number that identifies an existing Ethernet transport. To display transport numbers. use the ETHERNET LIST Default Value name N/A number N/A . It displays the transport identification number and name. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Example --> ethernet list ports Valid port names: ethernet 0 ethernet 1 ETHERNET LIST TRANSPORTS Syntax ETHERNET LIST TRANSPORTS Description This command lists all ethernet transports that have been created using the ETHERNET ADD TRANSPORT command. Example --> ethernet list transports Ethernet transports: ID | Name | Port -----|-----------|-----------1 | default | ethernet0 2 | voip | ethernet1 -----------------------------See also ETHERNET LIST PORTS ETHERNET SHOW TRANSPORT Syntax ETHERNET SHOW TRANSPORT {<name>|<number>} Description This command displays the name and port used by an existing Ethernet transport. and the name of the port that it uses to transport ethernet data. To display transport names. use the ETHERNET LIST TRANSPORTS command. Option Description A name that identifies an existing Ethernet transport.122 Chapter 6 – Ethernet See also ETHERNET LIST TRANSPORTS ETHERNET LIST PORTS Syntax ETHERNET LIST PORTS Description This command lists the valid ports that can be used to transport ethernet data.

Example --> ethernet show transport default Ethernet transport: default Description: Default Port: ethernet0 See also ETHERNET LIST TRANSPORTS .AT-RG 600 Residential Gateway – Software Reference Manual 123 TRANSPORTS command.

124 Chapter 7 – Security & Firewall Chapter 7 Security & Firewall Introduction This section describes the AT-RG613. and the other interface is attached to an internal private network (intranet) that requires protection. all other traffic is rejected. which then creates another separate session to the end destination.g.. In practice most third-party proxies . This information is useful for providing a security audit trail. Application Gateway This is the traditional approach used to build a firewall. AT-RG623 and AT-RG656 built-in security facilities. where every connection between two networks is made via an application program (called a proxy) specific for that protocol. Only protocols that have specific proxies configured are allowed through the security system. The security prevents unrestricted access to the private network and protects the computer systems from attack. The security system provides a single link between the private network and the public network. a proxy is designed with a detailed knowledge of how the protocol works and what is allowed or not. and how to configure and monitor them. This approach is very CPU intensive and very restrictive. A session from the private network is terminated by the proxy. the Internet). it is also uniquely positioned to provide a single point where all traffic entering and leaving the private network can be logged and monitored. To configure these rules at least two interfaces have to be defined — one interface is attached to the public network (e. two main security technologies are recognized that are briefly explained in the following. However. Currently. The Internet is a network that allows access to vast amounts of information and potential customers. These individuals attack other users’ computer systems for entertainment and/or profit. The security system is designed to allow safe access to the Internet by enforcing a set of access rules between the various interfaces of the product. the Internet is not controlled and certain individuals use it destructively. Typically.

Stateful inspection is also referred to as dynamic packet filtering or context-based access control (CBAC). destination and service requested. using the base rule that all access from the outside (i. less demanding on hardware.AT-RG 600 Residential Gateway – Software Reference Manual 125 are transparent proxies. In this technology. • The firewall can be configured to limit internal access to the public network based on a policy setting. AT-RG623 and AT-RG656 security system implementation has the following features: • Dynamic packet filtering (stateful inspection) technology. allowing inappropriate traffic to be discarded. forming the Security System (see Figure 7). private interfaces) is allowed unless specifically denied. AT-RG623 and AT-RG656 Residential Gateway that acts as server to the other two security modules. • configure TCP/UDP ports that can be opened dynamically to allow sessions required by certain applications. The TCP state of TCP flows is also monitored. The benefit of this approach is that stateful inspection security systems are generally faster. .e. public interfaces) is denied unless specifically permitted and all access from the inside (i. whether a packet from the public Internet is returning traffic for a flow originated from the private intranet. • enable/disable binary address replacement for sessions using dynamically opened ports The AT-RG613. NAT and Firewall) • add IP interfaces to the Security System to create security interfaces that are used to configure the NAT and Firewall child modules.. and more adaptive to new Internet applications.. Security support on AT-RG6xx Residential Gateway series The Security module is the main module in the AT-RG613.e. which pass all traffic between the two sessions without regard to the data. The term stateful refers to the security system’s ability to remember the status of a flow. • The firewall will open only the required ports for the duration of a user session. For example. Stateful Inspection A more recent approach to security design uses a method called “stateful inspection”. The inspection module checks every packet passing through the security system and makes access decisions based on the source. Firewall and NAT. • Application of dynamic filtering to traffic flows. an inspection module understands data in packets from the network layer (IP headers) up to the application layer. The Security module makes it possible to: • enable/disable all modules in the Security System (including the child modules.

Security Interfaces On the AT-RG613.126 Chapter 7 – Security & Firewall Security module Firewall module NAT module Figure 7. • A DMZ (demilitarized zone) is an IP interface serving a small network that acts as a neutral zone between the inside network and the outside network. . There may be some restriction at external access to the DMZ. Only one external security interface and one DMZ security interface can be defined. • The External interface is an IP interface that is attached to a network. an interface attached to a private LAN is an internal interface. Security modules on AT-RG6xx Residential Gateway series. AT-RG623 and AT-RG656 it is possible to define three type of security interfaces interfaces : Internal. containing hosts that may pose a security threat to hosts on the internal interfaces. A DMZ is a portion of the local network that is almost completely open to the external network. use the SECURITY LIST INTERFACES command. For example. To show the security interfaces currently defined. for example the Internet. but much less than the restriction of access to the internal To define an existing IP interface as a security interface use the SECURITY ADD INTERFACE command. External and DMZ (see Figure 8) • An Internal interface is an IP interface that is attached to a network that needs to be protected from the network attached to the External interface.

triggers handle the situation dynamically. Security interfaces on AT-RG6xx Residential Gateway series. AT-RG613. The Dynamic port opening feature solves a typical security problem related to Internet applications that require secondary ports to be open in order for a session to operate. The Primary port number refers to the TCP/UDP port number to which the primary (starting) session of the application is established. Dynamic Port Opening and Triggers Dynamic Port Opening is a companion feature to the filtering rules. Rather than allowing a range of port numbers. The user configures the Residential Gateway with a list of primary port numbers for the applications that they want to handle using the SECURITY ADD TRIGGER command and uses the startport and endport fields to specify the range of primary port number(s). the greater the security risk. (although the payload does need to be read when using NAT if address replacement has to be performed). For example. it creates an entry in a table of currently open primary . Every time the router detects that an outgoing session has been established to one of these primary port numbers. The more ports that are open.AT-RG 600 Residential Gateway – Software Reference Manual 127 External Network external interface Internal Network DMZ Network DMZ interface internal interface internal interface Internal Network internal interface Internal Network Figure 8. but FTP uses port 20 as a secondary port for the data transfer process. an FTP control session operates on port 21. So. the “Dynamic Port Opening” service makes it possible to designate certain secondary ports that will only be opened when there is an active session on their associated primary port. AT-RG623 and AT-RG656 use triggers to tell to the security mechanism to expect these secondary sessions and how to handle them. allowing the secondary sessions only when appropriate. The trigger mechanism works without having to understand the application protocol or reading the payload of the packet. Dynamic Port Opening makes use of triggers in the following way.

In the case of UDP. Typically.128 Chapter 7 – Security & Firewall sessions. and does not have to be configured by the user. So. TCP sessions might be terminated without a proper close-down (for example. This mechanism enables the router to allow in only those incoming secondary sessions that should be allowed in. the probe packet is a TCP SYN packet. the source and destination addresses of the packet are compared against the entries in the table of currently open primary sessions. the packet is discarded. Also. the router runs through the list of matching sessions. If a local host is not found. If a dynamic port opening definition is being configured for such an application. If there has been no activity (no exchange of packets) on the secondary session for the specified period of time. there needs to be a criterion for deciding when to remove a session in these cases. Session Chaining There are some applications (Netmeeting is the most well-known of these) in which the secondary sessions may. FIN/ACK packets) and stop passing packets for that session. This process is known as session chaining. In the case of TCP. spawn their own secondary sessions. the session is closed (ie the router will no longer forward any packets for that session). if an incoming session-establishment packet arrives at the router. Although FTP is given as an example of a protocol that requires dynamic port opening. If the port probing process does find a local host that was expecting the incoming session. as described above. then the packet is discarded. because FTP is such a very common application. If there are one or more matches. . the packet is just a small UDP packet. then the router carries out a port-probing process. UDP sessions do not have a specific close-down process. then the user needs to configure this definition to have session chaining on. If there are no matches. then the session is established. the dynamic port opening for FTP is enabled in the software by default. The destination port number in this packet is the destination port number in the incoming packet. For each session. and can reject malicious attempts to establish incoming sessions. themselves. it will detect when a session using a secondary port is being closed (ie an exchange of FIN. it can work out whether the local host was expecting to receive an incoming session to that port number. Subsequently. it sends a packet to the private IP address in the table entry. Depending on the response that the router gets back from the probe packet. In the port-probing process. the host at one end of the session might be simply turned off). Non-Activity Timeout The dynamic port opening process opens secondary ports. However. The method that the router uses is for the user to configure an inactivity time. The table entry contains the IP addresses of the devices at each end of the session.

the following information is logged by the Firewall: • port number • sequencing information • additional flags for each connection associated with that particular internal host All inbound packets are compared against this logged information and only allowed through the Firewall if it can be determined that they are part of an existing connection. the source/destination addresses of the session will also be added to the table of currently open primary sessions. Figure 9 shows the entities involved in the firewall module and their relationships. the firewall module must be enabled using the firewall enable command.AT-RG 600 Residential Gateway – Software Reference Manual 129 In this case. Each time outbound packets are sent from an internal host to an external host. To set a trigger for a session chaining that will enable chaining of TCP sessions. because they would need to know addresses. Firewall behaviour is managed by the firewall module. TCP session chaining must be always enabled if UDP session chaining is to be used. port numbers. when secondary sessions are successfully established. use the SECURITY SET TRIGGER SESSIONCHAINING command. The firewall module offers the ablitiy to: • control what kind of Firewall activity is logged • protect the internal network using stateful firewall functionality • create policies • add validators to policies • add portfilters to to policies • enable/disable and configure Intrusion Detection Settings (IDS) In order to access firewall features. This makes it very difficult for hackers to break through the stateful Firewall. It's not possible define a UDP session chaining without previously enabling TCP session chaining. Firewall The AT-RG613. sequencing information and individual connection flags for an existing session to an internal host. To set a trigger for a session chaining that will enable chaining of UDP sessions. Disabling TCP session chaining also automatically disables UDP session chaining. AT-RG623 and AT-RG656 security system implements a stateful Firewall providing high security by blocking certain incoming traffic based on stateful information. . use the SECURITY SET TRIGGER UDPSESSIONCHAINING command.

130 Chapter 7 – Security & Firewall Policy A policy is a relationship between two security interfaces where it is possible to assign portfilter and validator rules between them. . More than one portfilter object can be added to the same policy. Portifilter A portfilter is a rule that determines how the Firewall should handle packets being transported between two security interfaces that are defined in an existing policy. The policy that the validator belongs to determines whether packets to/from the specified IP address are allowed or blocked To add a validator to an existing policy use the FIREWALL ADD VALIDATOR command. outbound. neither or both) To add a portfilter to an existing policy use the FIREWALL ADD PORTFILTER command. The rules define: • what protocol type is allowed (specified using the protocol number or the protocol name) • the range of source and destination port numbers allowed • the direction that packets are allowed to travel in (inbound. There are three different security interface combinations that Firewall policies can be created between: • the external interface and the internal interface • the external interface and the DMZ interface • the DMZ interface and the internal interface To add a policy between one of the three above interface combinations use the FIREWALL ADD POLICY command. Validator A validator is a rule that determines how the Firewall handles packets based on the source or destination IP address.

The Intrusion Detection protects the system from the following kinds of attacks: • DOS (Denial of Service) attacks . Intrusion Detection Intrusion Detection is a feature that looks for traffic patterns that correspond to certain known types of attack from suspicious hosts that attempt to damage the network or to prevent legitimate users from using it. however a legitimate host sees this as the 'real' WWW.AT-RG 600 Residential Gateway – Software Reference Manual 131 Firewall IDS policies li t policy #1 policy #2 refers to an interface combination (e.a DOS attack is an attempt by an attacker to prevent legitimate hosts from accessing a service. .IP address and traffic direction validator # Figure 9. • Web Spoofing . The attacker uses the shadow WWW to monitor the host's activities and send false data to and from the host's machine. • Port Scanning . external-internal) policy # portfilters li t portfilter #1 portfilter #2 could refer to ports and traffic direction Source/Destination could refer to transport protocol and traffic direction portfilter # validators li t validator #1 validator #2 could refer to application and traffic direction protocol refers to Source/Destination .an attacker creates a 'shadow' of the World Wide Web on their own machine.an attacker scans a system in an attempt to identify any open ports.g. Firewall module and related objects.

they are blocked by the Firewall for the time limit specified in the FIREWALL SET IDS SCANATTACKBLOCK command. an intrusion attempt is detected and the attacker is blocked by the Firewall for the time limit specified by the FIREWALL SET IDS DOSATTACKBLOCK command (default is 30 minutes). once an attacker scanning your system's ports has been identified.132 Chapter 7 – Security & Firewall Intrusion Detection works differently for each type of attack: • For DOS (Denial of Service) attacks. • For Web Spoofing attacks. packets destined for the victim of a spoofing attack are blocked by the Firewall for the time limit specified in the FIREWALL SET IDS VICTIMPROTECTION command. • For Port Scan attacks. it's possible to set three maximum parameter levels: • the maximum number of ICMP packets allowed before a flood is detected (using FIREWALL SET IDS MAXICMP command) • • the maximum number of pings allowed before an Echo Storm is detected (using FIREWALL SET IDS MAXPING command) the maximum number of unfinished TCP handshakes allowed before a flood is detected (using FIREWALL SET IDS MAXTCPOPENHANDSHAKE command) Once a maximum level is reached. .

Command SECURITY ADD INTERFACE SECURITY ADD TRIGGER TCP|UDP SECURITY ADD TRIGGER NETMEETING SECURITY CLEAR INTERFACES SECURITY CLEAR TRIGGERS SECURITY DELETE INTERFACE SECURITY DELETE TRIGGER SECURITY SECURITY LIST INTERFACES SECURITY LIST TRIGGERS SECURITY SET TRIGGER UDPSESSIONCHAINING SECURITY SET TRIGGER ADDRESSREPLACEMENT SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT SECURITY SET TRIGGER ENDPORT SECURITY SET TRIGGER MAXACTINTERVAL SECURITY SET TRIGGER MULTIHOST SECURITY SET TRIGGER SESSIONCHAINING SECURITY SET TRIGGER STARTPORT SECURITY SHOW INTERFACE SECURITY SHOW TRIGGER SECURITY STATUS SECURITY ADD INTERFACE Syntax SECURITY ADD INTERFACE <name> {EXTERNAL|INTERNAL|DMZ} Description This command adds an existing IP interface to the Security package to create a . AT-RG623 and AT-RG656 Residential Gateway to enable. Security CLI commands The table below lists the security commands provided by the CLI. configure and manage the Security module.AT-RG 600 Residential Gateway – Software Reference Manual 133 Security Command Reference This section describes the commands available on the AT-RG613.

Option name Description An arbitrary name that identifies the Default Value N/A . Option name Description A name that identifies an existing IP interface. To display interface names. they can be used in the NAT and/or Firewall configurations. Some applications. and specifies what type of interface it is depending on how it connects to the network.they have a control session port (21 for FTP) but also need to use a second port in order to transport data. see the command FIREWALL SET IDS SCANATTACKBLOCK) until the portfilters were deleted.134 Chapter 7 – Security & Firewall security interface. A trigger opens a secondary port dynamically. An interface that connects to the internal network An interface that connects to the demilitarized zone (DMZ) Default Value N/A EXTERNAL N/A N/A N/A INTERNAL DMZ Example --> security add interface ip1 internal See also IP LIST INTERFACES FIREWALL CLI COMMANDS NAT CLI COMMANDS SECURITY ADD TRIGGER TCP|UDP Syntax SECURITY ADD TRIGGER <name> {TCP|UDP} <startport> <endport> <maxactinterval> Description This command adds a trigger to the Security module. Once security interfaces have been added. A trigger allows an application to open a secondary port in order to transport packets. If you did this. and allows you to specify the length of time that it can remain inactive before it is closed. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). the ports would remain open for potential use (or misuse. such as FTP. need to open secondary ports . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). An interface that connects to the external network. Adding a trigger means that you do not have to define static portfilters to open ports for each secondary session. use the IP LIST INTERFACES command.

If a secondary port opened by a trigger has not been used for the specified time. Adds a trigger for a UDP application to the security package. TCP Adds a trigger for a TCP application to the security package. which can be specified with this command. You do not have to set the port range or maxactinterval for a Netmeeting trigger . Options The following table gives the range of values for each option. Sets the start of the trigger port range for the control session. but it cannot start with a digit. Option Description An arbitrary name that identifies the trigger. and a default value (if applicable). Sets the maximum interval time (in milliseconds) between the use of secondary port sessions. It can be made up of one or more letters or a combination of letters and digits. it is closed.AT-RG 600 Residential Gateway – Software Reference Manual 135 trigger.the CLI automatically sets this for you. N/A N/A N/A N/A UDP startport endport maxactinterval 3000 Example The following example creates an FTP (File Transfer Protocol) trigger: --> security add trigger t1 tcp 21 21 3000 See also SECURITY LIST TRIGGERS SECURITY ADD TRIGGER NETMEETING Syntax SECURITY ADD TRIGGER <name> NETMEETING Description This command allows you to add a trigger to allow Netmeeting to transport data through the security package. Default Value name N/A Example --> security add trigger t2 netmeeting See also SECURITY LIST TRIGGERS SECURITY ADD TRIGGER TCP|UDP . It can be made up of one or more letters or a combination of letters and digits. Sets the end of the trigger port range for the control session. This application opens a secondary port session. but it cannot start with a digit.

Default Value name N/A Example --> security delete interface f1 See also SECURITY CLEAR INTERFACES SECURITY LIST INTERFACES SECURITY DELETE TRIGGER Syntax SECURITY DELETE TRIGGER <name> Description This command deletes a single trigger that was added to the Security module using . Option Description A name that identifies an existing security interface. Example --> security clear triggers See also SECURITY DELETE TRIGGER SECURITY DELETE INTERFACE Syntax SECURITY DELETE INTERFACE <name> Description This command removes a single security interface that was added to the Security package using the SECURITY ADD INTERFACE command. use the SECURITY LIST INTERFACES command. Example --> security clear interfaces See also SECURITY DELETE INTERFACE SECURITY CLEAR TRIGGERS Syntax SECURITY CLEAR TRIGGERS Description This command deletes all triggers that were added to the Security module using the SECURITY ADD TRIGGER commands. To display interface names.136 Chapter 7 – Security & Firewall SECURITY CLEAR INTERFACES Syntax SECURITY CLEAR INTERFACES Description This command removes all security interfaces that were added to the Security package using the SECURITY ADD INTERFACE command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

NAT and Firewall modules). NAT and Firewall modules). Option name Description A name that identifies an existing trigger. any configuration changes made to the Security.AT-RG 600 Residential Gateway – Software Reference Manual 137 the SECURITY ADD TRIGGER commands. disabled Default Value DISABLED Example --> security enable See also FIREWALL SET SECURITYLEVEL SYSTEM CONFIG SAVE . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). NAT and Firewall). If you need to reboot the Residential Gateway but want to save the security configuration between sessions. use the SECURITY LIST TRIGGER command. use the system config save command. Disables all modules in the Security package (Security. so that you can re-enable them later in the session. You must enable the Security package if you want to use the NAT and/or Firewall modules to configure security for your system. Option ENABLED Description Enables all modules in the Security package (Security. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). NAT or Firewall modules when the package was enabled remain in the system. To display trigger names. If you disable the Security package during a session. Default Value N/A Example --> security delete trigger t2 See also SECURITY LIST TRIGGERS SECURITY CLEAR TRIGGERS SECURITY Syntax SECURITY {ENABLE | DISABLE} Description This command explicitly enables/disables all modules in the Security package (including the child modules.

internal or DMZ) Example --> security list interfaces Security Interfaces: ID | Name | Type -----|----------|---------1 | i1 | internal 2 | i2 | external 3 | i3 | dmz --------------------------See also SECURITY SHOW INTERFACE SECURITY LIST TRIGGERS Syntax SECURITY LIST TRIGGERS Description This command lists triggers that were added to the Security module using the SECURITY ADD TRIGGER command.1720 | 3000 --------------------------------------------See also SECURITY SHOW TRIGGER SECURITY SET TRIGGER UDPSESSIONCHAINING Syntax SECURITY SET TRIGGER <name> UDPSESSIONCHAINING {ENABLE | DISABLE} .138 Chapter 7 – Security & Firewall SECURITY LIST INTERFACES Syntax SECURITY LIST INTERFACES Description This command lists the following information about security interfaces that were added to the Security package using the SECURITY ADD INTERFACE command: • Interface ID number • Interface name • Interface type (external. It displays the following information about triggers: • Trigger ID number • Trigger name • Trigger transport type (TCP or UDP) • Port range • Interval Example --> security list triggers Security Triggers: ID | Name | Type | Port Range | Interval --------------------------------------------1 | tr1 | tcp | 21 .21 | 3000 2 | tr2 | tcp | 1720 .

Incoming and outgoing packets are searched in order to find any IP addresses embedded in the payload. To display trigger names. This command allows you to specify what type of address replacement is set on an trigger. This CLI command is case-sensitive. UDP session chaining can be enabled only if a TCP session chaining is already enabled on the same trigger using the security set trigger sessionchaining command. If UDP session chaining is enabled. Disables UDP session chaining on an existing trigger. Enables UDP sessionchaining on an existing trigger. Option name Description A name that identifies an existing trigger. use the SECURITY LIST TRIGGERS command. TCP session chaining is allowed if the SECURITY SET TRIGGER SESSIONCHAINING command is enabled. Any IP addresses that are found are then compared with the public and private addresses being used by NAT. TCP and UDP session chaining is allowed if the SECURITY SET TRIGGER SESSIONCHAINING command is enabled. both UDP and TCP dynamic sessions also become triggering sessions. If the addresses that have been found would have been translated by NAT (had they been . The command must be typed exactly as they appear in the syntax section on this page otherwise a syntax error message is returned. which allows multi-level session triggering. Default Value N/A ENABLED disabled DISABLED Example --> security set trigger t3 UDPsessionchaining enable See also SECURITY SET TRIGGER SESSIONCHAINING SECURITY SET TRIGGER ADDRESSREPLACEMENT Syntax SECURITY SET TRIGGER <name> ADDRESSREPLACEMENT {NONE|TCP|UDP|BOTH} Description The settings in this command are only effective if you enable address translation using the command SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT.AT-RG 600 Residential Gateway – Software Reference Manual 139 Description This command determines whether or not a UDP dynamic session can become also a triggering session. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

Sets address replacement on UDP packets for an existing trigger. Option name Description A name that identifies an existing trigger. Default Value N/A ENABLED disabled DISABLED . both or none) using the command SECURITY SET TRIGGER ADDRESSREPLACEMENT. use the SECURITY LIST TRIGGERS command. You can then set the type of address replacement (TCP. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Sets address replacement on TCP packets for an existing trigger.140 Chapter 7 – Security & Firewall in the packet header). Sets address replacement on TCP and UDP packets for an existing trigger. Enables the use of binary address replacement on an existing trigger. You can specify whether you want to carry out address replacement on TCP packets. To display trigger names. then they are translated and the original addresses in the payload are replaced by the translated addresses. none Default Value N/A UDP BOTH Example --> security set trigger t2 addressreplacement tcp See also SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT SECURITY SET TRIGGER BINARYADDRESSREPLACEMENT Syntax SECURITY SET TRIGGER <name> BINARYADDRESSREPLACEMENT {ENABLE | DISABLE} Description This command enables/disables binary address replacement on an existing trigger. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name NONE TCP Description A name that identifies an trigger. Disables the use of binary address replacement on an existing trigger. on UDP packets or on both TCP and UDP packets. use the SECURITY LIST TRIGGERS command. UDP. To display trigger names. Disables address replacement.

Default Value N/A interval N/A Example --> security set trigger t2 maxactinterval 5000 See also SECURITY LIST TRIGGERS . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value N/A N/A Example --> security set trigger t3 endport 21 See also SECURITY SET TRIGGER STARTPORT SECURITY SET TRIGGER MAXACTINTERVAL Syntax SECURITY SET TRIGGER <name> MAXACTINTERVAL <interval> Description This command sets the maximum activity interval limit on existing session entries for an existing trigger. To display trigger names. use the SECURITY LIST TRIGGERS command. it is closed. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name portnumber Description A name that identifies an existing trigger. To display trigger names. Sets the maximum interval time (in milliseconds) between the use of secondary port sessions.AT-RG 600 Residential Gateway – Software Reference Manual 141 Example --> security set trigger t5 binaryaddressreplacement enable See also SECURITY SET TRIGGER ADDRESSREPLACEMENT SECURITY LIST TRIGGERS SECURITY SET TRIGGER ENDPORT Syntax SECURITY SET TRIGGER <name> ENDPORT <portnumber> Description This command sets the end of the port number range for an existing trigger. If a secondary port opened by a trigger has not been used for the specified time. use the SECURITY LIST TRIGGERS command. Sets the end of the trigger port range. Option name Description A name that identifies an existing trigger.

Default Value N/A ENABLED disabled DISABLED Example --> security set trigger t4 sessionchaining enable See also SECURITY SET TRIGGER UDPSESSIONCHAINING . use the SECURITY LIST TRIGGERS command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Enables TCP sessionchaining on an existing trigger. which allows multi-level session triggering. To display trigger names. Option name Description A name that identifies an existing trigger. A secondary session can only be initiated to/from the same remote host. Option name Description A name that identifies an existing trigger. Default Value N/A ENABLED disabled DISABLED Example --> security set trigger t1 multihost enable See also SECURITY LIST TRIGGERS SECURITY SET TRIGGER SESSIONCHAINING Syntax SECURITY SET TRIGGER <name> SESSIONCHAINING {ENABLE | DISABLE} Description This command determines whether or not triggering sessions can be chained. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).142 Chapter 7 – Security & Firewall SECURITY SET TRIGGER MULTIHOST Syntax SECURITY SET TRIGGER <name> MULTIHOST {ENABLE | DISABLE} Description This command sets whether or not a secondary session can be initiated to/from different remote hosts or the same remote host on an existing trigger. A secondary session can be initiated to/from different remote hosts. use the SECURITY LIST TRIGGERS command. If session chaining is enabled. TCP dynamic sessions also become triggering sessions. To display trigger names. Disables all session chaining (TCP and UDP) on an existing trigger.

use the SECURITY LIST TRIGGERS command. Default Value N/A N/A Example --> security set trigger t3 startport 21 See also SECURITY SET TRIGGER ENDPORT SECURITY SHOW INTERFACE Syntax SECURITY SHOW INTERFACE <name> Description This command displays information about a single interface that was added to the Security package using the SECURITY ADD INTERFACE command. The following interface information is displayed: • Interface name • Interface type (external. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the SECURITY LIST TRIGGERS command. Sets the start of the trigger port range.AT-RG 600 Residential Gateway – Software Reference Manual 143 SECURITY SET TRIGGER STARTPORT Syntax SECURITY POLICY <name> SET TRIGGER STARTPORT <portnumber> Description This command sets the start of the port number range for an existing trigger. To display trigger names. Option name Description A name that identifies an existing trigger. internal or DMZ) Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name portnumber Description A name that identifies an existing trigger. Default Value N/A Example --> security show interface f2 Interface name: f2 Interface type: internal See also SECURITY LIST INTERFACES SECURITY SHOW TRIGGER Syntax SECURITY SHOW TRIGGER <name> . To display trigger names.

144 Chapter 7 – Security & Firewall Description This command displays information about a single trigger that was added to the Security module using the SECURITY ADD TRIGGER command. use the SECURITY LIST TRIGGERS command. Default Value N/A Example --> security show trigger t2 Security Trigger: t2 Transport Type: Starting port number: Ending port number: Allow multiple hosts: Max activity interval: Session chaining: Session chaining on UDP: Binary address replacement: Address translation type: See also SECURITY LIST TRIGGERS tcp 1000 1000 false 30000 false false false none SECURITY STATUS Syntax SECURITY STATUS Description This command displays the following information about the Security package: • Security status (enabled or disabled) • Firewall status (enabled or disabled) • Firewall security level setting (none. The following trigger information is displayed: • Trigger name • Transport type (TCP or UDP) • Start of the port range • End of the port range • Multiple host permission (true/false) • Maximum activity interval (in milliseconds) • Session chaining permission (true/false) • Session chaining on UDP permission (true/false) • Binary address replacement permission (true/false) • Address translation type (UDP. or medium) . To display trigger names. low. TCP. high. Option name Description A name that identifies an existing trigger. none or both) Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

Firewall intrusion logging disabled. NAT enabled See also SECURITY FIREWALL SET SECURITYLEVEL . Firewall security level: none. Firewall disabled.AT-RG 600 Residential Gateway – Software Reference Manual 145 • Firewall session logging (enabled or disabled) • Firewall blocking logging (enabled or disabled) • Firewall intrusion logging (enabled or disabled) • NAT status (enabled or disabled) Example --> security status Security enabled. Firewall blocking logging enabled. Firewall session logging enabled.

configure and manage the Firewall module. AT-RG623 and ATRG656 Residential Gateway to enable.146 Chapter 7 – Security & Firewall Firewall Command Reference This section describes the commands available on AT-RG613. Firewall CLI commands The table below lists the firewall commands provided by the CLI: Command FIREWALL ADD POLICY FIREWALL ADD PORTFILTER FIREWALL ADD VALIDATOR FIREWALL CLEAR POLICIES FIREWALL CLEAR PORTFILTERS FIREWALL DELETE POLICY FIREWALL DELETE PORTFILTER FIREWALL DELETE VALIDATOR FIREWALL ENABLE|DISABLE FIREWALL ENABLE|DISABLE IDS FIREWALL ENABLE|DISABLE BLOCKINGLOG FIREWALL ENABLE|DISABLE INTRUSIONLOG FIREWALL ENABLE|DISABLE SESSIONLOG FIREWALL LIST POLICIES FIREWALL LIST PORTFILTERS FIREWALL LIST PROTOCOLS FIREWALL LIST VALIDATORS FIREWALL SET IDS DOSATTACKBLOCK FIREWALL SET IDS MAXICMP FIREWALL SET IDS MAXPING FIREWALL SET IDS MAXTCPOPENHANDSHAKE FIREWALL SET IDS SCANATTACKBLOCK FIREWALL SET IDS BLACKLIST FIREWALL SET IDS VICTIMPROTECTION FIREWALL SET SECURITYLEVEL FIREWALL SHOW IDS .

it's possible to create rules for the policy using the FIREWALL ADD PORTFILTER command. the blockonly-val option is considered as the default option value. There are three types of policy that you can add to the firewall: • a policy between the external interface and the internal interface • a policy between the external interface and the DMZ interface • a policy between the DMZ interface and the internal interface A policy is the collective term for the rules that apply to incoming and outgoing traffic between two interface types. All other traffic is blocked by the Firewall. The FIREWALL ADD POLICY command controls whether traffic is blocked/allowed for all of the validators that belong to a policy. it's possible to customize the Firewall by adding specific portfilters and validators. The FIREWALL ADD VALIDATOR command allows you to block/allow traffic based on the source and/or destination IP addresses and masks. but it Default Value N/A . Option name Description An arbitrary name that identifies the policy. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 147 FIREWALL SHOW POLICY FIREWALL SHOW PORTFILTER FIREWALL SHOW VALIDATOR FIREWALL STATUS FIREWALL ADD POLICY Syntax FIREWALL ADD POLICY <name> {EXTERNAL-INTERNAL|EXTERNAL-DMZ|DMZINTERNAL} [ALLOWONLY-VAL]|[BLOCKONLY-VAL] Description This command creates a policy between two interface types. Then. It's possible to set a Firewall security level that contains default policies using the FIREWALL SET SECURITYLEVEL command. There are two options: • allow only traffic to and/or from the IP address(es) set in the FIREWALL ADD VALIDATOR command. All other traffic is allowed through the Firewall. It can be made up of one or more letters or a combination of letters and digits. Once a policy is created using the FIREWALL ADD POLICY command. If the allowonly-val or blockonly-val option is not specified. • block only traffic to and/or from the IP address(es) set in the FIREWALL ADD VALIDATOR command.

together with an application's start/end port numbers . All other traffic is allowed.ietf.org/rfc/rfc1700. A connection between the de-militarized zone (DMZ) and the internal network interface.148 Chapter 7 – Security & Firewall cannot start with a digit. Allows only traffic to and/or from the IP address(es) set in the FIREWALL ADD VALIDATOR command. depending on the type of protocol that must be managed by the portfilter: • specify the number of a non-TCP or non-UDP protocol (for more information. see http://www. N/A DMZINTERNAL ALLOWONLYVAL blockonly-val BLOCKONLYVAL Example --> firewall add policy ext-dmz external-dmz blockonly-val See also FIREWALL SET SECURITYLEVEL FIREWALL ADD PORTFILTER FIREWALL ADD VALIDATOR FIREWALL ADD PORTFILTER Syntax FIREWALL ADD PORTFILTER <name> <policyname> {PROTOCOL <number>} {INBOUND|OUTBOUND|BOTH} FIREWALL ADD PORTFILTER <name> <policyname> {TCP|UDP} <startport> <endport> {INBOUND|OUTBOUND|BOTH} FIREWALL ADD PORTFILTER <name> <policyname> {FTP|HTTP|ICMP|SMTP|TELNET} {INBOUND|OUTBOUND|BOTH} Description This command adds a portfilter to an existing firewall policy. There are three ways that a portfilter can be defined. All other traffic is blocked. A connection between the external network interface and the de-militarized zone (DMZ). Portfilters are individual rules that determine what kind of traffic (based on type of protocol or type of transport or type of application) can pass between the two interfaces specified in the FIREWALL ADD POLICY command. EXTERNALINTERNAL EXTERNALDMZ A connection between the external network interface and the internal network interface.txt) • specify TCP or UDP protocol. Blocks only traffic to and/or from the IP address(es) set in the FIREWALL ADD VALIDATOR command.

It can be made up of one or more letters or a combination of letters and digits. Inbound transport of the packets is not allowed. and allows then through. application or service from an inside interface to an outside interface. use the FIREWALL LIST POLICIES command. Default Value name N/A policyname N/A number N/A startport endport N/A N/A INBOUND N/A OUTBOUND N/A BOTH N/A Examples . Outbound transport of the packets is not allowed. The number of a non-TCP or non-UDP protocol. and so is aware of the states of UDP/TCP sessions. To display policy names.org/rfc/rfc1700. Allows inbound and outbound transport of packets of the specified protocol. The end of the port range for a TCP or UDP protocol. A name that identifies an existing firewall policy. application or service from an outside interface to an inside interface. These are provided by the Firewall as popular examples that you can use. applications or services. application or service between inside and outside interfaces. It is VERY IMPORTANT to understand that when portfilters are created for TCP or UDP.specifying a protocol <number> . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). the firewall recognizes subsequent packets in the session as belonging to an established session. Once a session has been established. You do not need to specify the portnumber . This is because this is a Stateful firewall.ietf. The start of the port range for a TCP or UDP protocol.the Firewall does this for you. Protocol numbers can be found at http://www. but it cannot start with a digit.AT-RG 600 Residential Gateway – Software Reference Manual 149 • specify one of the listed protocols.txt. Allows transport of packets of the specified protocol. Option Description An arbitrary name that identifies the portfilter. Allows transport of packets of the specified protocol. then the effect of the filter is to allow/disallow packets that are starting a UDP or TCP session.

txt). First. DNS uses UDP port 53 (see http://www. we need to create a policy: --> firewall add policy dmz-int dmz-internal Then we can add the portfilter to it: --> firewall add portfilter pf3 dmz-int smtp both See also FIREWALL LIST POLICIES See the Well Known Port Numbers section of RFC 1700 for a list of port numbers and protocols for particular services (see http://www. we need to create a policy: --> firewall add policy ext-int external-internal Then we can add the portfilter to it: --> firewall add portfilter pf2 ext-int udp 53 53 outbound .the Firewall does this for you.specifying a TCP/UDP protocol The following example allows DNS (Domain Name Service) sessions to be established in an outbound direction from the internal interface to the external interface.150 Chapter 7 – Security & Firewall The following example allows IGMP (Internet Group Management Protocol) packets inbound from the external interface to the DMZ interface.txt). IGMP is protocol number 2 (see http://www. The command allows you to specify: • the IP address(es) and netmask(s) of the IP frames that are allowed to pass the firewall or that must be blocked by the firewall . application or service The following example allows SMTP (Simple Mail Transfer Protocol) sessions to be created in both the inbound and outbound directions between the internal interface and the DMZ interface. First. we need to create a policy: --> firewall add policy ext-dmz external-dmz Then we can add the portfilter to it: --> firewall add portfilter pf1 ext-dmz protocol 2 inbound .org/rfc/rfc1700. A validator allows/blocks traffic based on the source/destination IP address and netmask.org/rfc/rfc1700.using a provided protocol. This is a popular protocol that is provided by the Firewall.ietf. You do not need to specify the portnumber . First. FIREWALL ADD VALIDATOR Syntax FIREWALL ADD VALIDATOR <name> <policyname> {INBOUND|OUTBOUND|BOTH} <ipaddress> <hostipmask> Description This command adds a validator to an existing Firewall policy.ietf.txt).ietf.org/rfc/rfc1700.

but it cannot start with a digit. All other traffic is allowed. the policy must have been previously created. specifying the IP address and direction values. Option Description An arbitrary name that identifies the portfilter. use the FIREWALL LIST POLICIES command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). In order to add validators to a Firewall policy. using the allowonly-val or blockonly-val options in the FIREWALL ADD POLICY command: allowonly-val: only traffic based on the direction setting and the IP address(es) specified in the FIREWALL ADD VALIDATOR command is allowed. Validator acts on traffic originated from and/or directed to the IP addresses defined by the ipaddress and hostipmask fields in the following directions (depending on the interfaces involved by the policy): from External to Internal from External to DMZ from DMZ to Internal Validator acts on traffic originated from and/or directed to the IP addresses defined by the ipaddress and hostipmask fields in the following directions (depending on the interfaces involved by the policy): from Internal to External from DMZ to External from Internal to DMZ Validator acts on traffic originated from and/or directed to the IP addresses defined by the ipaddress and hostipmask fields in the Default Value name N/A policyname N/A INBOUND N/A OUTBOUND N/A BOTH N/A . To display policy names. All other traffic is blocked. which defines how traffic is allowed/blocked.AT-RG 600 Residential Gateway – Software Reference Manual 151 • the direction of traffic that must be allowed/blocked Once a validator is added to a policy. blockonly-val: only traffic based on the direction and the IP address(es) specified in the FIREWALL ADD VALIDATOR command is blocked. A name that identifies an existing firewall policy. It can be made up of one or more letters or a combination of letters and digits. the same validator can be reused adding the validator to other policies.

g. . The netmask defining the range of IP addresses managed by the validator in the IPv4 format (e. use the specific IP mask 255.255.255. if the validator is to apply to a whole class-c range then use the hostipmask 255.255 FIREWALL CLEAR POLICIES Syntax FIREWALL CLEAR POLICIES Description This command deletes all existing policies from the firewall configuration.102.3 255. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The ipaddress value can represent either Source or Destination IP address.255.0.255. 192. 255.0). If the validator is to apply to just a single IP address. All other traffic is allowed.g. then a validator added to block inbound and outbound traffic from/to the IP address stated.255.255.168. Example --> firewall clear policies See also FIREWALL ADD POLICY FIREWALL DELETE POLICY FIREWALL CLEAR PORTFILTERS Syntax FIREWALL CLEAR PORTFILTERS <policyname> Description This command deletes all portfilters that were added to an existing firewall policy using the FIREWALL ADD PORTFILTER command. The address is in the IPv4 format (e.255. For example.3).102.255. a policy is created.152 Chapter 7 – Security & Firewall following directions (depending on the interfaces involved by the policy): from External to Internal and viceversa from External to DMZ and viceversa from DMZ to Internal and viceversa The IP address (or base address of the range of IP addresses) to which validator will apply.168. --> firewall add policy ext-int external-internal blockonly-val --> firewall add validator v1 ext-int both 192. Any portfilters associated with the policies are also deleted by this command.255 ipaddress N/A hostipmask N/A Example In the following example.

All portfilters associated with the policy are also deleted by this command. use the Default Value N/A policyname N/A . To display policy names. use the FIREWALL LIST PORTFILTER command. To display policy names. Default Value N/A Example --> firewall delete policy ext-dmz See also FIREWALL CLEAR POLICIES FIREWALL LIST POLICIES FIREWALL DELETE PORTFILTER Syntax FIREWALL DELETE PORTFILTER <name> <policyname> Description This command deletes a single portfilter that was added to a firewall policy using the FIREWALL ADD PORTFILTER command. To display portfilter names. use the FIREWALL LIST POLICIES command. To display policy names. Option name Description A name that identifies an existing firewall policy.AT-RG 600 Residential Gateway – Software Reference Manual 153 Option policyname Description A name that identifies an existing firewall policy. Option name Description A name that identifies an existing portfilter. A name that identifies an existing firewall policy. use the FIREWALL LIST POLICIES command. Default Value N/A Example --> firewall clear portfilters ext-int See also FIREWALL DELETE PORTFILTER FIREWALL LIST POLICIES FIREWALL DELETE POLICY Syntax FIREWALL DELETE POLICY <name> Description This command deletes a single existing policy from the firewall configuration. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

To display policy names. use the SYSTEM CONFIG SAVE command. use the FIREWALL LIST POLICIES command. Option name Description A name that identifies an existing validator. Security module must be also enabled (using the command SECURITY ENABLE) in order to use the features of the Firewall module. . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). If the system must be rebooted and the Firewall configuration must be saved between sessions. For details on setting default policy security levels on security interfaces. see the FIREWALL SET SECURITYLEVEL command. A name that identifies an existing firewall policy. Example --> firewall delete portfilter pf3 ext-int See also FIREWALL LIST POLICIES FIREWALL LIST PORTFILTERS FIREWALL CLEAR PORTFILTERS FIREWALL DELETE VALIDATOR Syntax FIREWALL DELETE VALIDATOR <name> <policyname> Description This command deletes a single validator from a named policy.154 Chapter 7 – Security & Firewall FIREWALL LIST POLICIES command. If the Firewall module is disabled during a session. When the Firewall is enabled. all IP traffic on existing security interfaces that are NOT included in a Firewall policy is blocked. To display validator names. Default Value N/A policyname N/A Example --> firewall delete validator v1 ext-int FIREWALL ENABLE|DISABLE Syntax FIREWALL {ENABLE | DISABLE} Description This command enables/disables the entire Firewall module except for the IDS portion of the module (see the command FIREWALL ENABLE|DISABLE IDS). any configuration changes made when the Firewall was enabled remain in the Firewall. so that it's possible re-enable them later in the session. use the FIREWALL LIST VALIDATORS command.

any configuration changes made when IDS was enabled remain. Default Value disable DISABLE Example --> firewall enable IDS See also FIREWALL ENABLE|DISABLE . It's not necessary to enable the Firewall module in order for the IDS to be active. Option ENABLE Description Enables the IDS portion of the Firewall module.AT-RG 600 Residential Gateway – Software Reference Manual 155 Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). This module depends on the Security module. which must be enabled before the enabling of the IDS can take effect. and can be re-enabled later in the session. Option ENABLE DISABLE Description Enables the Firewall module Disables the Firewall module. Disables the IDS portion of the Firewall module. If the IDS is disabled during a session. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value N/A N/A Example --> firewall enable See also FIREWALL ENABLE|DISABLE IDS FIREWALL SET SECURITYLEVEL SYSTEM CONFIG SAVE FIREWALL ENABLE|DISABLE IDS Syntax FIREWALL {ENABLE | DISABLE} IDS Description This command enables or disables the IDS (Intrusion Detection Service) portion of the Firewall. This module must be enabled in order to activate the settings specified in the FIREWALL IDS commands.

To display logging information. Option ENABLE DISABLE Description The intrusion log is displayed. The intrusion log is not displayed. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option ENABLE DISABLE Description The blocking log is displayed The blocking log is not displayed Default Value enable enable Example --> firewall enable blocking log See also FIREWALL ENABLE|DISABLE FIREWALL ENABLE|DISABLE INTRUSIONLOG Syntax FIREWALL {ENABLE | DISABLE} INTRUSIONLOG Description This command enables/disables whether details of attempted Firewall intrusion activity are logged.156 Chapter 7 – Security & Firewall FIREWALL ENABLE|DISABLE BLOCKINGLOG Syntax FIREWALL {ENABLE | DISABLE} BLOCKINGLOG Description This command enables/disables whether Firewall blocking activity is logged. the SYSTEM LOG feature must be enabled. Default Value disable Example --> firewall enable intrusionlog See also FIREWALL ENABLE|DISABLE BLOCKINGLOG FIREWALL ENABLE|DISABLE SESSIONLOG FIREWALL ENABLE|DISABLE SESSIONLOG Syntax FIREWALL {ENABLE | DISABLE} SESSIONLOG . the SYSTEM LOG feature must be enabled. To display logging information. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

To display logging information.---------------------See also FIREWALL SHOW POLICY FIREWALL LIST PORTFILTERS Syntax FIREWALL LIST PORTFILTERS <policyname> Description This command lists portfilters that were added to a firewall policy using the FIREWALL ADD PORTFILTER command. or no validator status was set (blockonly-val is the default setting if no status is specified).the two interface types between which a policy exists (external .true means that allowonly-val was set when the policy was created.DMZ or internal . external . Default Value enable Example --> firewall enable sessionlog See also FIREWALL ENABLE|DISABLE BLOCKINGLOG FIREWALL LIST POLICIES Syntax FIREWALL LIST POLICIES Description This command lists the following information about policies that were added to the firewall using the FIREWALL ADD POLICY command: • Policy ID number • Policy name • Interface Type 1 and Interface Type 2 . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). It displays the following information: • Portfilter ID number . False means that either blockonly-val was set. Example --> firewall list policies Firewall Policies: ID | Name | Type 1 | Type 2 | validator allow only -------------------------------------------------------1 | ext-dmz | external | dmz | true --------------------------------. Option ENABLE DISABLE Description The log of session events is displayed The log of session events is not displayed.internal. the SYSTEM LOG feature must be enabled.DMZ) • Validator Allow Only status .AT-RG 600 Residential Gateway – Software Reference Manual 157 Description This command enables/disables whether Firewall session events are logged.

g. To display policy names.25 |true |true |false |true |false 2 | pf2 | 17 | 53 .ietf. 25 for SMTP).53 |false |true |false |false |true 3 | pf1 | 2 | 0 .displays whether or not the portfilter uses a UDP protocol (true or false) Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). 53 for DNS. the port range is set to 0-0. Option policyname Description A name that identifies an existing firewall policy.displays the outbound permission setting (true or false) • Raw .org/rfc/rfc1700. FIREWALL LIST VALIDATORS Syntax FIREWALL LIST VALIDATORS <policyname> Description This command lists the following information about validators added to a policy using the FIREWALL ADD VALIDATOR command: • Validator ID number • Validator name • Direction (inbound. outbound or both) • Host IP address .displays whether or not the portfilter uses a non-TCP/UDP protocol (true or false) • TCP .txt. see http://www.port number range or specified port number • Port range used by the specified TCP or UDP protocol (e.. Default Value N/A Example --> firewall list portfilters ext-int Firewall Port Filters: ID | Name | Type | Port Range | In | Out | Raw | TCP | UDP ---------------------------------------------------------------------1 | pf3 | 6 | 25 .displays the inbound permission setting (true or false) • Out .displays whether or not the portfilter uses a TCP protocol (true or false) • UDP .158 Chapter 7 – Security & Firewall • Portfilter name • Type . • In . For non-TCP/UDP protocols.0 |true |false |true |false |false ----------------------------------------------------------------------See also FIREWALL LIST POLICIES FIREWALL SHOW PORTFILTER For a list of the port numbers and/or numbers assigned to protocols. use the FIREWALL LIST POLICIES command.

2 | 255.255. An ICMP Flood is a DOS . If a DOS attack is detected. To display policy names.255. Default Value N/A Example --> firewall list validators ext-int Firewall Host Validators: ID | Name | Direction | Host IP | Mask ------------------------------------------------------------2 | v1 | both | 192. in the Intrusion Detection Setting (IDS).168. This command allows you to specify the duration of the block.0 1 | v2 | inbound | 192. use the FIREWALL LIST POLICIES command.AT-RG 600 Residential Gateway – Software Reference Manual 159 • Host mask address Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description The length of time (in seconds) for which the firewall blocks suspicious hosts once a DOS attack attempt has been detected by the firewall. A DOS attack is an attempt by an attacker to prevent legitimate users from using a service. Default Value duration 1800 (30 minutes) FIREWALL SET IDS MAXICMP Syntax FIREWALL SET IDS MAXICMP <max> Description This command sets the maximum number of ICMP packets per second that are allowed by the Firewall before an ICMP Flood is detected.103. the duration of the block that is put in place when a DOS (Denial of Service) is detected. all hosts that seem to be causing the attack are blocked by the firewall for a set time limit.103.0 See also FIREWALL ADD VALIDATOR FIREWALL SHOW VALIDATOR FIREWALL SET IDS DOSATTACKBLOCK Syntax FIREWALL SET IDS DOSATTACKBLOCK <duration> Description This command sets.1 | 255.255. Option policyname Description A name that identifies an existing firewall policy.168.255. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

resulting in denial of service to legitimate users. Default Value N/A Example --> firewall set IDS MaxICMP 200 FIREWALL SET IDS MAXPING Syntax FIREWALL SET IDS MAXPING <max> Description This command sets the maximum number of pings per second that are allowed by firewall before an Echo Storm is detected. Echo Storm is a DOS (Denial of Service) attack. freeze or reboot. Once the maximum number of ICMP packets per second is reached. Default Value 15 Example --> firewall set IDS MaxPING 25 FIREWALL SET IDS MAXTCPOPENHANDSHAKE Syntax FIREWALL SET IDS MAXTCPOPENHANDSHAKE <max> Description This command sets the maximum number of unfinished TCP handshaking sessions per second that are allowed by firewall before a SYN Flood is detected. Option max Description The maximum number (per second) of pings that are allowed before an Echo Storm attempt is detected. When establishing normal TCP connections. three packets are exchanged: . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). SYN Flood is a DOS (Denial of Service) attack. This can cause the system to crash.160 Chapter 7 – Security & Firewall (Denial of Service) attack. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Once the maximum number of pings per second is reached. The firewall blocks the suspected attacker for the time limit specified in the FIREWALL SET IDS DOSATTACKBLOCK command. An attacker sends oversized ICMP datagrams to the system using the `ping' command. The firewall blocks the suspected attacker for the time limit specified in the FIREWALL SET IDS DOSATTACKBLOCK command. An attacker tries to flood the network with ICMP packets in order to prevent transportation of legitimate network traffic. an attempted DOS attack is detected. Option max Description The number of ICMP packets per second which is deemed to be the threshold for a ICMP flood attack. an attempted ICMP Flood is detected.

the system will ignore all incoming SYN requests and no legitimate TCP connections can be established. This CLI command is case-sensitive. If scan activity is detected. This command allows you to specify the duration of the block. The firewall detects when the system is being scanned by a suspicious host attempting to identify any open ports.AT-RG 600 Residential Gateway – Software Reference Manual 161 • A SYN (synchronize) packet is sent from the host to the network server • A SYN/ACK packet is sent from the network server to the host • An ACK (acknowledge) packet is sent from the host to the network server If the host sends unreachable source addresses in the SYN packet. The firewall blocks the suspected attacker for the time limit specified in the FIREWALL SET IDS DOSATTACKBLOCK command. Default Value 86400 (one day) . This creates a backlog queue of unacknowledged SYN/ACK packets. the command fails and the CLI displays a syntax error message. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). all hosts that are seen to be making attacks are blocked by the firewall for a set time limit. an attempted DOS attack is detected. You must type the command attributes exactly as they appear in the command description on this page. Option Description The maximum number (per second) of unfinished TCP handshaking sessions that are allowed before a SYN Flood attempt is detected. Option duration Description The length of time (in seconds) that the firewall blocks all suspicious hosts for. Default Value max 100 Example --> firewall set IDS MaxTCPopenhandshake 150 FIREWALL SET IDS SCANATTACKBLOCK Syntax FIREWALL SET IDS SCANATTACKBLOCK <duration> Description This command allows you to set. Once the maximum number of unfinished TCP handshaking sessions is reached. Once the queue is full. If you do not use the same case-sensitive syntax. the server sends the SYN/ACK packets to the unreachable addresses and keeps resending them. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). after it has detected scan activity on the Firewall. the duration of the blaock that is put in place when a scan attack is detected. in the Intrusion Detection System (IDS).

Option ENABLE DISABLE Description Enables victim protection and blocks packets destined for the victim host. All access to the shadow Web goes through the attacker's machine. The command allows you to specify the duration of the block. so the attacker can monitor all of the victim's activities and send false data to or from the victim's machine. packets destined for the victim host of a spoofing style attack are blocked. disable Default Value DISABLE CLEAR Example --> firewall set IDS blacklist enable FIREWALL SET IDS VICTIMPROTECTION Syntax FIREWALL SET IDS VICTIMPROTECTION {ENABLE <duration> | DISABLE} Description This command enables/disables the victim protection Intrusion Detection Setting (IDS). Enabling this command protects the victim from an attempted spoofing attack. Disables victim protection. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).162 Chapter 7 – Security & Firewall Example --> firewall set IDS SCANattackblock 43200 FIREWALL SET IDS BLACKLIST Syntax FIREWALL SET IDS BLACKLIST {ENABLE | DISABLE | CLEAR} Description This command sets the blacklist IDS (Intrusion Detection Setting). If victim protection is enabled. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option ENABLE Description Enables blacklisting of an external host if IDS has detected an intrusion from that host. Default Value disable . Clears blacklisting of an external host. Access to the network is denied for ten minutes. Disables blacklisting of an external host if IDS has detected an intrusion from that host. Web spoofing allows an attacker to create a `shadow' copy of the World Wide Web. Blacklisting denies an external host access to the system if IDS has detected certain types of intrusion from that host.

AT-RG 600 Residential Gateway – Software Reference Manual 163 duration The length of time (in seconds) that the firewall blocks packets destined for the victim of a spoofing style attack. The tables tell you whether a certain service can be accepted in or allowed out by a specific policy: HIGH SECURITY LEVEL Service http dns telnet smtp pop3 nntp real audio/video icmp H. The security level none blocks all IP traffic for every security interface.120 SSH External < > Internal In Out ✓ x ✓ x x x ✓ x ✓ x x x x x ✓ x x x x x x x External < > DMZ In Out ✓ ✓ ✓ x x x ✓ ✓ ✓ ✓ x x x x ✓ x x x x x x x DMZ < > Internal In Out ✓ ✓ ✓ x x x ✓ ✓ ✓ ✓ x x x x ✓ x x x x x x x Port 80 53 23 25 110 119 7070 N/A 1720 1503 22 . 600 (10 minutes) Example --> firewall set IDS victimprotection enable 800 FIREWALL SET SECURITYLEVEL Syntax FIREWALL SET SECURITYLEVEL {NONE | HIGH | MEDIUM | LOW | USERDEFINED <slevel>} Description This command allows you to set which security level is used by the Firewall. There are three types of interface connections: • Between the external interface and internal interface • Between the external interface and the de-militarized zone (DMZ) • Between the DMZ and the internal interface Selecting a security level deletes the previous security level. Once you have selected a security level. all IP traffic except the default policies specified will be blocked by the Firewall.323 T. medium and low security levels. The userdefined option allows you to select a security configuration that you have previously created. and replaces them with the newly selected level. and any policies or portfilters set. Options The following tables describes the default policies enabled in the firewall for each of the high. medium and low) that contain different security configuration information for each interface connection. You can add your own security policies using the FIREWALL ADD POLICY command. There are three default security levels (high.

providing a high level of firewall security between interfaces.164 Chapter 7 – Security & Firewall MEDIUM SECURITY LEVEL Service http dns telnet smtp pop3 nntp real audio/video icmp H.323 T. none Default Value HIGH MEDIUM LOW USERDEFINED . providing a low level of firewall security between interfaces. Your system uses the medium firewall security level. Your system uses the high firewall security level. Your system uses a security configuration that you have previously created.120 SSH Port 80 53 23 25 110 119 7070 N/A 1720 1503 22 External < > Internal In Out ✓ x ✓ x ✓ x ✓ x ✓ x ✓ x ✓ x ✓ x ✓ x ✓ x ✓ x External < > Internal In Out ✓ x ✓ ✓ ✓ x ✓ x ✓ x ✓ x ✓ x ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ External < > DMZ In Out ✓ ✓ ✓ ✓ ✓ x ✓ ✓ ✓ ✓ ✓ ✓ ✓ x ✓ x ✓ x ✓ x ✓ x External < > DMZ In Out ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ DMZ < > Internal In Out ✓ ✓ ✓ ✓ ✓ x ✓ ✓ ✓ ✓ ✓ ✓ ✓ x ✓ x ✓ x ✓ x ✓ x DMZ < > Internal In Out ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Port 80 53 23 25 110 119 7070 N/A 1720 1503 22 Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable): Option NONE Description Your system blocks all IP traffic between interfaces.120 SSH LOW SECURITY LEVEL Service http dns telnet smtp pop3 nntp real audio/video icmp H. Your system uses the low firewall security level. providing a medium level of firewall security between interfaces.323 T.

ietf. and the allow only validator status.AT-RG 600 Residential Gateway – Software Reference Manual 165 slevel The name of the security configuration level that you have previously created.org/rfc/rfc1700.txt FIREWALL SHOW IDS Syntax FIREWALL SHOW IDS Description This command displays the following information about the Firewall IDS settings: • IDS enabled status (true or false) • Blacklist status (true or false) • Use Victim Protection status (true or false) • DOS attack block duration (in seconds) • Scan attack block duration (in seconds) • Victim protection block duration (in seconds) • Maximum TCP open handshaking count allowed (per second) • Maximum ping count allowed (per second) • Maximum ICMP count allowed (per second) Example --> firewall show IDS Firewall IDS: IDS Enabled: Use Blacklist: Use Victim Protection: Dos Attack Block Duration: Scan Attack Block Duration: Victim Protection Block Duration: Max TCP Open Handshaking Count: Max PING Count: Max ICMP Count: true true true 1800 10 600 100 20 100 FIREWALL SHOW POLICY Syntax FIREWALL SHOW POLICY <name> Description This command displays information about a single policy that was added to the firewall using the FIREWALL ADD POLICY command. This command displays what these interface types are. A policy exists between two interface types that were set using the FIREWALL ADD POLICY command. see http://www. true means that allowonly-val was set when the policy . N/A Example --> firewall set securitylevel medium See also FIREWALL ADD POLICY For more information on ports assigned to protocols.

or no validator status was set (blockonly-val is the default setting if no status is specified).166 Chapter 7 – Security & Firewall was created. false means that either blockonly-val was set. Default Value N/A Example --> firewall show policy p2 Firewall Policy: ext-dmz Interface Type 1: external Interface Type 2: dmz See also FIREWALL LIST POLICIES FIREWALL SHOW PORTFILTER Syntax FIREWALL SHOW PORTFILTER <name> <policyname> Description This command displays information about a single portfilter that was added to a firewall policy using the FIREWALL POLICY ADD PORTFILTER command.g.whether the portfilter uses a UDP protocol (true or false) Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the FIREWALL LIST POLICIES command. Option name Description A name that identifies an existing firewall policy.. Option name Description A name that identifies an existing portfilter.whether the portfilter uses a TCP protocol (true or false) • UDP permission .whether the portfilter uses a non-TCP/UDP protocol (true or false) • TCP permission . The following portfilter information is displayed: • Portfilter name • Transport type used by the protocol (e. 6 for SMTP) • Start of the port range • End of the port range • Inbound permission (true or false) • Outbound permission (true or false) • Raw IP . use the FIREWALL LIST PORTFILTERS command. To display policy names. To display portfilter names. Default Value N/A . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

255. A name that identifies an existing firewall policy. To display validator names.0 .103. To display policy names.AT-RG 600 Residential Gateway – Software Reference Manual 167 policyname A name that identifies an existing firewall policy. outbound or both) • Base IP address of the range to which the validator applies • Netmask defining the range of addresses to which the validator applies Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).255. use the FIREWALL LIST VALIDATORS command.168. N/A Example --> firewall show portfilter pf3 ext-int Firewall Port Filter: pf3 Transport type: Port number start: Port number end: Inbound permission: Outbound permission: Raw IP: TCP permission: UDP permission: See also FIREWALL LIST POLICIES FIREWALL LIST PORTFILTERS 6 25 25 true true false true false FIREWALL SHOW VALIDATOR Syntax FIREWALL SHOW VALIDATOR <name> <policyname> Description This command displays information about a single validator that was added to firewall policy using the FIREWALL ADD VALIDATOR command. To display policy names. use the FIREWALL LIST POLICIES command.2 Host Mask: 255. The following validator information is displayed: • Validator name • Direction (inbound. Default Value N/A policyname N/A Example --> firewall show validator v1 Firewall Host Validator: v1 Direction: both Host IP: 192. Option name Description A name that identifies an existing validator. use the FIREWALL LIST POLICIES command.

Firewall session logging enabled. Firewall blocking logging enabled. high. low or medium) • Firewall logging status: • session logging (enabled or disabled) • • blocking logging (enabled or disabled) intrusion logging (enabled or disabled) Example --> firewall status Firewall enabled.168 Chapter 7 – Security & Firewall See also FIREWALL ADD VALIDATOR FIREWALL LIST VALIDATORS FIREWALL STATUS Syntax FIREWALL STATUS Description This command displays the following information about the Firewall: • Firewall status (enabled or disabled) • Security level setting (none. Firewall security level: medium. Firewall intrusion logging disabled. See also FIREWALL ENABLE|DISABLE FIREWALL SET SECURITYLEVEL FIREWALL ENABLE|DISABLEBLOCKINGLOG FIREWALL ENABLE|DISABLE SESSIONLOG .

. Address conservation The most common application of NAT is to make better use of the increasingly scant resource that is the public IP address.AT-RG 600 Residential Gateway – Software Reference Manual 169 Chapter 8 Network Address Translation . The reason for doing such a translation is to enable a device to appear to have one address to hosts on one side of the NATing router. However. and another address to hosts on the other side of the NATing router. it has reached the stage where there are just not enough IP addresses available to give an individual address to every Internet-connected device. there are some useful applications for this.NAT Network Address Translation NAT stands for Network Address Translation. So. As the number of people connecting to the Internet has exploded. it might seem a very strange thing to want to change the addresses inside IP packets. At first glance. briefly explained in the following. a prime purpose of NAT is to enable a whole network to access the Internet using just a single public IP address (see figure 10). In short. it is a mechanism by which the IP addresses of packets are changed as they go through a routing device.

How does NAT work? The trick to NAT is to make use of the Port fields in TCP and UDP. when reply packets come back from the Internet.0. when the packet that is trying to initiate the session arrives at the NAT device. In addition.249. So.0. it is quite easy to build in an ability to look for attacks – SYN floods.0.170 Chapter 8 – Network Address Translation . In TCP and UDP packets.NAT 10. This enables it to make .2. in order to pass them to the right internal host. Address Conservation using NAT Security The security provided by NAT is really a by-product of the address conservation purpose.0. this makes it very difficult for devices on the Internet to initiate incoming sessions to hosts on the private network.1 10. IP Spoofing etc are quite easy to recognize as packets are being examined on the way through the NAT device.0.2 AT-RG6xx 24. Pings of Death.4 Figure 10.0. This freedom to change the source port number is the central key to NAT. and has to drop it.4 Internet (Router with NAT) 10. it gets dropped. if a packet comes from the Internet that is not a reply to a packet sent from the inside. because the NAT process has to process all the packets passing through it. The fact is that NAT aims to translate the source addresses of packets originating from within the local private network. so the NAT device is free to change the source port numbers in packets. then that NAT process does not know who to forward it to. there are 4 fields that identify a particular session: The particular value of the source port number in a session is not important. So.0.3 10. they can be passed back to the hosts on the Private network as the NAT process keeps an internal table that enables it to know which replies are actually destined to which private hosts.0.

So. which would cause chaos. • If it is not found. and the source IP and source Port number in the table entry are put into the destination IP address and destination port number fields of the packet. Therefore the NAT device can intercept TCP and UDP sessions coming from Private hosts. its original source port number. • Sends the packet on out the public interface. along with the newly substituted port number (so that the original values can be restored in the reply packet when it comes). in which source and destination IP address are swapped. and changes the source port number of the packet to this substitution number • if it does not find an entry. it is very important that the NAT device is also able to change the source port number. and creates a new table entry containing the original source IP address of the packet. then it is not clear where the packet should be sent. However. then the only thing that would be different between the packets in one session and those in the other session would be the source IP addresses. which receives it • the destination port number is looked for in the table • if it is found. which sends a reply. and same destination address and same destination port number. So. it generates a new substitution port number. The host at the other end of the connection would think that all the packets were from the same session.AT-RG 600 Residential Gateway – Software Reference Manual 171 sure that every TCP or UDP session that it sends out to the Internet has a UNIQUE source port number. only the source address: If two hosts on the private LAN happened to create sessions using the same source port number. change the source addresses AND source port numbers in the packets. Changes the source port number of the packet to this substitution number. and the packet is then sent onto the private LAN. . and the newly generated substitution port number. there would be nothing to differentiate the packets. it takes the substitution port number in the table entry. • the packet goes off to the destination host. the packet is recognized as being a reply for an existing session. so that the problem described above will never happen. and store away the original IP address and port number in a table. and source and destination port number are swapped • the reply packet arrives back at the NAT device. the process that occurs is: • the NAT device receives the packet • changes the source IP address in the packets to the global IP address • looks up in its table for an entry containing the source port number and original source address of the packet • if it finds an entry. once the NAT device had changed the source IP addresses to the global IP address. and so it is dropped. Consider the problem that would occur if the NAT device was not free to change the source port number.

How can you let sessions into servers on the private LAN? Up until now.0. only one mapping is possible – so it is only possible to make one Web Server.2 . a mapping like ‘all GRE packets arriving at the public interface. So. Unfortunately. GRE. such a packet will have to be dropped – if it is not a reply to an outgoing packet. like ICMP. IPSEC.there is extra work required for the NAT device to look inside the ICMP packet. usually. etc) there are often IP addresses of the hosts inside the data section of the packet . In this way.168. servers on the private LAN can be made available for connections from external hosts. we have been looking at the situation where a host on the private LAN initiates a session to some external host. For Ping packets. be initiated by an incoming packet arriving at the public interface. there usually is not a field in the packet that can uniquely identify a communication session (and therefore. that uniquely identifies each ping – NAT can make use of this field in a similar way to the UDP/TCP port number. host unreachable. there typically just is not the flexibility with the other protocols that there is with TCP and UDP. which host on the LAN to send the replies to). In the case of ICMP. with a particular destination address. though. one FTP server. for any given port number. of course. For other ICMP information messages (port unreachable.168. a mapping can be configured such that any TCP session coming into port 80 on the public interface is forwarded to a particular host on the private LAN. etc other methods have to be used. will be sent to a particular address on the private LAN’.NAT What about protocols other than UDP and TCP? The description above involves a lot of use of port numbers.3 Incoming sessions to TCP port 80 are mapped to internal IP address 192. So. For most other IP protocols. a static mapping (probably user configured) has to be used – e. and is associating source port numbers with internal IP addresses. For other IP protocols. It has been stated above that in general. and translate these addresses as necessary. However. what about the case where an external host wants to connect a host on the Private LAN? This session will. things are a little more complicated.0. one Mail Server. Of course. and so on. etc available. you may wish to actually make it possible for incoming sessions to access certain hosts on the private LAN. This would be achieved by have two static mappings on the NAT device: Incoming sessions to TCP port 21 are mapped to internal IP address 192. OSPF. This has to be done by configuring specific static port mappings. the NAT device intercepts the packets on the way out. there is an identifier field in the packet. there is no information about which internal host to forward it to. and any TCP session coming into port 25 on the public interface is forwarded to another (or maybe the same) host on the private LAN. we see a case of allowing external access to an FTP server and a WWW server. So. the port-number fields are only present in TCP and UDP packets. In the diagram below.172 Chapter 8 – Network Address Translation .g. However. For example.

168. For outbound sessions.AT-RG 600 Residential Gateway – Software Reference Manual 173 ftp://24.x.2. External access to an FTP server NAT support on AT-RG6xx Residential Gateway series AT-RG613.x (port 21) FTP Server IP: 192.2 Figure 11.0. an address is picked from a pool by hashing the source IP address for a pool index and then hashing again for an address index.168. In order to access NAT services.x (port 80) Web Server IP: 192. For inbound . the NAT module must be enabled between a a pair of interfaces by using the NAT ENABLE command and assigning an arbitrary name to this relationship. the Security module must be already enabled using SECURITY ENABLE command. each external interface creates a Global Address Pool with a single address – the address assigned to that interface. See Security section for details regarding security interfaces. Before enabling NAT.x. AT-RG623 and AT-RG656 NAT module is designed to provide the following features: • global IP address pools • reserved mappings • application level gateways (ALGs) NAT services are available between External security interface and Internal Security interfaces.45 Internet AT-RG6xx http://24. Global IP Address Pools A Global Address Pool is a pool of addresses seen from the external network.x.0. By default.3 WAN IP 24.10.x.

If the firewall is not enabled. it is necessary to create a reserved mapping. See below for more information on reserved mappings. both internal hosts can share the same global address. Setting the port number to 65535(0xFFFF) for TCP or UDP protocols means that the mapping will apply to all port numbers for that protocol. there are 3 applications for which a specific ALG is provided: FTP. the NAT reserved mappings have been considered independently of the firewall. Reserved Mappings Reserved mapping is used to support NAT traversal. and mapping the FTP port on this address to the FTP port on Host A and the HTTP port on the global address to the HTTP port on Host B. use NAT ADD RESVMAP INTERFACE command. When the NAT receives a message. Interactions of NAT and other security features. However. . then all that is required to enable NAT to allow in TCP sessions to a certain port number is to create a reserved mapping for that particular TCP port number. NAT traversal is a mechanism that makes a service (listening port) on an internal computer accessible to external computers. NetBIOS and DNS. By choosing a particular IP address in the global address pool.174 Chapter 8 – Network Address Translation .NAT sessions to make use of the global pool. if the firewall is enabled. The most notorious of these is FTP. Reserved mappings can also be used so that different internal hosts can share a global address by mapping different ports to different hosts. NAT traversal operates by having the NAT listen for incoming messages on a selected port on its external interface. Firewall filters and reserved mappings. So far. Setting the protocol number to 255(0xFF) means that the mapping will apply to all protocols. To add a reserved mapping rule to an existing NAT relation. it uses its internal interface to forward the packet to the same port number on a selected internal computer (And any responses from the internal computer are forwarded to the requesting external computer). Host A is an FTP server and Host B is a web server. For example. Application Level Gateways (ALGs) Some applications embed address and/or port information in the payload of the packet. there is a matter of precedence to consider if reserved mapping has been created for a particular TCP port but the firewall is not configured to allow in TCP data for that port. However. it is sufficient to create a trigger with address replacement enabled. With this command it is possible set a mapping rule based on port number or protocol number. For most applications.

then if you wish to be able to access services that involve incoming secondary sessions. if NAT is enabled. incoming sessions are not allowed through by NAT either. if you have NAT enabled on the router. the firewall is also configured to allow in the traffic for which the reserve mapping is defined. care must be taken to ensure that when NAT reserved mapping are created. by default. If the secondary IP addresses are on the same subnet as the external IP address. for example. Then a global pool must be added and a reserved mapping configured. NAT and secondary IP addresses NAT services work also with secondary IP addresses. So. it will be necessary to create a dynamic port opening definition. NAT and Dynamic Port Opening The description of Dynamic Port Opening (see Security section) discussed that feature in the context of the firewall – ie the Dynamic Port Opening feature was presented as being required to allow secondary sessions in through the firewall. In this case it's necessary create a secondary IP address using IP INTERFACE ADD SECONDARYIPADDRESS command and then create a security interface based on this secondary IP interface. It should be noted that. when the firewall has been enabled.AT-RG 600 Residential Gateway – Software Reference Manual 175 In this case the blocking by the firewall will take precedence So. So. and wish for users on the LAN to be able to successfully access external RealServers. If using PPPoE encapsulation. secondary IP addresses in the global pool must be on a separate subnet. then you will need to create Dynamic Port Opening definitions for those services. even if the firewall is not enabled. . the addresses are not visible to the external network.

However. and map another external address to your internal mail server. NAT translates packets between the external addresses and the internal addresses that each address is mapped to. NAT CLI commands The table below lists the nat commands provided by the CLI: Command NAT ADD GLOBALPOOL NAT ADD RESVMAP GLOBALIP NAT ADD RESVMAP INTERFACENAME NAT CLEAR GLOBALPOOLS NAT CLEAR RESVMAPS NAT DELETE GLOBALPOOL NAT DELETE RESVMAP NAT DISABLE NAT ENABLE NAT IKETRANSLATION NAT LIST GLOBALPOOLS NAT LIST RESVMAPS NAT SHOW GLOBALPOOL NAT SHOW RESVMAP NAT STATUS NAT ADD GLOBALPOOL Syntax NAT ADD GLOBALPOOL <name> <interfacename> {INTERNAL|DMZ} <ipaddress> {SUBNETMASK <mask>|ENDADDRESS <address>} Description The nat enable command creates an IP address for the external security interface. you might want to map one external address to your internal web server. For example. you may want to use more than one external IP address. A network address pool is a range of IP addresses that is visible outside your network. if your ISP provides multiple IP addresses.NAT NAT Command Reference This section describes the commands available on AT-RG613.176 Chapter 8 – Network Address Translation . AT-RG623 and ATRG656 residential Gateway to enable. . configure and manage NAT module. This command creates a pool of external network addresses.

First. the NAT module must be enabled using the command NAT ENABLE. To display security interfaces. The name of an existing security interface (external or DMZ) created and connected to an internal interface (DMZ or internal) using the NAT ENABLE command. It can be made up of one or more letters or a combination of letters and digits. NAT is enabled between the external interface and the DMZ interface type: --> nat enable n1 extinterface dmz Then the global address pool is created. Maps the global IP addresses to hosts on the network attached to the internal interface. The last IP address in the range of addresses that make up the global address pool. but it cannot start with a digit. use the SECURITY LIST INTERFACES command. by defining IP address and netmask: . The IP address of the interfacename that is visible outside the network.AT-RG 600 Residential Gateway – Software Reference Manual 177 There are two ways to specify a range of IP addresses: • specify the interfacename IP address and a subnet mask • specify the interfacename IP address that represents the first address in the range. you can use the command NAT ADD RESVMAP. The subnet mask that defines the range of addresses in the pool. Default Value name N/A interfacename N/A INTERNAL N/A N/A N/A N/A N/A DMZ ipaddress mask endaddress Example 1 This example creates a network address pool that allows NAT to translate packets between the external interface and the DMZ interface type. Before adding a global address pool. Maps the global addresses to hosts on the network attached to the DMZ interface. Option Description An arbitrary name that identifies a global network address or pool of addresses. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). then specify the last address in the range If you want to map IP addresses to individual hosts on an internal interface.

255. by defining the start and end addresses of the pool: --> nat add globalpool gp2 extinterface internal 192.178 Chapter 8 – Network Address Translation . First NAT is enabled between the external interface and the internal interface type: --> nat enable n2 extinterface internal Then the global pool is created. Note: Before you can add a reserved mapping. you must create a NAT relationship using the command NAT ENABLE.0 Example 2 This example creates a network address pool that allows NAT to translate packets between the external interface and the internal interface type.NAT --> nat add globalpool gp1 extinterface dmz 192.168. packets received on a specific IP address can be mapped to individual hosts inside the network. To display security interfaces.103.168. which can be specified with this command. and a default value (if applicable). The name of an existing security interface (external or DMZ) created and connected to an inside interface (DMZ or internal) using the NAT ENABLE command. It can be made up of one or more letters or a combination of letters and digits.102.3 subnetmask 255. use the SECURITY LIST INTERFACES command. but it cannot start with a digit.2 endaddress 192. See NAT ADD RESVMAP. NAT translates packets between the external IP address and the individual host based on the transport information given in this command. Default Value name N/A interfacename N/A .103. Option Description An arbitrary name that identifies a reserved mapping configuration. NAT ADD RESVMAP GLOBALIP Syntax NAT ADD RESVMAP <name> GLOBALIP <interfacename> <globalip> <internalip> {TCP <portno>|UDP <portno> | ICMP | IGMP | IP| EGP| RSVP| OSPF| IPIP| ALL } Description This command maps an IP address from a global pool (created using the NAT ADD GLOBALPOOL command) to an individual IP address inside the network.168.255.50 See also NAT ENABLE NAT STATUS SECURITY LIST INTERFACES Once you have created an address pool. Options The following table gives the range of values for each option.

txt.txt and http://www.txt.org/rfc/rfc791.10.AT-RG 600 Residential Gateway – Software Reference Manual 179 globalip An external IP address that is a member of a global address pool created using the ADD GLOBALPOOL command.org/rfc/rfc2205. Exterior Gateway Protocol (EGP) packets are to be translated. The IP address of an individual host inside the network (attached to the internal or DMZ interface).txt.org/rfc/rfc919.txt.ietf. N/A internalip N/A (TCP) portno (UDP) portno N/A N/A ICMP N/A IGMP N/A IP N/A EGP N/A RSVP N/A OSPF N/A IPIP N/A ALL N/A Example --> nat add resvmap rm1 globalip extinterface 192. See http://www.ietf. See http://www. Resource Reservation Protocol (RSVP packets are to be translated.org/rfc/rfc2896.10 tcp 25 . Allows Internet hosts to participate in multicasting. See http://www. Internetwork Protocol (IP).ietf.org/rfc/rfc0792.txt. See http://www. Internet Control Message Protocol (ICMP) packets are to be translated. Open Shortest Path First (OSPF) packets are to be translated. http://www. IP-within-IP Encapsulation packets are to be translated.org/rfc/rfc1112. ICMP messages are used for out-of-band messages related to network operation or mis-operation.ietf. This protocol encapsulates an IP datagram within a datagram.68. Provides all of the Internet's data transport services.ietf.ietf.ietf.org/rfc/rfc904. This is a protocol for exchanging routing information between autonomous systems.ietf. All traffic is translated between the global IP address and the specified inside address that it is mapped to. A link-state routing protocol. Supports the reservation of resources across an IP network. See http://www. Internet Group Management Protocol (IGMP) is set as the transport type. The UDP port number that you want to use in your reserved mapping configuration. The TCP port number that you want to use in your reserved mapping configuration.68 10.168.10. See http://www.txt.org/rfc/rfc1583.

The UDP port number that you want to use in your reserved mapping configuration. See http://www.ietf. The name of an existing security interface (external or DMZ) created and connected to an inside interface (DMZ or internal) using the NAT ENABLE command.txt. The TCP port number that you want to use in your reserved mapping configuration. To display security interfaces. NAT translates packets between the external IP address and the individual host based on the transport information given in this command. Option Description An arbitrary name that identifies a reserved mapping configuration.org/rfc/rfc0792. Internet Control Message Protocol (ICMP) packets are to be translated. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). ICMP messages are used for out-of-band messages related to network operation or mis-operation. It can be made up of one or more letters or a combination of letters and digits. Note: Before you can add a reserved mapping.180 Chapter 8 – Network Address Translation . but it cannot start with a digit. The IP address of an individual host inside the network (connected to the internal or DMZ interfaces). Default Value name N/A interfacename N/A internalip N/A (TCP) portno (UDP) portno N/A N/A ICMP N/A .NAT See also NAT ENABLE NAT LIST GLOBALPOOLS NAT STATUS SECURITY LIST INTERFACES NAT ADD RESVMAP INTERFACE NAME Syntax NAT ADD RESVMAP <name> INTERFACENAME <interfacename> <internalip> {TCP <portno>|UDP <portno>|ICMP|IGMP|IP|EGP|RSVP|OSPF|IPIP|ALL} Description This command maps an external IP security interface (included in a NAT relationship created using the NAT ENABLE command) to an individual IP address inside the network. use the SECURITY LIST INTERFACES command. you create a NAT relationship using the command NAT ENABLE.

See http://www.txt.ietf. Protocol for exchanging routing information between autonomous systems. Supports the reservation of resources across an IP network. http://www.txt.ietf.txt.ietf. Allows Internet hosts to participate in multicasting.org/rfc/rfc1112.ietf.org/rfc/rfc791. IP-within-IP Encapsulation packets are to be translated. See http://www.ietf. Exterior Gateway Protocol (EGP) packets are to be translated.txt and http://www.10.txt.org/rfc/rfc919. See http://www.org/rfc/rfc2896.org/rfc/rfc2205. A link-state routing protocol.AT-RG 600 Residential Gateway – Software Reference Manual 181 IGMP Internet Group Management Protocol (IGMP) packets are to be translated. This protocol encapsulates an IP datagram within a datagram. Internetwork Protocol (IP). See http://www.ietf. All traffic is translated between the global IP address and the specified inside address that it is mapped to. See http://www.10 tcp 25 See also NAT ENABLE SECURITY LIST INTERFACES NAT CLEAR GLOBALPOOLS Syntax NAT CLEAR GLOBALPOOLS <interfacename> Description This command deletes all address pools that were added to a specific outside interface using the NAT ADD GLOBALPOOL command.10. Option interfacename Description The name of an existing security interface (external or DMZ) created and connected to Default Value N/A . Resource Reservation Protocol (RSVP packets are to be translated.ietf.txt. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Provides all of the Internet's data transport services.org/rfc/rfc904. N/A IP N/A EGP N/A RSVP N/A OSPF N/A IPIP N/A ALL N/A Example --> nat add resvmap rm1 interfacename extinterface 10. Open Shortest Path First (OSPF packets are to be translated.org/rfc/rfc1583.

To display security interfaces. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the NAT LIST GLOBALPOOLS command. Default Value N/A . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the SECURITY LIST INTERFACES command.NAT an inside interface (DMZ or internal) using the NAT ENABLE command. Example --> nat clear globalpools extinterface See also NAT ADD GLOBALPOOL SECURITY LIST INTERFACES NAT CLEAR RESVMAPS Syntax NAT CLEAR RESVMAPS <interfacename> Description This command deletes all NAT reserved mappings that were added to an outside security interface using the NAT ADD RESVMAP command. Option name Description A name that identifies an existing global IP address. Option Description The name of an existing security interface (external or DMZ) created and connected to an inside interface (DMZ or internal) using the NAT ENABLE command. To display global IP addresses.182 Chapter 8 – Network Address Translation . To display security interfaces. use the SECURITY LIST INTERFACES command. Default Value interfacename N/A Example --> nat clear resvmaps extinterface See also NAT DELETE RESVMAP SECURITY LIST INTERFACES NAT DELETE GLOBALPOOL Syntax NAT DELETE GLOBALPOOL <name> <interfacename> Description This command deletes a single address pool that was added to a specific external interface using the NAT ADD GLOBALPOOL command.

To display global IP addresses. The name of an existing security interface (external or DMZ) created and connected to an inside interface (DMZ or internal) using the NAT ENABLE command. Option name Description A name that identifies an existing global IP address. N/A Example --> nat delete globalpool gp1 extinterface See also NAT ADD GLOBALPOOL NAT LIST GLOBALPOOLS SECURITY LIST INTERFACES NAT DELETE RESVMAP Syntax NAT DELETE RESVMAP <name> <interfacename> Description This command deletes a single NAT reserved mapping that was added to an external security interface using the NAT ADD RESVMAP command. use the SECURITY LIST INTERFACES command. using the NAT ENABLE command. use the SECURITY LIST INTERFACES command. use the NAT LIST RESVMAPS command. To display security interfaces.AT-RG 600 Residential Gateway – Software Reference Manual 183 interfacename The name of an existing security interface (external or DMZ) created and connected to an inside interface (DMZ or internal) using the NAT ENABLE command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display security interfaces. NAT is disabled between the security interface and all the interfaces that belong to the chosen interface type. Default Value N/A interfacename N/A Example --> nat delete resvmap rm1 extinterface See also NAT ENABLE NAT LIST RESVMAPS SECURITY LIST INTERFACES NAT DISABLE Syntax NAT DISABLE <name> Description This command disables a NAT relationship that was previously enabled between a a security interface and another generic interface type. .

the network attached to an internal interface (inside) needs to be protected from the network attached to a DMZ (outside). but not the external interface type. To display enabled NAT objects. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value name N/A Example --> nat disable nat1 See also NAT ENABLE NAT STATUS NAT ENABLE Syntax NAT ENABLE <name> <interfacename> {INTERNAL|DMZ} Description This command enables NAT between an existing security interface and a network interface type.184 Chapter 8 – Network Address Translation . Option Description Default Value . NAT translates packets between the outside interface and the inside interface type.You must enable the Security package using the command SECURITY ENABLE if you want to use the NAT module. if interfacename is an external interface type. For example. the IP address of a host on a network attached to an inside interface is hidden from a host on a network attached to an outside interface. you can enable NAT between the interfacename and the internal or the DMZ interface type. In this way. NAT is enabled between the security interface and all the interfaces that belong to the chosen network interface type. Note .NAT Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). For example. The network attached to an inside interface needs to be protected from the network attached to an outside interface. Also. you can only enable NAT between two different interface types. Option Description The name of an existing NAT relationship created between a security interface and an interface type using the NAT ENABLE command. use the NAT STATUS command. An interface is either an inside or outside interface. The following interface combinations are the only ones that you can use: • external (outside) and internal (inside) • external (outside) and DMZ (inside) • DMZ (outside) and internal (inside) The existing security interface must be an outside interface.

Allows NAT to be enabled/disabled between the interface interfacename and all interfaces of the DMZ interface type. such as IPSec. N/A interfacename N/A INTERNAL N/A DMZ N/A Example --> nat enable nat1 extinterface internal See also NAT DISABLE NAT STATUS SECURITY LIST INTERFACES SECURITY ADD INTERFACE NAT IKETRANSLATION Syntax NAT IKETRANSLATION {COOKIES | PORTS} Description This command supports NAT IPSec traversal. Allows NAT to be enabled/disabled between the interface interfacename and all interfaces of the internal interface type. To display security interfaces. Default Value ports PORTS ports Example --> nat iketranslation cookies . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). It can be made up of one or more letters or a combination of letters and digits. IKE cookies are used to identify IKE sessions. IKE establishes a shared security policy and authenticates keys for services that require keys. It allows you to specify how Internet Key Exchange (IKE) packets are translated. The interfacename must be an external interface type. Source port will be translated for IKE packets. The name of an existing security interface (external or DMZ) that was added to the Security package using the SECURITY ADD INTERFACE command. but it cannot start with a digit. Option COOKIES Description Source port will not be translated for IKE packets. use the SECURITY LIST INTERFACES command.AT-RG 600 Residential Gateway – Software Reference Manual 185 name An arbitrary name that identifies a NAT object enabled between a security interface and an interface type.

the outside network IP address or the first address in the range of network pool addresses • Mask/End Address . . false if it was set using a range of IP addresses) • IP address .the outside subnet mask of the outside network IP address or the last address in the range of network pool addresses Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).NAT NAT LIST GLOBALPOOLS Syntax NAT LIST GLOBALPOOLS <interfacename> Description This command lists the following NAT address pool information for a specific outside interface: • Address pool identification number • Address pool name • Type of inside interface (internal or DMZ) • Subnet configuration status (true if the network pool was set using a subnet mask.186 Chapter 8 – Network Address Translation .

2 | 192. If a non-TCP/UDP protocol is used. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 187 Option Description The name of an existing security interface (external or DMZ) created and connected to an inside interface (DMZ or internal) using the NAT ENABLE command.the IP address of the outside security interface that is mapped to the inside IP address • Internal address .) • Port .TCP or UDP port used by the transport type.168.3 | 255. To display security interfaces.168. IPIP etc.the IP address inside the network that the global IP address is mapped to • Transport type (IGMP. the port is set to 0. Default Value interfacename N/A Example --> nat list globalpools extinterface NAT global address pool: ID | Name | Type | Subnet | IP address | Mask/End Address ---------------------------------------------------------------------1 | gp1 | dmz | true | 192. use the SECURITY LIST INTERFACES command.255. Option Description Default Value .103.255.102.103.50 ---------------------------------------------------------------------See also SECURITY LIST INTERFACES NAT SHOW GLOBALPOOL NAT LIST RESVMAPS Syntax NAT LIST RESVMAPS <interfacename> Description This command lists the following reserved mapping information for a specific outside security interface: • Reserved mapping identification number • Reserved mapping name • Global address .0 2 | g2 | internal | false | 192.168.

10. use the SECURITY LIST INTERFACES command.15 | 20. To display global IP addresses.103.the subnet mask used to define the global address range or the last address in the range of addresses Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the NAT LIST GLOBALPOOLS command. Option name Description A name that identifies an existing global IP address. The name of an existing security interface (external or DMZ) created and connected to an inside interface (DMZ or internal) using the NAT ENABLE command. N/A Example --> nat list resvmaps extinterface NAT reserved mappings: ID | Name | Global Address | Internal Address | Type | Port ----------------------------------------------------------------------1 | rm2 | 192. To display security interfaces.10 | tcp | 25 2 | rm1 | 192.168. Default Value N/A interfacename N/A Example --> nat show globalpool gpl extinterface NAT global address pool: gp1 .10. To display security interfaces. use the SECURITY LIST INTERFACES command.20.2 | 10.20.20 | udp | 21 ----------------------------------------------------------------------See also SECURITY LIST INTERFACES NAT SHOW GLOBALPOOL Syntax NAT SHOW GLOBALPOOL <name> <interfacename> Description This command displays information about a single network address pool that has been added to an outside interface: • Type of inside interface (internal or DMZ) • Subnet configuration status (true if the network pool was set using a subnet mask.188 Chapter 8 – Network Address Translation .168.NAT interfacename The name of an existing security interface (external or DMZ) created and connected to an inside interface (DMZ or internal) using the NAT ENABLE command.the outside network IP address or the first address in the range of addresses • Subnet Mask or End Address . false if it was set using a range of IP addresses) • IP address .103.

255.20.168.255. use the SECURITY LIST INTERFACES command.168. use the NAT LIST RESVMAPS command.20.102.3 255.0 NAT SHOW RESVMAP Syntax NAT SHOW RESVMAP <name> <interfacename> Description This command displays the following information about a single reserved mapping configuration that has been added to an outside security interface: • Global IP address • Internal IP address • Transport type • Port number Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value N/A interfacename N/A Example --> nat show resvmap rm1 extinterface NAT reserved mapping: rm1 Global IP address: Internal IP address: Transport type: Port number: See also NAT LIST RESVMAPS SECURITY LIST INTERFACES 192. The name of an existing security interface (external or DMZ) created and connected to an inside interface (DMZ or internal) using the NAT ENABLE command. Option name Description A name that identifies an existing global pool. To display global pool names.15 20. To display security interfaces.20 tcp 25 NAT STATUS Syntax NAT STATUS .AT-RG 600 Residential Gateway – Software Reference Manual 189 Interface type: Subnet configuration: IP address: Subnet mask or End Address: See also NAT LIST GLOBALPOOLS SECURITY LIST INTERFACES dmz true 192.103.

190 Chapter 8 – Network Address Translation .NAT Description This command lists the outside security interfaces and inside interface types that NAT is currently enabled between. It displays the following information: • NAT object identification number • NAT object name • Outside security interface name • Inside interface type Example --> nat status NAT enabled on: ID | Name | Interface | Type -----------------------------------------1 | n2 | ip2 | internal 2 | n1 | if1 | internal -----------------------------------------See also NAT ENABLE .

The concept of a group is crucial to multicasting. and there are all sorts of rules about who may use addresses from which address ranges. Apart from anything else the server does not know who the recipients are. Every multicast requires a multicast group. the sender (or source) transmits to the group address. In multicasting. or data) from one location to many other locations on the Internet simultaneously. like all IP addresses. Multicasting principles Group addresses A multicast stream is a stream of data whose destination address is a multicast address – ie an IP address with the first byte having a value of 224 to 240. video. It would be quite impossible for the server to have to wait for ACKs from all the recipients.AT-RG 600 Residential Gateway – Software Reference Manual 191 Chapter 9 IGMP snooping and IGMP proxy Multicasting Overview Multicasting is a technique developed to send packets from one location in the Internet to many other locations. The server simply sends out its multicast UDP packets. and only members of the group can receive the multicast data. Multicasting is the most economical technique for sending a packet stream (which could be audio. one packet is sent from a source and is replicated as needed in the network to reach as many end-users as necessary. with no idea who will be receiving them. or how many there are. A group is defined by a Class D address. Multicasting is useful because it conserves bandwidth by replicating packets as needed within the network. and remember to retransmit to those recipients from whom it does not receive ACKs. and whether they get received. The destination address used by a stream is referred to as its Group address. are a limited resource. Of course. multicasting has to be a connectionless process. thereby not transmitting unnecessary packets. These Group Addresses. without any unnecessary packet duplication. .

So. and compares these to the list of Multicast streams that it has currently registered to receive. However. with no particular knowledge of who wants to receive it. it sends a new IGMP Membership report (Join message) for that group (of course some hosts may be members of more than one group – so they will send join messages for all the groups that they are members of). the local router is generally going to be a long way from the server that is generating the stream. if any given host wishes to remain in a Multicast group. if the router is not already receiving the multicast stream from the server (probably many hops away) what does the router do next in order to ensure that the multicast stream gets to it? This is achieved by elaborate process involving multicast routing protocols like PIM. When a host wants to receive a stream (in multicast jargon. the destination address of the packet uniquely identifies the host who should receive the packet and all the routers along the path just need to look in their routing tables to work out which is the correct route to send the packet down. DVMRP. having received the IGMP join packet. However. With unicast packets. it will send a message upstream. Now.192 Chapter 9 – IGMP snooping and IGMP proxy Anyway. the IGMP leave message was added. One approach would be for every router that receives a multicast stream on one interface to just retransmit that stream out ALL its other interfaces. IGMP IGMP (Internet Group Management Protocol) is the protocol whereby hosts indicate that they are interested in receiving a particular multicast stream. that would be an inefficient use of bandwidth. the stream is simply being sent out. the router then knows that it has to forward the multicast stream onto its LAN (if it is not doing so already). this is called ‘joining a group’) it sends to its local router an IGMP packet containing the address of the group it wants to join – this is called an IGMP Membership report (sometimes called a Join packet). asking to no longer receive that stream – ie to be ‘pruned’ from the tree through which that stream is flowing. However. In that way it would be guaranteed to eventually reach every host that might be interesting in receiving it. So. a more efficient approach is needed. The purpose of this query is to ask “are there any hosts on the LAN that wish to remain members of Multicast Groups?” Hosts on the LAN receive the query. Given that the main reason for having multicasting is to make efficient use of bandwidth. So. this would not be a good approach. a server sends out its stream to a group multicast address but the way it is routed to the hosts that actually want to receive it is a very different process to routing unicast packets. In IGMP version 2. as a lot of the time the routers would sending the streams out along paths that do not contain any hosts that want to receive them. The router looks at the responses it receives to its query. This is where IGMP comes in. the . MOSPF The IGMP packet exchange proceeds as follows: At a certain period (default is 125 seconds). and where the recipients are. the router sends an IGMP query message onto the local LAN. a host can now explicitly inform its router that it wants to leave a particular multicast group. If there are any items in that list for which it has not received query responses. The destination address of the query message is a special “all multicast groups” address. in the case of multicast. So.

then it can know straight away when there are no hosts on its LAN that are still members of a given group. So. it can ask to be pruned from that tree straight away. and the router will join into the appropriate multicast trees. what will happen is that all the hosts on the LAN will start receiving the multicast packets. considering the example where only host number 1 actually requests to join a particular multicast group. although the IGMP packets are destined for the router. then they will send out IGMP joins. Multicast MAC addresses Multicast IP addresses are Class D IP addresses. This is rather a waste of bandwidth. Therefore: 230. . The solution to this problem is to make the layer-2 switch aware of the IGMP packets that are being passed around. this is not a one-to-one mapping. It is designed to solve the problem when a multicast traffic is received from a layer 2 switch due to join requests performed by hosts connected to some of the switch ports. AT-RG623 and AT-RG656 residential gateways perform at layer 2 to reduce the amount of multicast traffic on a LAN. and removes hosts from the table when it receives leave messages. which will get up to the multicast router. rather than having to wait until the next query interval.255. and it will forward them into the LAN. That is.0. For each GDA there is an associated MAC address. as well.10 corresponds to MAC 01-00-5e-0a-0a-0a Consequently. This MAC address is formed by 01-00-5e. and the multicast flows will then reach the router.10 corresponds to MAC 01-00-5e-0a-0a-0a 226.20. So. from the destination MAC address of a multicast packet.10.20. but a one-to-many mapping: 224. It is required that when an IP multicast packet is sent onto an Ethernet.255 are multicast IP addresses. all IP addresses from 224.10. If individual hosts on the LAN (ie hosts connected to ports on the switches) wish to receive multicast streams. IGMP snooping IGMP snooping is a filtering process that AT-RG613. the layer-2 switch needs to ‘snoop’ them as they go past.20 corresponds to MAC 01-00-5e-14-14-14 224. it is possible.10.0. and the purpose of multicasting is to make efficient use of bandwidth. the destination MAC address of the packet must be the MAC address that corresponds to the packet’s GDA. So.0 to 239.10. it must forward it out all its ports (except the port upon which it was received).10.10 corresponds to MAC 01-00-5e-0a-0a-0a. when a switch receives a multicast packet.AT-RG 600 Residential Gateway – Software Reference Manual 193 router keeps a table of how many hosts have joined particular groups. to know the set of values that its GDA must fall within.10. They are also referred to as Group Destination Addresses (GDA). So. as all the switches will forward the multicast packets to all their ports. followed by the last 23 bits of the GDA translated in hex. By default.255.

Note that multiple VLANs can be present in the system and therefore more than one multicast router can be present. and so will only forward the multicast data to the places where it really needs to go. IGMP snooping on AT-VP6x3 product family IGMP snooping is activated using the IGMP SNOOPING ENABLE command. let us consider two possible scenarios: • First Scenario: Host A is the first host in its Ethernet segment to join a group. The action that the RG6x3 performs after having received an IGMP report depends on the circumstances in which the packet is received. Multicast Hosts Port Discovery The system listens for unsolicited IGMP Report messages that hosts send to join a multicast group and records the port where each message has been received. The command IGMP SNOOPING SHOW reports the multicast router IP address discovered for each VLAN and the physical port where it has been detected. Host A sends an unsolicited IGMP Membership report. . In this way the Residential Gateway knows where multicast routers are located in order to forward report and leave messages only to the correct port(s). When IGMP snooping is enabled. IGMP snooping on Residential Gateway is designed in order to allow AT-RG613. The following is a description of the IGMP snooping behavior that the Residential Gateway implements at layer 2. The Residential Gateway intercepts the IGMP membership report sent Host A and creates a multicast entry for the group that host A was requesting and links this entry to the port on which it has received the report. it works separately for each VLAN. Multicast Router Port Discovery The system listens for IGMP Membership General Query packets sent to the address 01-00-5e-00-00-01 and records the port(s) where any such message has been received. It also resets a local Timeout timer to the Timeout Interval value (default 270secs). All multicast traffic as well as multicast signaling generated within a VLAN is kept within VLAN boundaries.194 Chapter 9 – IGMP snooping and IGMP proxy Then the layer-2 switch can be aware which hosts have asked to join which multicast groups. To understand this. Basically the Residential Gateway tries to construct an internal view of the multicast network based on the IGMP messages received both from multicast router(s) and multicast host(s). AT-RG623 and AT-RG656 models to work in a network environment where both multicast router(s) and multicast host(s) are present. This timer is used to refresh the local multicast membership table periodically (see later in the description).

because the Residential Gateway intercepts the reports. all hosts send a report (instead of one per group). the Residential Gateway simply adds the port to the already existing entry for that multicast group and resets the Timeout timer to the Timeout Interval. The IGMP protocol was designed in such a way that only one member of any group on any VLAN would have to respond to any given query. the IGMP Group Specific Query is also sent to all those ports. the same procedures described in the first and second scenarios are performed. If another host joins another multicast group or the same multicast group. The command IGMP SNOOPING SHOW will report only the last host joined the group and the new value of the Timeout timer. In this way the router will also receive the IGMP report and will update its multicast routing table accordingly. and if no other ports have hosts joined to the same multicast group. The Residential Gateway captures the IGMP Leave message and immediately sends an IGMP Group Specific Query on the port where it received the Leave message. If no answer is received to the Query. Host B sends an unsolicited IGMP Membership report. Immediately multicast traffic for the requested group address is forwarded only to the port where the report from Host A has been received. As a multicast entry for this group already exists. The Residential Gateway then forwards on to the router only one report per group from among all received responses. the multicast router sends IGMP queries periodically. In this way the multicast traffic the router is asked to stop sending any multicast data for that particular group. . host B. The Residential Gateway intercepts the IGMP membership report sent by Host B. then the leave messages is forwarded to the multicast router.AT-RG 600 Residential Gateway – Software Reference Manual 195 The Residential Gateway forwards the IGMP report on to the multicast router detected on the VLAN where host is attached. • Second Scenario: another host. But. on the same Ethernet segment as host A. and thus. A new Group entry will be added whenever a new group has been joined. Leaving a Group When a host wants to leave group it sends an IGMP Leave message specific for the group it wants to leave. respectively. the hosts do not see each other’s reports. Note: In order to maintain group membership. sends an IGMP report to join the same multicast group as host A. All hosts that are members of the group will answer that query. If other ports have hosts joined to the same multicast group. The Leave Time value is used in the query message to request a fast response from other hosts which may be present on the same Ethernet segment. This query is intercepted by the Residential Gateway and forwarded to all ports on the switch.

Note: If the Leave Time period is set to 0 secs (see IGMP SNOOPING SET LEAVETIME command) and only one port has hosts joined the multicast group. the Residential Gateway immediately forwards the leave message to the multicast router and removes the multicast membership record without sending any IGMP Specific Query message. with the only constraint that multicast traffic must be received only on one IP interface called the upstream interface. In this case. by default. If no answer is received. the Residential Gateway sends a leave message specific for the multicast group to the multicast router. becomes a downstream interface. the leave message is forwarded to the multicast router. IGMP proxy Independently of IGMP snooping. As noted in the previous section. IGMP proxy overrides this limitation. when a host joins a multicast group. the AT-RG613. To define the upstream IP interface use the IGMP PROXY SET UPSTREAMINTERFACE command. the Residential Gateway sends an IGMP Specific Group Query to discover if there is any host on the port that is member of a particular multicast group. the IP interface attached to the transport (VLAN) where the host is located.196 Chapter 9 – IGMP snooping and IGMP proxy Only if no answers are received on all the ports within the Leave Time period. To show the multicast groups currently registeredwith the IGMP proxy on the Residential Gateway use the IGMP PROXY SHOW STATUS command. If a host joins a multicast group but multicast traffic is received on another VLAN to which the host is not connected. multicast traffic is limited to the VLAN where it is received. It will receive all the multicast traffic related to the group that the host has joined. the multicast traffic will never reach the host. . use the IGMP SNOOPING SET LEAVETIME command. To change the Leave Time value. If more than one port has hosts joined the multicast group and Leave Time period is set to 0 secs the Residential Gateway removes the port from the multicast membership record without sending any IGMP Specific Query message and without forwarding the leave message to the multicast router. IGMP proxy is a layer-3 feature that allows multicast traffic to be routed between multiple IP interfaces. Timeout interval expiring When the Timeout Interval expires. AT-RG623 and AT-RG656 residential gateways also support IGMP proxy.

IGMP snooping CLI commands The table below lists the igmp snooping commands provided by the CLI: Command IGMP SNOOPING DISABLE IGMP SNOOPING ENABLE IGMP SNOOPING SET LEAVETIME IGMP SNOOPING SET QUERYINTERVAL IGMP SNOOPING SET TIMEOUT IGMP SNOOPING SHOW IGMP SNOOPING DISABLE Syntax IGMP SNOOPING DISABLE Description This command disables the layer. See also IGMP SNOOPING DISABLE IGMP SNOOPING SET . Default timeout values are used: leavetime queryinterval timeout 10secs 125secs 270secs Example --> igmp snooping enable. Example --> igmp snooping disable See also IGMP SNOOPING ENABLE IGMP SNOOPING ENABLE Syntax IGMP SNOOPING ENABLE Description This command enables the layer-2 IGMP snooping feature. configure and manage the IGMP snooping feature. AT-RG623 and ATRG656 Residential Gateway to enable.AT-RG 600 Residential Gateway – Software Reference Manual 197 IGMP Snooping Command Reference This section describes the commands available on AT-RG613.2 IGMP snooping feature previously enabled with the IGMP SNOOPING ENABLE command.

When IGMP snooping is enabled. by default this value is set to 10 secs. The timer controls the maximum allowed time before hosts must send a response to Query message issued by the Residential Gateway. Default Value 10 Example --> igmp snooping set leavetime 50 See also IGMP SNOOPING ENABLE IGMP SNOOPING SET QUERYINTERVAL Syntax IGMP SNOOPING SET QUERYINTERVAL <queryinterval> Description This command sets the time interval. by default this value is set to 125 secs. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). for which a group will remain .198 Chapter 9 – IGMP snooping and IGMP proxy IGMP SNOOPING SET LEAVETIME Syntax IGMP SNOOPING SET LEAVETIME <leavetime> Description This command sets the duration of the Leave Period timer for the IGMP snooping process. Valid values are from 1 to 65535. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). in seconds. Default Value 125 Example --> igmp snooping set queryinterval 110 See also IGMP SNOOPING ENABLE IGMP SNOOPING SET TIMEOUT Syntax IGMP SNOOPING SET TIMEOUT <timeout> Description This command sets the longest interval. Valid values are from 0 to 65535. at which IGMP Host Membership Queries are sent. Option leavetime Description The leavetime value expressed in seconds. Option queryinterval Description The Query Interval value expressed in seconds. When IGMP snooping is enabled. in seconds.

Timeout Interval Interface Name Multicast Router Group List Group Interval after which entries will be removed from the group database. Recognized Multicast route. The last host to advertise the membership report or query. Membership list for this VLAN. Valid values are from 1 to 65535. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 199 in the local multicast group database without the Residential Gateway receiving a Host Membership Report for this multicast group. “Multicast Filter” highlights members useful to stop Port Last Adv Refresh time Port where the member is attached. The following information are reported: Query Interval Interval at which Host Membership Queries are sent. See also IGMP SNOOPING ENABLE . by default this value is set to 270 secs. Default Value 270 Example --> igmp snooping set timeout 125 See also IGMP SNOOPING ENABLE IGMP SNOOPING SHOW Syntax IGMP SNOOPING SHOW Description This command show IGMP snooping status. The time interval (in seconds) until the membership group will be deleted. The group multicast address. Option timeout Description The timeout interval value expressed in seconds. When IGMP snooping is enabled. VLAN reference.

AT-RG623 and AT-RG656 Residential Gateway to enable. If an upstream interface has been set using the IGMP PROXY SET UPSTREAMINTERFACE command.200 Chapter 9 – IGMP snooping and IGMP proxy IGMP Proxy Command Reference This section describes the commands available on the AT-RG613. Disables IGMP proxy Default Value N/A N/A Example --> igmp proxy set upstreaminterface ip0 See also IGMP PROXY SHOW STATUS IGMP PROXY SHOW UPSTREAMINTERFACE Syntax IGMP PROXY SHOW UPSTREAMINTERFACE Description This command displays the status of the upstream interface. this command displays the current setting. and the downstream interfaces implement the Router portion of the IGMP protocol. configure and manage the IGMP proxy feature. The upstream interface implements the Host portion of the IGMP protocol. Example --> igmp proxy show upstreaminterface IGMP Proxy configuration . Option ip_interface NONE Description The name of an existing interface that you want to set as the upstreaminterface. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). all other interfaces are designated downstream interfaces. The IGMP Proxy may be disabled by setting upstream interface to none. IGMP proxy CLI commands The table below lists the IGMP PROXY commands provided by the CLI: Command IGMP PROXY SET IGMP PROXY SHOW IGMP PROXY SET UPSTREAMINTERFACE Syntax IGMP PROXY SET UPSTREAMINTERFACE {<ip_interface> | NONE} Description This command enables the residential gateway's IGMP Proxy. and sets one of the existing IP interfaces as the upstream interface.

250 --------------------------------------See also IGMP PROXY SHOW UPSTREAMINTERFACE .AT-RG 600 Residential Gateway – Software Reference Manual 201 Upstream If : ip0 See also IGMP PROXY SET UPSTREAMINTERFACE IGMP PROXY SHOW STATUS Syntax IGMP PROXY SHOW STATUS Description This command displays the following information about the status of IGMP proxy: • IGMP Proxy group membership per interface details • Interface name and querier status • Group address Example --> igmp proxy show status Multicast group membership: Interface (querier) | Group address ---------------------|----------------eth0 (yes) | 239.255.255.

the network administrator assigns a host’s IP address. Dynamic allocation is particularly useful for assigning an address to a host that will be connected to the network only temporarily. and the client is the host that requests these parameters from the server. There are a number of parameters that a DHCP server can supply to clients in addition to assigning IP addresses. but adds automatic allocation of reusable network addresses and additional configuration options. DHCP is based on a client–server model. Cookie server etc… Also.202 Chapter 10 – Dynamic Host Configuration Protocol . • In the manual allocation mechanism. WINS Server. They can supply addresses of DNS server.DHCP Chapter 10 Dynamic Host Configuration Protocol . and DHCP is used simply to convey the assigned address to the host. or until the host explicitly relinquishes the address. they can supply the gateway address for the LAN. DHCP is based on the Bootstrap Protocol (BOOTP) defined in RFC 1542. DHCP assigns an IP address to a host for a limited period of time. depending on the policies of the network administrator. DHCP assigns a permanent IP address to a host. • In the dynamic allocation mechanism. DHCP supports three mechanisms for IP address allocation • In the automatic allocation mechanism. . or for sharing a limited pool of IP addresses among a group of hosts that do not need permanent IP addresses. A particular network will use one or more of these mechanisms. where the server is the host that allocates network addresses and initialization parameters.DHCP Introduction The Dynamic Host Configuration Protocol (DHCP) is defined in RFC 1541 and provides a mechanism for passing configuration information to hosts on a TCP/IP network. Dynamic allocation is the only one of the three mechanisms that allows automatic reuse of an address that is no longer needed by the host to which it was assigned.

If the system crashes in the middle of this process.conf file. In order to keep track of leases across system reboots and server restarts. Once a lease has expired. In this case the Residential Gateway picks up DHCP requests sent by hosts connected to the internal interfaces. In order to prevent the file from becoming arbitrarily large. The DHCP client function.AT-RG 600 Residential Gateway – Software Reference Manual 203 Dynamic allocation may also be a good choice for assigning an IP address to a new host being permanently connected to a network where IP addresses are sufficiently scarce that it is important to reclaim them when old hosts are retired. This gives a window of vulnerability whereby leases may be lost. the BOOTP protocol does not provide a protocol for recovering dynamically-assigned addresses once . DHCP server features are activated on the internal network to assign IP address to hosts connected to the internal interfaces.leases file from its lease database in memory. DHCP support on AT-RG6xx Residential Gateway series The AT-RG613.leases file (stored in ISFS) Before a lease is granted to a host. is used on the external interface to get IP addresses from the ISP.leases file to gain information about which leases had been assigned before reboot. DHCP server The DHCP protocol allows a host which is unknown to the network administrator to be automatically assigned a new IP address out of a pool of IP addresses for its network. the clients to which leases are assigned are expected to renew them in order to continue to use the addresses. BOOTP support is also provided by this server. only the lease file present in flash memory can be restored. AT-RG623 and AT-RG656 are able to act both as DHCP server and as DHCP client. Each client is assigned a lease. Typically. AT-RG623 and AT-RG656 also support DHCP relay functionality.conf file and stores a list of available addresses on each subnet. In order for this to work. which expires after an amount of time chosen by the administrator (by default. 12 hours). the client to which that lease was assigned is no longer permitted to use the leased IP address and must resort back to the DHCPDISCOVER mechanism ( see RFC 2131) to request a new lease. the server periodically creates a new dhcp. instead. the server keeps a list of leases it has assigned in the dhcpd. the DHCP server reads the dhcpd. On startup.conf file. Upon startup. Unlike DHCP. after reading the dhcpd. the server allocates an address for it. Some time before the leases expire. the network administrator allocates address pools for each available subnet and enters them into the dhcpd. When a client requests an address using the DHCP protocol. The AT-RG613. and forwards their requests to an external DHCP server and then routes back to the hosts the replies that are received from the server. it records the lease in this file. New leases are appended to the end of the lease file. the DHCP server software reads the dhcpd.

168. Example: This paragraph provides a guide to configuring the DHCP server using commands available on the CLI.255.x subnet.10 defaultleasetime 1800 maxleasetime 86000 option domain-name-servers 192.168.168. although the network administrator may set an earlier cut-off date or a shorter lease length for BOOTP leases if that makes sense.30. The following DHCP server configuration will create a range of 10 available IP addresses in the 192.168. • Four DHCP options are configured.168. which will allow use of address autoconfiguration by clients on the network.219. the following commands could have been used which provide automatic values for these options: dhcpserver set subnet mysubnet hostisdnsserver enabled dhcpserver set subnet mysubnet hostisdefaultgateway enabled This will result in the DHCP server taking the IP address of the IP interface it is running on.5. but some administrative process for reclaiming addresses is required.0 subnet: dhcpserver add subnet mysubnet 192. since ideally the DHCP server . Let's assuming that in the system there has been defined an internal interface (where the DHCP Server module will run) with the following IP address and netmask: 192. This even includes clients that are not included in the available address ranges – this is sensible.168.219.255. Instead of specifying the "domain-name-servers" and "routers" options manually. By default.168.20.219. It is still possible to dynamically assign addresses to BOOTP clients. Note that for DHCP clients using DHCPINFORM.204 Chapter 10 – Dynamic Host Configuration Protocol .40 option irc-server 10.7.255. • • • default gateway address of 192.20 option auto-configure 1 • Default lease time and maximum lease time are set to 1800 seconds and 86000 seconds.220.168.221.220.40.DHCP they are no longer needed.219.0 192.168.7. respectively. leases are granted to BOOTP clients in perpetuity. the above declarations mean that the server would supply the given configuration options to any client that is on the 192. in addition to the usual IP address and subnet mask: • DNS server address of 192. IRC server address of 10. and the “auto-configure” option.5. and supplying that address to DHCP clients as the DNS server and default gateway.20 dhcpserver set subnet mysubnet dhcpserver set subnet mysubnet dhcpserver subnet mysubnet add dhcpserver subnet mysubnet add dhcpserver subnet mysubnet add dhcpserver subnet mysubnet add 192.0 255. respectively. This is especially useful in a deployment that utilizes the DNS relay on the residential gateway.255.221.168.219.1 255.219.30 option routers 192.

Note that you will still need to have a suitable subnet declaration – for example. issue the following command: dhcpserver enable The final step is to tell the system to update the DHCP server software with the new IP interface and configuration that has been defined.0 with netmask 255. It is also possible to assign a maximum lease duration to fixed DHCP clients as follows: dhcpserver set fixedhost myhost maxleasetime 7200 In this context.255. You might see the following message if you have ever turned off the DHCP server: Note the DHCP server is not currently enabled.168.AT-RG 600 Residential Gateway – Software Reference Manual 205 should not have addresses available to give out that may already belong to hosts on the same subnet.219.5 to a host whose ethernet MAC address is 00:20:2b:01:02:03.219. Any configuration options you define in this subnet will also be offered to every fixed host you have added which is also on the given subnet.168.255.5 00:20:2b:01:02:03 Will add a fixed mapping of the IP address 192. If you see this. as shown earlier. the command: dhcpserver add fixedhost myhost 192. The IP address itself is always guaranteed to be available for assignment to the specific host (unless there are other DHCP servers on the same network that are deliberately configured to conflict). a subnet 192.0. For example.219.169. issue the following command: dhcpserver update NOTE: NO configuration changes that you have made on the DHCP server will take effect until you enter the DHCPSERVER UPDATE command. The CLI can also be used to define fixed host/IP address mappings. and vice-versa (you will receive an error message if you try to do this). To do this. Note that fixed IP mappings cannot overlap with dynamic IP ranges on a subnet. . a fixed lease duration would normally be used to allow DHCP clients to see changes in offered options quickly.

DHCP DHCP client A DHCP client uses the facilities of the IP stack to transmit and receive DHCP packets. A DHCP client is created on a given interface by using the IP SET INTERFACE command with the parameter dhcp enabled. Firstly.206 Chapter 10 – Dynamic Host Configuration Protocol . If this happens. The residential Gateway DHCP client accepts and makes use of the following information: • IP address • Subnet mask • Default route (one only) • Domain name servers (up to two can be usefully supported by DNS relay) • Host name or dhcp-client-identifier.0. so that a DHCP server can find the host record by matching against the client identifier.0. The client will attempt to initiate renewal of a held lease well before it is due to expire (approximately half way through the total duration of the lease). the IP settings are discovered for the interface (It's possible define one or more interfaceconfig rules to customize the option that must be requested). After this. This involves allocating the new IP address to the interface and configuring the subnet for the interface. AT-RG623 and AT-RG656 DHCP conforms to most of the specification given in RFC2131. the interface is disabled for all non-DHCP traffic. The DHCP client learns its required configuration details via a DHCPDISCOVER request.0. Addresses allocated by DHCP expire after the specified lease time runs out. This will reset the IP address and subnet mask of each nominated interface to 0. then “send dhcpclient-identifier” is mandatory. and must be specifically set to . The DHCP client on the AT-RG613. This avoids the problem of an active interface being unexpectedly disabled and dropping normal IP traffic. the DHCP client will retry indefinitely in order to learn them. it has to configure the IP stack appropriately. as described in RFC2131 (unless the interface is disabled). the DHCP client must relearn its configuration by repeating the process described above. Once the DHCP client has accepted a suitable configuration for the interface. This section describes how these settings are discovered. Retry characteristics can be defined using DHCPCLIENT SET RETRY command. This option can be useful when attempting to operate the DHCP client with a Microsoft DHCP server. If configuration details are not successfully obtained using DHCP. This information is processed by the client and passed back to the IP stack to complete interface configuration for the lease duration. This option can be used to specify a client identifier in a host declaration. Note: When attempting to use a DHCP client with a Microsoft DHCP server. A subset of the DHCP options described in RFC2132 is supported.

Additionally. To turn on the AutoIP feature use DHCPCLIENT SET INTERFACECONFIG AUTOIP ENABLED command To prevent the DHCP client from using AutoIP. USE DHCPCLIENT SET INTERFACECONFIG AUTOIP DISABLED command.e. abandoning the address if it is already active on the network. the suggested address will be abandoned if any other host on the network issues an ARP probe (i. and not send it other information that it is not prepared to accept. Using the DHCPCLIENT INTERFACE CONFIG ADD REQUESTED OPTION command causes the client to request that any server responding to the client send the client its values for the specified options.0) for that IP address. this lease will supercede any auto-configured IP address. This includes support for RFC2563. In summary.0. Lease requirements and requests The DHCP protocol allows the client to request that the server send it specific information. The other obvious use for this statement is to send information to the server that will allow it to differentiate between this client and other clients or kinds of clients. the host issuing the ARP has source address 0. . A pseudo-random algorithm invents an IP address on the 169. Having auto-configured an IP address. Support for AutoIP The DHCP client supports also IP address auto-configuration. Options that are always sent in the DHCP protocol should not be specified here. Offers that do not contain all the listed options will be ignored.not option parameters.AT-RG 600 Residential Gateway – Software Reference Manual 207 the MAC address of the device upon which the client is running.254 subnet. Only the option names should be specified in the request statement .0. to b e referred to as “AutoIP” in this manual . otherwise DHCP will not work at all. Using the DHCPCLIENT INTERFACE CONFIG ADD SENT OPTION command causes the client to send the specified options to the server with the specified values. Using the DHCPCLIENT INTERFACE CONFIG ADD REQUIRED OPTION command configures a lists of options that must be sent in order for an offer to be accepted. the DHCP client will periodically check that it still cannot contact a DHCP server. which allows network administrators to configure DHCP servers to deny this auto-configuration capability to clients. except that the client can specify a requested-lease-time option other than the default requested lease time. Collisions are avoided by issuing ARP requests for the suggested IP address. AutoIP will be engaged after a DHCP client fails to contact a DHCP server and cannot obtain a lease. The protocol also allows the client to reject offers from servers if they do not contain information the client needs. If the client finds it can now obtain a legitimate lease from a DHCP server. which is two hours. or if the information provided is not satisfactory.

with address 192.168.208 Chapter 10 – Dynamic Host Configuration Protocol . the following command sequence can be used: dhcpclient dhcpclient dhcpclient dhcpclient add interfaceconfig client1 eth0 interfaceconfig 1 add requested option domain-name-servers set interfaceconfig client1 givednstorelay enabled set interfaceconfig client1 givednstoclient enabled Automatically setting up a DHCP server It is possible to tell the DHCP client to use parameters it has obtained to automatically set up a DHCP server.2.219. It will then advertise its own host IP address as being the default gateway.3. As is evident from the parameter names. The pertinent attributes are giveDnsToRelay and giveDnsToClient. the DHCP client will try to place the DHCP server on the first LAN interface it finds (the DHCP client will regard an IP interface as being a LAN interface) The new DHCP server’s address pool will start one IP address after the IP address of the interface upon which the DHCP server has been set up. That is. which they are then able to use for DNS queries. The first mode allows you to choose how DNS servers are to be used. If you do not supply any interface information. to set this up via the CLI. and which IP interface you want the new DHCP server to bind to. Propagating DNS server information You can tell the DHCP client what to do with received DNS server addresses. the following command sequence can be used: dhcpclient dhcpclient dhcpclient dhcpclient add interfaceconfig client1 eth0 interfaceconfig 1 add requested option domain-name-servers set interfaceconfig client dhcpserverpoolsize 30 set interfaceconfig client1 dhcpserverinterface uplink . if the DHCP client is configured to set up the DHCP server on an IP interface named "uplink". the second mode allows you to use parameters received on a DHCP client interface to automatically set up a DHCP server on another interface in the system. the effect of these settings is to cause the DHCP process to pass to the DNS relay and client processes the DNS server address(es) it has learnt. For example. DNS server addresses are only given to the DNS relay.219. the address range will commence from address 192. you must tell DHCP client how large an IP address lease pool you would like the new server to have. if present.DHCP Additional DHCP client modes There are two additional DHCP client modes for more fine control of how configuration parameters are accepted and propagated. By default. At present. the new DHCP server will give out any DNS server addresses received by the DHCP client. If you choose this mode.168. To set this up via the CLI.

Let us consider. (There is also an analogous option to pass the addresses to the DNS client). These commands create a new DHCP client interface configuration related to the IP interface you defined earlier. • For this to occur. dhcpclient dhcpclient dhcpclient dhcpclient dhcpclient dhcpclient dhcpclient dhcpclient add interfaceconfig mycfg set interfaceconfig mycfg set interfaceconfig mycfg set interfaceconfig mycfg set interfaceconfig mycfg interfaceconfig mycfg add interfaceconfig mycfg add interfaceconfig mycfg add eth0 requestedleasetime 3600 clientid 00:20:2b:01:02:03 autoip enabled givednstorelay enabled requested option domain-name-servers required option routers sent option host-name ’"galapagos"’ Note: For options with string-type values associated with them. You do not need to perform these steps unless you have special requirements. To do this. the option value must be in double-quotes ("). The first step is to enable the dhcp flag on this interface: ip set interface eth0 dhcp enabled DHCP client configuration is optional. • Finally. the DHCP client will send out "galapagos" as the value of the host name option – this can be used by some ISPs as part of a simple authentication process (maps onto the "send" directive). • A client identifier of 00:20:2b:01:02:03 is specified. • Any DNS server addresses received from a server will be passed to the DNS relay. issue the following command: . such as specifying whether the use of AutoIP is allowed.AT-RG 600 Residential Gateway – Software Reference Manual 209 Example This paragraph provides a guide to setting up a DHCP client using commands available in the CLI. or specific requirements about what to do with option values when they are received. the entire string including the double quotes must be inside single quotes (') to ensure that the CLI treats the double quotes literally. line by line. The final step is to tell the Residential Gateway to update the DHCP client software with the new IP interface and configuration that has been defined. the DHCP client must request DNS server addresses from a server (maps onto the "request" directive). Also. specific requirements for which options are to be negotiated from a DHCP server. Let's assume that the system has been configured wirh an interface named eth0. • The DHCP client will insist that a default gateway parameter is present in any lease offer (maps onto the "require" directive). the DHCP client will automatically assign an address using AutoIP. • In the event of a DHCP server being unavailable. what the above configuration does: • A lease time of one hour is requested.

DHCP dhcpclient update NOTE: NO configuration changes that you have made on the DHCP client will take effect until you enter the DHCPCLIENT UPDATE command. the relay acts as a de-facto DHCP server. Note DHCP Server and DHCP relay cannot coexist simultaneously . From a DHCP client’s point of view. The relay works by forwarding all broadcasted client requests to one or more known DHCP servers. DHCP Relay A DHCP relay uses the facilities of the IP stack to transmit and receive DHCP packets.210 Chapter 10 – Dynamic Host Configuration Protocol . Server replies are then either broadcast or unicast back to the client via the DHCP relay. This is useful where a network administrator only wishes to have one DHCP server across several physical and logical sub-networks. and this operation is transparent.

configure and manage DHCP Server module. AT-RG623 and AT-RG656 Residential Gateway to enable.AT-RG 600 Residential Gateway – Software Reference Manual 211 DHCP Server Command Reference This section describes the commands available on the AT-RG613. DHCP server CLI commands The table below lists the DHCP server commands provided by the CLI: Command DHCPSERVER ADD FIXEDHOST DHCPSERVER ADD SUBNET DHCPSERVER CLEAR FIXEDHOST DHCPSERVER CLEAR SUBNETS DHCPSERVER DELETE FIXEDHOST DHCPSERVER DELETE SUBNET DHCPSERVER ENABLE|DISABLE DHCPSERVER LIST FIXEDHOST DHCPSERVER LIST OPTIONS DHCPSERVER LIST SUBNETS DHCPSERVER SET ALLOWUNKNOWNCLIENTS DHCPSERVER SET BOOTP DHCPSERVER SET DEFAULTLEASETIME DHCPSERVER SET FIXEDHOST IPADDRESS DHCPSERVER SET FIXEDHOST MACADDRESS DHCPSERVER SET FIXEDHOST MAXLEASETIME DHCPSERVER SET MAXLEASETIME DHCPSERVER SET SUBNET DEFAULTLEASETIME DHCPSERVER SET SUBNET HOSTISDEFAULTGATEWAY DHCPSERVER SET SUBNET HOSTISDNSSERVER DHCPSERVER SET SUBNET MAXLEASETIME DHCPSERVER SET SUBNET SUBNET DHCPSERVER SHOW DHCPSERVER SHOW SUBNET DHCPSERVER SUBNET ADD IPRANGE DHCPSERVER SUBNET ADD OPTION DHCPSERVER SUBNET CLEAR IPRANGES .

The commands informs the DHCP server to assign a specific IP address to a specific DHCP client based on the client’s MAC address. The reverse is also forbidden.168.1 00:20:2b:01:02:03 . dynamic IP range on a subnet.102.DHCP DHCPSERVER SUBNET CLEAR OPTIONS DHCPSERVER SUBNET DELETE IPRANGE DHCPSERVER SUBNET DELETE OPTION DHCPSERVER SUBNET LIST IPRANGES DHCPSERVER SUBNET LIST OPTIONS DHCPSERVER UPDATE DHCPSERVER ADD FIXEDHOST Syntax DHCPSERVER ADD FIXEDHOST <name> <ipaddress> <macaddress> Description This command creates a new fixed host mapping in the DHCP server. Option Description An arbitrary name that identifies the fixed host mapping.212 Chapter 10 – Dynamic Host Configuration Protocol . 192.219. It's necessary to also create a suitable DHCP subnet definition in order for fixed host mapping to work.168. displayed in the IPv4 format (e. If a DHCPDISCOVER or DHCPREQUEST is received from the DHCP client with that MAC address. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). it will have the specified fixed IP address assigned to it. but it cannot start with a digit. Note: It's not possible to create a fixed host mapping with an IP address that is already present inside a configured.3) A MAC address displayed in the following format: ##:##:##:##:##:## Default Value name N/A ipaddress N/A macaddress N/A Example The example below creates a fixed host mapping: --> dhcpserver add fixedhost myhost 192. it's not possible add addresses into a dynamic IP range that are already configured as fixed host addresses. The IP address that is assigned to a DHCP client based on the client’s MAC address. It can be made up of one or more letters or a combination of letters and digits.g.

Option Description An arbitrary name that identifies subnet.10 – 192. The base IP address of the subnet.0 The first IP address in the pool of addresses.168.10 192.102.219.3) Default Value name N/A ipaddress netmask N/A N/A startaddr N/A endaddr N/A Example -->dhcpserver add subnet sub1 239. but is not within the range of IP addresses that constitute the server’s dynamic pool (192.168.20): --> dhcpserver add subnet mysubnet 192. but it cannot start with a digit. Note that the IP address used above is within the subnet.g. It can be made up of one or more letters or a combination of letters and digits.102.252.255.g. The IP address is displayed the IPv4 format (e.255. The DHCP server can allocate IP addresses from this pool to clients on request.168.197.255.AT-RG 600 Residential Gateway – Software Reference Manual 213 The example below creates a suitable subnet for the above fixed host mapping.252. displayed in the IPv4 format (e.20 See also DHCPSERVER DELETE FIXEDHOST DHCPSERVER LIST FIXEDHOST DHCPSERVER ADD SUBNET Syntax DHCPSERVER ADD SUBNET <name> <ipaddress> <netmask> [<startaddr> <endaddr>] Description This command defines a subnet that requests will be received from. 192.107 See also DHCPSERVER LIST SUBNETS DHCPSERVER CLEAR FIXEDHOST Syntax DHCPSERVER CLEAR FIXEDHOSTS Description This command deletes all DHCPserver fixedhosts that were created using the .219.197. 192.102.168.219.168.255.0 255.10 239.197.0 192.0) The netmask of the subnet. The IP address is displayed in the IPv4 format (e.g.0 255.168.168.219.168.255.0 239.255. 192. for example: 255. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).3) The last IP address in the pool of addresses.219.252. and a pool of addresses within that subnet.

use the Default Value name DHCPSERVER LIST FIXEDHOSTS command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description A name that identifies an existing fixed host.214 Chapter 10 – Dynamic Host Configuration Protocol . The pool of IP addresses in the subnet are also deleted. Example --> dhcpserver clear subnets See also DHCPSERVER DELETE SUBNET DHCPSERVER DELETE FIXEDHOST Syntax DHCPSERVER DELETE FIXEDHOST <name> Description This command deletes a single fixed host mapping in the DHCP server that was created using the DHCPSERVER ADD FIXEDHOST command. To display fixed host names. N/A Example --> dhcpserver delete fixedhost myhost See also DHCPSERVER ADD FIXEDHOST DHCPSERVER LIST FIXEDHOST DHCPSERVER CLEAR FIXEDHOST DHCPSERVER DELETE SUBNET Syntax DHCPSERVER DELETE SUBNET {<name>|<number>} Description This command deletes a single DHCP server subnet.DHCP DHCPSERVER ADD FIXEDHOST commands. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). . Example --> dhcpserver clear fixedhosts See also DHCPSERVER DELETE FIXEDHOST DHCPSERVER ADD FIXEDHOST DHCPSERVER CLEAR SUBNETS Syntax DHCPSERVER CLEAR SUBNETS Description This command deletes all DHCP server subnets that were created using the DHCPSERVER ADD SUBNET commands.

AT-RG 600 Residential Gateway – Software Reference Manual 215 Option name Description A name that identifies an existing subnet. DHCP server and DHCP relay cannot be enabled at the same time. Option ENABLE DISABLE Description Enables configuration of the DHCP server Disables configuration of the DHCP server. To display subnet numbers. use the DHCPSERVER LIST SUBNETS command. Note: DHCP server must be enabled in order to carry out any DHCP server configuration. Default Value enable Example --> dhcpserver enable See also DHCPRELAY ENABLE|DISABLE DHCPSERVER LIST FIXEDHOST Syntax DHCPSERVER LIST FIXEDHOST Description This command lists the following information about existing DHCP fixed host mappings: • fixed host ID number • fixed host name • IP address • MAC address . A number that identifies an existing subnet. use the DHCPSERVER LIST SUBNETS command. To display subnet names. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value N/A number N/A Example --> dhcpserver delete subnet sub1 See also DHCPSERVER CLEAR SUBNETS DHCPSERVER ENABLE|DISABLE Syntax DHCPSERVER {enable|disable} Description This command enables/disables the DHCP server.

219. It's possible to configure the DHCP server to use any of the options listed.168.DHCP • Max lease time Example --> dhcpserver list fixedhosts DHCP server fixed host mappings: ID | Name | IP address | MAC address | Max Lease Time -----|---------|-----------------|--------------------|--------------1 | myhost | 192. Example --> dhcpserver list options subnet-mask time-offset routers time-servers ien116-name-servers domain-name-servers log-servers cookie-servers lpr-servers impress-servers resource-location-servers host-name boot-size merit-dump domain-name swap-server root-path extensions-path ip-forwarding non-local-source-routing policy-filter max-dgram-reassembly default-ip-ttl path-mtu-aging-timeout path-mtu-plateau-table interface-mtu all-subnets-local broadcast-address perform-mask-discovery mask-supplier .0 | 00:20:2b:01:02:03 | 86400 ---------------------------------------------------------------------See also DHCPSERVER ADD FIXEDHOST DHCPSERVER SET FIXEDHOST IPADDRESS DHCP SET FIXEDHOST MACADDRESS DHCPSERVER FIXEDHOST MAXLEASETIME DHCPSERVER LIST OPTIONS Syntax DHCPSERVER LIST OPTIONS Description This command lists the option data types available for DHCP server.216 Chapter 10 – Dynamic Host Configuration Protocol . These options are detailed in RFC2132.

AT-RG 600 Residential Gateway – Software Reference Manual 217 router-discovery router-solicitation-address static-routes trailer-encapsulation arp-cache-timeout ieee802-3-encapsulation default-tcp-ttl tcp-keepalive-interval tcp-keepalive-garbage nis-domain nis-servers ntp-servers vendor-encapsulated-options netbios-name-servers netbios-dd-server netbios-node-type netbios-scope font-servers x-display-manager dhcp-requested-address dhcp-lease-time dhcp-option-overload dhcp-message-type dhcp-server-identifier dhcp-parameter-request-list dhcp-message dhcp-max-message-size dhcp-renewal-time dhcp-rebinding-time dhcp-class-identifier dhcp-client-identifier option-62 option-63 nisplus-domain nisplus-servers tftp-server-name bootfile-name mobile-ip-home-agent smtp-server pop-server nntp-server www-server finger-server irc-server streettalk-server streettalk-directory-assistance-server user-class option-78 option-79 option-80 option-81 option-82 option-83 option-84 nds-servers nds-tree-name nds-context option-88 option-89 .(more options down to) option-115 ...

see http://www. Option ENABLE Description Allows IP addresses to be dynamically assigned to unknown clients.DHCP auto-configure option-117 ...txt DHCPSERVER LIST SUBNETS Syntax DHCPSERVER LIST SUBNETS Description This command lists the following information about existing DHCP server subnets: • subnet number • subnet name • subnet IP address • subnet netmask • default lease time (in seconds) • maximum lease time (in seconds) • whether the host is a DNS server (true or false) Example --> dhcpserver list subnets DHCP Server subnets: Default Max Host is ID | IP Address | Netmask | Lease time | Lease time | DNS svr ---|----------------|---------------|------------|------------|-------1 | 192.168.ietf.0 | 43200 | 86400 | false ----------------------------------------------------------------------See also DHCPSERVER SHOW SUBNET DHCPSERVER SET ALLOWUNKNOWNCLIENTS Syntax DHCPSERVER SET ALLOWUNKOWNCLIENTS {ENABLE|DISABLE} Description This command enables/disables the dynamic assignment of addresses to unknown clients.255.org/rfc/rfc2132.102.255.0 | 255.218 Chapter 10 – Dynamic Host Configuration Protocol . Default Value enable .(more options down to) option-254 option-end See also DHCPSERVER SUBNET ADD OPTION For information on RFC 2132. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

AT-RG 600 Residential Gateway – Software Reference Manual

219

DISABLE

Does not allow IP addresses to be dynamically assigned to unknown clients.

Example --> dhcpserver set allowunknownclients disable See also DHCPCLIENT SET INTERFACECONFIG CLIENTID

DHCPSERVER SET BOOTP
Syntax DHCPSERVER SET BOOTP {ENABLE|DISABLE} Description This command determines whether or not DHCP server can respond to BOOTP requests. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option ENABLE DISABLE Description DHCP server responds to BOOTP queries. DHCP server does not respond to BOOTP queries. enable Default Value

Example --> dhcpserver set bootp disable

DHCPSERVER SET DEFAULTLEASETIME
Syntax DHCPSERVER SET DEFAULTLEASETIME <defaultleasetime> Description This command sets the global default lease time for DHCP server. To retrieve the current DEFAULTLEASETIME value, use the DHCPSERVER SHOW command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description The default time (in seconds) that is assigned to a lease if the client requesting the lease does not ask for a specific expiry time. Default Value

defaultleasetime

43200

Example --> dhcpserver set defaultleasetime 50000 See also DHCPSERVER SET SUBNET MAXLEASETIME

220

Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCPSERVER SET FIXEDHOST IPADDRESS
Syntax DHCPSERVER SET FIXEDHOST <host name> IPADDRESS <ipaddress> Description This command sets the IP address that will be allocated to a DHCP client by the fixed host mapping. To retrieve the current FIXEDHOST IPADDRESS values, use the DHCPSERVER LIST FIXEDHOST command. Note: It's not valid to create a fixed host mapping with an IP address that is already within a configured, dynamic IP range on a subnet. The reverse is also forbidden; it's not possible to add addresses into a dynamic IP range that are already configured as fixed host addresses.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description
A name that identifies an existing fixedhost. To display fixedhost names, use the

Default Value

hostname

DHCPSERVER LIST FIXEDHOSTS
command. The IP address that is assigned to a DHCP client based on the client’s MAC address, displayed in the IPv4 format (e.g. 192.168.102.3)

N/A

ipaddress

N/A

Example --> dhcpserver set fixedhost myhost ipaddress 192.168.219.2 See also DHCPSERVER LIST FIXEDHOST DHCPSERVER SET FIXEDHOST MACADDRESS

DHCPSERVER SET FIXEDHOST MACADDRESS
Syntax DHCPSERVER SET FIXEDHOST <host name> MACADDRESS <macaddress> Description This command sets the MAC address for an existing fixed host mapping. To retrieve the current FIXEDHOST MACADDRESS values, use the DHCPSERVER LIST FIXEDHOST command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description
A name that identifies an existing fixedhost. To display fixedhost names, use the

Default Value

hostname

DHCPSERVER LIST FIXEDHOSTS
command.

N/A

AT-RG 600 Residential Gateway – Software Reference Manual

221

mac address

A MAC address displayed in the following format: ##:##:##:##:##:##

N/A

Example --> dhcpserver set fixedhost myhost macaddress 00:20:2b:01:02:03 See also DHCPSERVER LIST FIXEDHOST DHCPSERVER SET FIXEDHOST IPADDRESS

DHCPSERVER SET FIXEDHOST MAXLEASETIME
Syntax DHCPSERVER SET FIXEDHOST <host name> MAXLEASETIME <maxleasetime> Description This command sets the maximum lease time for an existing fixed host mapping. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description The maximum time (in seconds) that is assigned to a lease if the client requesting the lease does not ask for a specific expiry time. Default Value

maxleasetime

86400

Example --> dhcpserver set fixedhost myhost maxleasetime 90000 See also DHCPSERVER LIST FIXEDHOST

DHCPSERVER SET MAXLEASETIME
Syntax DHCPSERVER SET MAXLEASETIME <maxleasetime> Description This command sets the global maximum lease time for DHCP server. To retrieve the current MAXLEASETIME value, use the DHCPSERVER SHOW command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description The maximum time (in seconds) that is assigned to a lease if the client requesting the lease does not ask for a specific expiry time. Default Value

maxleasetime

86400

Example --> dhcpserver set maxleasetime 90000 See also DHCPSERVER SET DEFAULTLEASETIME

222

Chapter 10 – Dynamic Host Configuration Protocol - DHCP

DHCPSERVER SET SUBNET DEFAULTLEASETIME
Syntax DHCPSERVER SET SUBNET {<name>|<number>} DEFAULTLEASETIME <defaultleasetime> Description This command sets the default lease time for an existing subnet. This command setting overrides the global default lease time setting for this particular subnet. To retrieve the current SUBNET DEFAULTLEASETIME value, use the DHCPSERVER SHOW command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name Description A name that identifies an existing subnet. To display subnet names, use the DHCPSERVER LIST SUBNETS command. A number that identifies an existing subnet. To display subnet numbers, use the DHCPSERVER LIST SUBNETS command. The default time (in seconds) that a subnet assigns to a lease if the client requesting the lease does not ask for a specific expiry time. Default Value N/A

number

N/A

defaultleasetime

43200

Example --> dhcpserver set subnet sub1 defaultleasetime 30000 See also DHCPSERVER SHOW SUBNET

DHCPSERVER SET SUBNET HOSTISDEFAULTGATEWAY
Syntax DHCPSERVER SET SUBNET {<name>|<number>} HOSTISDEFAULTGATEWAY {ENABLED | DISABLED} Description This command tells the DHCP server to give out its own interface IP address (ie the IP address on the interface via which the DHCP lease is allocated to the client) as the default gateway address. To retrieve the current settings, use the DHCPSERVER SHOW command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name Description A name that identifies an existing subnet. To display subnet names, use the DHCPSERVER LIST SUBNETS command. Default Value N/A

AT-RG 600 Residential Gateway – Software Reference Manual

223

number

A number that identifies an existing subnet. To display subnet numbers, use the DHCPSERVER LIST SUBNETS command. Allows DHCP server to give out its own interface IP address as the default gateway address.

N/A

ENABLED

disabled

DHCPSERVER SET SUBNET HOSTISDNSSERVER
Syntax DHCPSERVER SET SUBNET {<name>|<number>} HOSTISDNSSERVER {ENABLED | DISABLED} Description This command tells the DHCP server to give out its own interface IP address (ie the IP address on the interface via which the DHCP lease is allocated to the client) as the DNS server address. This is useful when combined with DNS Relay. To retrieve the current settings, use the DHCPSERVER SHOW command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Name Description A name that identifies an existing subnet. To display subnet names, use the dhcpserver list subnets command. A number that identifies an existing subnet. To display subnet numbers, use the dhcpserver list subnets command. Allows DHCP server to give out its own interface IP address as the DNS server address. Disallows DHCP server from giving out its own interface IP address as the DNS server address. Default Value N/A

Number

N/A

ENABLED

disabled

DISABLED

Example - -> dhcpserver set subnet sub1 hostisdnsserver enabled See also DHCPSERVER LIST SUBNETS

DHCPSERVER SET SUBNET MAXLEASETIME
Syntax DHCPSERVER SET SUBNET {<name>|<number>} MAXLEASETIME <maxleasetime> Description This command sets the maximum lease time for an existing subnet. This command setting overrides the global maximum lease time setting for this particular subnet. To retrieve the current settings, use the DHCPSERVER SHOW command.

224

Chapter 10 – Dynamic Host Configuration Protocol - DHCP

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Name Description A name that identifies an existing subnet. To display subnet names, use the DHCPSERVER LIST SUBNETS command. A number that identifies an existing subnet. To display subnet numbers, use the DHCPSERVER LIST SUBNETS command. The maximum time (in seconds) that a subnet assigns to a lease if the client requesting the lease does not ask for a specific expiry time. Default Value N/A

Number

N/A

maxleasetime

86400

Example --> dhcpserver set subnet sub1 maxleasetime 70000 See also DHCPSERVER SHOW SUBNET

DHCPSERVER SET SUBNET SUBNET
Syntax DHCPSERVER SET SUBNET {<name>|<number>} SUBNET <ip address> <netmask> Description This command allows you to change the IP address and netmask that define the IP subnet used by an existing DHCP server subnet. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name Description A name that identifies an existing subnet. To display subnet names, use the DHCPSERVER LIST SUBNETS command. A number that identifies an existing subnet. To display subnet numbers, use the DHCPSERVER LIST SUBNETS command. The new IP address for the subnet, displayed in the IPv4 format (e.g. 192.168.102.3) The new netmask for the subnet, for example: 255.255.255.0 Default Value N/A

number

N/A

ip address

N/A

netmask

N/A

Example --> dhcpserver set subnet sub1 subnet 239.252.197.0 255.255.255.0 See also DHCPSERVER SUBNET ADD IPRANGES

AT-RG 600 Residential Gateway – Software Reference Manual

225

DHCPSERVER SUBNETS CLEAR IPRANGES

DHCPSERVER SHOW
Syntax DHCPSERVER SHOW Description This command displays the following global configuration information about the DHCP server: • status of the server (enabled/disabled) • global default lease time • global maximum lease time • allow bootp requests setting (enable/disable) • allow unknown clients setting (enable/disable) Example --> dhcpserver show Global DHCP Server Configuration: Status: ENABLED Default lease time: 43200 seconds Max. lease time: 86400 seconds Allow BOOTP requests: true Allow unknown clients: true See also DHCPSERVER SHOW SUBNET

DHCPSERVER SHOW SUBNET
Syntax DHCPSERVER SHOW SUBNET {<name>|<number>} Description This command displays the following information about an existing subnet: • subnet name • subnet IP address • subnet netmask • subnet maximum lease time • subnet default lease time Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name Description A name that identifies an existing subnet. To display subnet names, use the DHCPSERVER LIST SUBNETS command. Default Value N/A

226

Chapter 10 – Dynamic Host Configuration Protocol - DHCP

number

A number that identifies an existing subnet. To display subnet numbers, use the DHCPSERVER LIST SUBNETS command.

N/A

Example --> dhcpserver show subnet sub1 DHCP Server Subnet: sub1 Subnet: Netmask: Max. lease time: Default lease time: See also DHCPSERVER SHOW 192.168.103.0 255.255.255.0 70000 seconds 30000 seconds

DHCPSERVER SUBNET ADD IPRANGE
Syntax DHCPSERVER SUBNET {<name>|<number>} ADD IPRANGE <startaddr> <endaddr> Description This command adds a pool of IP addresses to an existing subnet. The DHCP server can allocate IP addresses from this pool to clients on request. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name Description A name that identifies an existing subnet. To display subnet names, use the DHCPSERVER LIST SUBNETS command. A number that identifies an existing subnet. To display subnet numbers, use the DHCPSERVER LIST SUBNETS command. The first IP address in the pool of addresses. The IP address is displayed in the IPv4 format (e.g. 192.168.102.3) The last IP address in the pool of addresses. The IP address is displayed in the IPv4 format (e.g. 192.168.102.3) Default Value N/A

number

N/A

startaddr

N/A

endaddr

N/A

Example --> dhcpserver subnet sub1 add iprange 239.252.197.0 239.252.197.107 See also DHCPSERVER ADD SUBNET DHCPSERVER LIST SUBNETS DHCPSERVER SUBNET LIST IPRANGES

DHCPSERVER SUBNET ADD OPTION
Syntax DHCPSERVER SUBNET {<name>|<number>} ADD OPTION <identifier> <value>

A number that identifies an existing subnet. Option name Description A name that identifies an existing subnet. A number that identifies an existing subnet. The following is an extract from the option list. Default Value N/A number N/A identifier value N/A N/A Example --> dhcpserver subnet sub1 add option auto-configure 1 See also DHCPCLIENT SET INTERFACECONFIG AUTOIP ENABLED|DISABLED For information on RFC 2132. given as an example of the nature of the options: Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display subnet names. Default Value N/A number N/A Example --> dhcpserver subnet sub1 clear ipranges . use the DHCPSERVER LIST SUBNETS command. The heading of each option in the list contains the option identifier and the required value (in italics) for that specific option.txt DHCPSERVER SUBNET CLEAR IPRANGES Syntax DHCPSERVER SUBNET {<name>|<number>} CLEAR IPRANGES Description This command deletes all of the IP ranges set for an existing subnet.ietf. To display a list of available options. use the DHCPSERVER LIST SUBNETS command. To display subnet numbers. use the DHCPSERVER LIST SUBNETS command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display subnet numbers. The value associated with the option identifier.AT-RG 600 Residential Gateway – Software Reference Manual 227 Description This command allows you to configure the DHCP server to send options detailed in RFC2132. To display subnet names. see http://www.org/rfc/rfc2132. A text string that identifies a DHCP server configuration option. Option name Description A name that identifies an existing subnet. use the DHCPSERVER LIST SUBNETS command. use the command DHCPSERVER LIST OPTIONS.

A number that identifies an existing subnet. A number that identifies an IP range. To display subnet numbers. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display subnet names. use the DHCPSERVER LIST SUBNETS command.DHCP See also DHCPSERVER SUBNET LIST IPRANGES DHCPSERVER SUBNET DELETE IPRANGE DHCPSERVER SUBNET CLEAR OPTIONS Syntax DHCPSERVER SUBNET {<name>|<number>} CLEAR OPTIONS Description This command deletes the options set for an existing subnet. To display subnet names. use the DHCPSERVER LIST SUBNETS command. Default Value N/A number N/A Example --> dhcpserver subnet sub1 clear options See also DHCPSERVER LIST SUBNETS DHCPSERVER SUBNET DELETE OPTION DHCPSERVER SUBNET DELETE IPRANGE Syntax DHCPSERVER SUBNET {<name>|<number>} DELETE IPRANGE <range-id> Description This command deletes a single IP range from an existing subnet. Default Value N/A number N/A range-id N/A Example --> dhcpserver subnet sub1 delete iprange 1 . use the DHCPSERVER LIST SUBNETS command. To list the existing range-ids for a subnet. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display subnet numbers. use the DHCPSERVER SUBNET LIST IPRANGES command. Option name Description A name that identifies an existing subnet.228 Chapter 10 – Dynamic Host Configuration Protocol . use the DHCPSERVER LIST SUBNETS command. A number that identifies an existing subnet. Option name Description A name that identifies an existing subnet.

the option will no longer be given out by the DHCP server. use the DHCPSERVER LIST SUBNETS command. To display subnet names. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the DHCPSERVER SUBNET LIST OPTIONS command. A number that identifies an existing subnet. Option Description Default Value . To list all existing options.AT-RG 600 Residential Gateway – Software Reference Manual 229 See also DHCPSERVER LIST SUBNETS DHCPSERVER SUBNET LIST IPRANGES DHCPSERVER SUBNET DELETE OPTION Syntax DHCPSERVER SUBNET {<name>|<number>} DELETE OPTION <option number> Description This command deletes a single option that was added using the DHCPSERVER SUBNET ADD OPTION command. Option name Description A name that identifies an existing subnet. A number that identifies an existing option. use the DHCPSERVER LIST SUBNETS command. Default Value N/A number N/A option number N/A Example --> dhcpserver subnet sub1 delete option 2 See also DHCPSERVER CLEAR SUBNETS DHCPSERVER LIST SUBNETS DHCPSERVER SUBNET LIST OPTIONS DHCPSERVER SUBNET LIST IPRANGES Syntax DHCPSERVER SUBNET {<name>|<number>} LIST IPRANGES Description This command lists the IP range(s) for an existing subnet that have been added using the DHCPSERVER ADD SUBNET command. To display subnet numbers. Once deleted. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

230 Chapter 10 – Dynamic Host Configuration Protocol . A number that identifies an existing subnet.102.102. Default Value N/A number N/A Example --> dhcpserver subnet sub1 list options Options for subnet: sub1 ID | Identifier | Value -----|------------------|-----------------1 | ip-forwarding | false 2 | subnet-mask | 255.168.255. use the DHCPSERVER LIST SUBNETS command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). N/A number N/A Example --> dhcpserver subnet sub1 list ipranges IP Ranges for subnet: sub1 ID | Start Address | End Address -----|------------------|-----------------1 | 192.0 ------------------------------------------See also DHCPSERVER LIST SUBNETS DHCPSERVER UPDATE Syntax DHCPSERVER UPDATE . use the DHCPSERVER LIST SUBNETS command.DHCP name A name that identifies an existing subnet.168.300 ------------------------------------------See also DHCPSERVER LIST SUBNETS DHCPSERVER SUBNET LIST OPTIONS Syntax DHCPSERVER SUBNET {<name>|<number>} LIST OPTIONS Description This command lists the options for an existing subnet that has been added using the DHCPSERVER ADD SUBNET command.102.168. Option name Description A name that identifies an existing subnet.168. use the DHCPSERVER LIST SUBNETS command.0 | 192.255.200 | 192. use the DHCPSERVER LIST SUBNETS command. A number that identifies an existing subnet.100 2 | 192. To display subnet names.102. To display subnet numbers. To display subnet numbers. To display subnet names.

Changes made to the server configuration will not take effect until this command has been entered. Example --> dhcpserver update dhcpserver: Reset request acknowledged. Reset imminent.AT-RG 600 Residential Gateway – Software Reference Manual 231 Description This command updates the DHCP server configuration. .

DHCP DHCP Client Command Reference This section describes the commands available on the AT-RG613.232 Chapter 10 – Dynamic Host Configuration Protocol . DHCP client CLI commands The table below lists the dhcpclient commands provided by the CLI: Command DHCPCLIENT ADD INTERFACECONFIG DHCPCLIENT CLEAR INTERFACECONFIGS DHCPCLIENT DELETE INTERFACECONFIG DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION DHCPCLIENT INTERFACECONFIG ADD SENT OPTION DHCPCLIENT INTERFACECONFIG CLEAR REQUESTED OPTIONS DHCPCLIENT INTERFACECONFIG CLEAR SENT OPTIONS DHCPCLIENT INTERFACECONFIG DELETE REQUESTED OPTIONS DHCPCLIENT INTERFACECONFIG DELETE SENT OPTIONS DHCPCLIENT INTERFACECONFIG LIST REQUESTED OPTIONS DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT SET BACKOFF DHCPCLIENT SET INTERFACECONFIG AUTOIP DHCPCLIENT SET INTERFACECONFIG CLIENTID DHCPCLIENT SET INTERFACECONFIG DEFAULTROUTE DHCPCLIENT SET INTERFACECONFIG DHCPINFORM DHCPCLIENT SET INTERFACECONFIG DHCPSERVERPOOLSIZE DHCPCLIENT SET INTERFACECONFIG DHCPSERVERINTERFACE DHCPCLIENT SET INTERFACECONFIG GIVEDNSTOCLIENT DHCPCLIENT SET INTERFACECONFIG GIVEDNSTORELAY DHCPCLIENT SET INTERFACECONFIG INTERFACE DHCPCLIENT SET INTERFACECONFIG NOCLIENTID DHCPCLIENT SET INTERFACECONFIG REQUESTEDLEASETIME DHCPCLIENT SET INTERFACECONFIG SERVER DHCPCLIENT SET REBOOT . configure and manage the DHCP Client module. AT-RG623 and AT-RG656 Residential Gateway to enable.

but it cannot start with a digit. This command can only be applied to IP interfaces have DHCP enabled (see IP SET INTERFACE DHCP command). Example --> dhcpclient clear interfaceconfigs See also DHCPCLIENT LIST INTERFACECONFIGS . Option Description An arbitrary name that identifies the name via which the DHCP config on the corresponding IP interface will be identified. use the IP LIST INTERFACES command. To display interface names. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The interface must have DHCP enabled. It can be made up of one or more letters or a combination of letters and digits.AT-RG 600 Residential Gateway – Software Reference Manual 233 DHCPCLIENT SET RETRY DHCPCLIENT SHOW DHCPCLIENT UPDATE DHCPCLIENT ADD INTERFACECONFIG Syntax DHCPCLIENT ADD INTERFACECONFIG <name> <ipinterface> Description This command configures DHCP client parameters for negotiation over an existing IP interface. An IP address or a name that identifies an existing IP interface. Default Value name N/A ipinterface N/A Example --> dhcpclient add interfaceconfig config1 ip1 See also DHCPCLIENT LIST INTERFACECONFIGS IP LIST INTERFACES IP SET INTERFACE DHCP DHCPCLIENT CLEAR INTERFACECONFIGS Syntax DHCPCLIENT CLEAR INTERFACECONFIGS Description This command deletes all existing DHCP client interface configurations.

To display client interface numbers.DHCP DHCPCLIENT DELETE INTERFACECONFIG Syntax DHCPCLIENT DELETE INTERFACECONFIG {<name>|<number>} Description This command deletes a single DHCP client interface configuration. Options are detailed in RFC 2132. Option Description A name that identifies an existing DHCP client interface. A number that identifies an existing DHCP client interface. Default Value name N/A number N/A Example --> dhcpclient delete interfaceconfig config1 See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} ADD REQUESTED OPTION <option> Description This command tells the DHCP client on a specific interface to request a specified option from a DHCP server. use the DHCPCLIENT LIST INTERFACECONFIGS command.234 Chapter 10 – Dynamic Host Configuration Protocol . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). the DHCP client will still accept the offer. Option Description A name that identifies an existing DHCP client interface. To display client interface names. use the DHCPCLIENT LIST INTERFACECONFIGS command.if the option is not included in a lease offered by DHCP server. To display client interface names. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value name N/A . use the DHCPCLIENT LIST INTERFACECONFIGS command. The requested option is not compulsory .

txt DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} ADD REQUIRED OPTION <option> Description This command tells the DHCP client on a particular interface that it requires a specified option from DHCP server. To display client interface names. To display client interface numbers. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the DHCPCLIENT LIST INTERFACECONFIGS command. N/A option N/A Example --> dhcpclient interfaceconfig client1 add requested option irc-server See also DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION For information on RFC 2132. use the DHCPCLIENT LIST INTERFACECONFIGS command. use the DHCPCLIENT LIST INTERFACECONFIGS command.txt .ietf. see http://www.org/rfc/rfc2132. To display client interface numbers. A text string that identifies a DHCP server configuration option. the DHCP client will ignore the offer. Options are detailed in RFC 2132. A number that identifies an existing DHCP client interface.if the option is not included in a lease offered by DHCP server. Default Value name N/A number N/A option N/A Example --> dhcpclient interfaceconfig client1 add required option domain-name See also DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTIONS DHCPCLIENT INTERFACECONFIG LIST REQUESTED OPTIONS For information on RFC 2132. see http://www. Option Description A name that identifies an existing DHCP client interface.AT-RG 600 Residential Gateway – Software Reference Manual 235 number A number that identifies an existing DHCP client interface.org/rfc/rfc2132.ietf. A text string that identifies a DHCP server configuration option. The required option is compulsory .

use the DHCPCLIENT LIST Default Value name N/A INTERFACECONFIGS command A number that identifies an existing DHCP client interface.txt DHCPCLIENT INTERFACECONFIG CLEAR REQUESTED OPTIONS Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>}CLEAR REQUESTED . Option Description A name that identifies an existing DHCP client interface. See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS for information on RFC 2132.org/rfc/rfc2132. To display client interface names.ietf.236 Chapter 10 – Dynamic Host Configuration Protocol . The DHCP server’s response depends on the type of option being sent out Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). number N/A option value N/A N/A Example To tell the DHCP client to send the DHCP host-name option to the DHCP server with the value “vancouver” use the following command: --> dhcpclient interfaceconfig client1 add sent option host-name '"vancouver"' Note: For options with string-type values associated with them. use the DHCPCLIENT LIST INTERFACECONFIGS command. the entire string including the double quotes must be inside single quotes (') to ensure that the CLI treats the double quotes literally. the option value must be in double-quotes ("). Also. The value associated with the option identifier. see http://www. To display client interface numbers. A text string that identifies a DHCP server configuration option.DHCP DHCPCLIENT INTERFACECONFIG ADD SENT OPTION Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} ADD SENT OPTION <option> <value> Description This command tells the DHCP client on a particular interface to send a value for the given DHCP configuration option to a DHCP server.

To display client interface numbers. use the DHCPCLIENT LIST INTERFACECONFIGS command. Option Description A name that identifies an existing DHCP client interface. Option Description A name that identifies an existing DHCP client interface.AT-RG 600 Residential Gateway – Software Reference Manual 237 OPTIONS Description This command deletes all options that were previously added to an interfaceconfig using the DHCPCLIENT INTERFACECONFIG ADD REQUESTED/REQUIRED OPTION commands Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value name N/A . use the DHCPCLIENT LIST INTERFACECONFIGS command. To display client interface names. To display client interface names. use the DHCPCLIENT LIST INTERFACECONFIGS command. Default Value name N/A number N/A Example --> dhcpclient interfaceconfig client1 clear requested options See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION DHCPCLIENT INTERFACECONFIG DELETE REQUESTED OPTION DHCPCLIENT INTERFACECONFIG DELETE REQUIRED OPTION DHCPCLIENT INTERFACECONFIG CLEAR SENT OPTIONS Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>}CLEAR SENT OPTIONS Description This command deletes all options that were previously added to an interfaceconfig using the DHCPCLIENT INTERFACECONFIG ADD SENT OPTION commands Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). A number that identifies an existing DHCP client interface.

A number that identifies an option that is requested/required from the DHCP server by the DHCP client. N/A Example --> dhcpclient interfaceconfig client1 clear sent options See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS DHCPCLIENT INTERFACECONFIG ADD SENT OPTIONS DHCPCLIENT INTERFACECONFIG DELETE SENT OPTIONS DHCPCLIENT INTERFACECONFIG DELETE REQUESTED OPTION Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>}DELETE REQUESTED OPTION <option number> Description This command deletes a single option that was previously added to an interfaceconfig using the DHCPCLIENT INTERFACECONFIG ADD OPTION REQUESTED/REQUIRED commands.238 Chapter 10 – Dynamic Host Configuration Protocol . use the DHCPCLIENT LIST INTERFACECONFIGS command. To display client interface numbers. use the DHCPCLIENT INTERFACECONFIG LIST OPTIONS command. use the DHCPCLIENT LIST INTERFACECONFIGS command.DHCP number A number that identifies an existing DHCP client interface. A number that identifies an existing DHCP client interface. To display client interface names. To display client interface numbers. Option Description A name that identifies an existing DHCP client interface. use the DHCPCLIENT LIST INTERFACECONFIGS command. To display option numbers. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value name N/A number N/A option number N/A Example --> dhcpclient interfaceconfig client1 delete requested option 1 See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION .

To display option numbers. use the DHCPCLIENT LIST INTERFACECONFIGS command. A number that identifies an option that is requested/required from the DHCP server by the DHCP client. To display client interface names. The following information are displayed: • Option identification number . To display client interface numbers. These options were set using the DHCPCLIENT INTERFACECONFIG ADD REQUESTED/REQUIRED OPTION commands. Option Description A name that identifies an existing DHCP client interface. use the DHCPCLIENT LIST INTERFACECONFIGS command. Default Value name N/A number N/A option number N/A Example --> dhcpclient interfaceconfig client1 delete sent option 1 See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS DHCPCLIENT INTERFACECONFIG ADD SENT OPTIONS DHCPCLIENT INTERFACECONFIG LIST REQUESTED OPTIONS Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} LIST REQUESTED OPTIONS Description This command lists the options that the DHCP client requests and/or requires from the DHCP server. A number that identifies an existing DHCP client interface. use the DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 239 DHCPCLIENT INTERFACECONFIG DELETE SENT OPTION Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>}DELETE SENT OPTION <option number> Description This command deletes a single option that was previously added to an interfaceconfig using the DHCPCLIENT INTERFACECONFIG ADD SENT OPTION command.

240 Chapter 10 – Dynamic Host Configuration Protocol . use the DHCPCLIENT LIST INTERFACECONFIGS command. use the DHCPCLIENT LIST INTERFACECONFIGS command. Options and their values are detailed in RFC2132.DHCP • Option identifier (name) • Requirement status . false for options added using the DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION command. A number that identifies an existing DHCP client interface. The following information are displayed: • Option identification number . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display client interface names.true for options that were added using the DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION command. To display client interface numbers. Default Value name N/A number N/A Example --> dhcpclient interfaceconfig client1 list requested options DHCP client requested options: client1 ID | Identifier | Is option required? -----|--------------------|--------------------1 | host-name | false 2 | domain-name | true -----------------------------------------------See also DHCPCLIENT INTERFACECONFIG ADD REQUESTED OPTION DHCPCLIENT INTERFACECONFIG ADD REQUIRED OPTION DHCPSERVER SUBNET ADD OPTION DHCPCLIENT INTERFACECONFIG LIST SENT OPTIONS Syntax DHCPCLIENT INTERFACECONFIG {<name>|<number>} LIST SENT OPTIONS Description This command displays a list of the options that the DHCP client sends to the DHCP server. Option Description A name that identifies an existing DHCP client interface. These options were set using the DHCPCLIENT INTERFACECONFIG ADD SENT OPTION command.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description A name that identifies an existing DHCP client interface. To display client interface numbers. Default Value name N/A number N/A Example --> dhcpclient interfaceconfig client1 list sent options DHCP client requested options: client1 ID | Identifier | Suggested value -----|--------------------|--------------------1 | host-name | vancouver 2 | domain-name | alliedtelesyn -----------------------------------------------See also DHCPCLIENT INTERFACECONFIG ADD SENT OPTIONS DHCPCLIENT INTERFACECONFIG CLEAR SENT OPTIONS DHCPSERVER SUBNET ADD OPTION DHCPCLIENT LIST INTERFACECONFIGS Syntax DHCPCLIENT LIST INTERFACECONFIGS Description This command lists the following information about existing DHCP client interfaces: • interface identification number • interface name • IP interface configured by the client interface • requested lease time (in seconds) • client identifier (if set) • Status of IP address auto-configuration (true or false) Example --> dhcpclient list interfaceconfigs DHCP Client Declarations: . A number that identifies an existing DHCP client interface. use the DHCPCLIENT LIST INTERFACECONFIGS command. use the DHCPCLIENT LIST INTERFACECONFIGS command.AT-RG 600 Residential Gateway – Software Reference Manual 241 • Option identifier (name) • Suggested value Options and their values are detailed in RFC2132. To display client interface names.

Auto-IP automatically configures an IP address when a DHCP client fails to contact a DHCP server and cannot obtain a lease.0 subnet is automatically created.DHCP Requested ID | Name | Interface | Lease Time | Client ID | AutoIP -----|------------|------------|------------|-------------------|-------1 | client1 | ip1 | 9000 | 00:11:22:33:44:5a | true See also DHCPCLIENT SHOW DHCPCLIENT SET INTERFACECONFIG REQUESTEDLEASETIME DHCPCLIENT SET INTERFACECONFIG CLIENTID DHCPCLIENT SET INTERFACECONFIG AUTOIP DHCPCLIENT SET BACKOFF Syntax DHCPCLIENT SET BACKOFF <backofftime> Description This command sets the global maximum time (in seconds) that a DHCP client interface will `back off' between issuing individual DHCP requests.0. use the DHCPCLIENT SHOW command. This prevents many clients trying to configure themselves at the same time. Option backofftime Description The maximum number of seconds that the DHCP client can pause for between unsuccessful DHCP negotiations. Default Value 120 Example --> dhcpclient set backoff 200 See also DHCPCLIENT SHOW DHCPCLIENT SET INTERFACECONFIG AUTOIP Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} AUTOIP {ENABLED | DISABLED} Description This command enables/disables IP address auto-configuration (Auto-IP). and ARP requests are issued for the suggested IP address. and sending too many requests at once. the legitimate lease will supersede the autoconfigured IP address. the DHCP client continues to check whether or not it can contact a DHCP server.242 Chapter 10 – Dynamic Host Configuration Protocol . If the client can contact a DHCP server and obtain a legitimate lease.254. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The address is abandoned if it already exists on the network or if any other host on the network issues an ARP probe for that IP address. To retrieve the current settings. Once an IP address has been automatically configured. . An IP address in the 169.

see http://www. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To retrieve the current settings.txt. use the DHCPCLIENT SHOW INTERFACECONFIG command. DHCPCLIENT SET INTERFACECONFIG CLIENTID Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} CLIENTID <clientid> Description This command sets a unique client identifier that the DHCP server uses to identify the client. use the DHCPCLIENT SHOW command. Default Value Name N/A . A number that identifies an existing DHCP client interface. use the DHCPCLIENT LIST INTERFACECONFIGS command. Note: Even if Auto-IP has been enabled using this command. use the DHCPCLIENT LIST INTERFACECONFIGS command. To display client interface numbers. use the DHCPCLIENT LIST INTERFACECONFIGS command. Option Description A name that identifies an existing DHCP client interface. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value name N/A number N/A ENABLED DISABLED enabled Example --> dhcpclient set interfaceconfig mycfg autoip enabled See also DHCPSERVER SUBNET ADD OPTION (see the specific example given for this command) For further information on the RFC standard for DHCP IP address autoconfiguration. Disables Auto-IP on a specified dhcp client. To display client interface names. Enables Auto-IP on a specified dhcp client.AT-RG 600 Residential Gateway – Software Reference Manual 243 To retrieve the current settings. To display client interface names.ietf. See the DHCPSERVER SUBNET ADD OPTION command. IP address autoconfiguration will not be carried out if a DHCP server on the same network does not allow it.org/rfc/rfc2563. Option Description A name that identifies an existing DHCP client interface.

use the DHCPCLIENT LIST INTERFACECONFIGS command. use the DHCPCLIENT LIST INTERFACECONFIGS command.22.44. A unique identifier that DHCP server can use to identify the client. use the DHCPCLIENT LIST INTERFACECONFIGS command.244 Chapter 10 – Dynamic Host Configuration Protocol . To display client interface numbers. For Microsoft DHCP servers.5a See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT SET INTERFACECONFIG DEFAULTROUTE Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} DEFAULTROUTE {ENABLED|DISABLED} Description This command enables/disables whether the DHCP client makes use of default gateway information received from a DHCP server. N/A Client id N/A Example --> dhcpclient set interfaceconfig client1 clientid 00:11. the client ID should be the MAC address of the system that DHCP is running on. Option Description A name that identifies an existing DHCP client interface. DHCP client uses default gateway information it receives from DHCP server. To display client interface numbers.DHCP number A number that identifies an existing DHCP client interface. by default the DHCP client will use default gateway information received from a DHCP server. DHCP client does not use default gateway information it receives from DHCP server. To display client interface names. Default Value name N/A number N/A ENABLED enabled DISABLED Example --> dhcpclient set interfaceconfig client1 defaultroute disabled . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). If no DHCP interfaceconfigs have been added to the system. For other DHCP servers. the client ID can be a MAC address or a text string such as the hostname. A number that identifies an existing DHCP client interface.33.

use the DHCPCLIENT LIST INTERFACECONFIGS command Enables the dhcpinform message type.AT-RG 600 Residential Gateway – Software Reference Manual 245 See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT SET INTERFACECONFIG DHCPINFORM Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} DHCPINFORM {ENABLED|DISABLED} Description This command enables/disables whether a DHCP client uses the dhcpinform message type. but wishes to obtain extra configuration parameters (such as NS servers or default gateway) from a DHCP server. the address has been manually configured or obtained through PPP/IPCP). Option Description A name that identifies an existing DHCP client interface. use the DHCPCLIENT SHOW INTERFACECONFIG command. To display client interface names. This DHCP message type is used whenever a client has obtained an IP address or subnet mask (for example. Disables the dhcpinform message type Default Value name N/A number N/A ENABLED disabled DISABLED Example --> dhcpclient set interfaceconfig client1 dhcpinform disabled See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT SET INTERFACECONFIG SERVER DHCPCLIENT SET INTERFACECONFIG DHCPSERVERPOOLSIZE Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} DHCPSERVERPOOLSIZE <pool size> Description This command tells a DHCP client to configure a DHCP server on the LAN if the . IP address and subnet mask will not be negotiated if this mode is selected. To retrieve the current settings. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the DHCPCLIENT LIST INTERFACECONFIGS command A number that identifies an existing DHCP client interface. To display client interface numbers.

the first address in the pool will be 192. The new DHCP server uses its lan IP address as the address to give out as the default gateway address.246 Chapter 10 – Dynamic Host Configuration Protocol . use the DHCPCLIENT LIST INTERFACECONFIGS command A number that identifies an existing DHCP client interface.102. Default Value name NA number NA pool size NA Example --> dhcpclient set interfaceconfig client1 dhcpserverpoolsize 20 See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT SET INTERFACECONFIG DHCPSERVERINTERFACE Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} DHCPSERVERINTERFACE <interface name> Description This command allows the user to specify an existing IP interface on which the automatically configured DHCP server can be created. To retrieve the current settings.168.3. If the interface name does not correspond with an existing IP interface. . use the DHCPCLIENT LIST INTERFACECONFIGS command The number of DHCP client addresses in a pool. To display client interface numbers.102. For example. if the LAN DHCP address is 192.168. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). the DHCP server will be placed on the first LAN interface that it finds. use the DHCPCLIENT SHOW INTERFACECONFIG command. To display client interface names. Information such as DNS server addresses can then be distributed to LAN clients.4. Option Description A name that identifies an existing DHCP client interface.DHCP given address pool size is set to a number greater than 0. The first address in the pool is the address immediately after the LAN DHCP address. the DHCPSERVERPOOLSIZE is set to 20 hosts. Note: When the DHCP server is automatically configured. The LAN DHCP server is configured using parameters received by a DHCP client interface on the WAN.

Default Value name N/A . If no DHCP interfaceconfigs have been added to the system. To retrieve the current settings. To display client interface numbers. Option Description A name that identifies an existing DHCP client interface. use the DHCPCLIENT LIST INTERFACECONFIGS command The name that identifies an existing IP interface. use the DHCPCLIENT LIST INTERFACECONFIGS command A number that identifies an existing DHCP client interface. To display IP interface names. To display client interface names. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). by default the DHCP client will not pass DNS server addresses to the DNS client. use the DHCPCLIENT SHOW INTERFACECONFIG command. To display client interface names. use the IP LIST INTERFACES command Default Value name NA number NA interface name NA Example --> dhcpclient set interfaceconfig client1 dhcpserverinterface ip2 See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT SET INTERFACECONFIG DHCPSERVERPOOLSIZE DHCPCLIENT SET INTERFACECONFIG GIVEDNSTOCLIENT Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} GIVEDNSTOCLIENT {ENABLED|DISABLED} Description This command enables/disables whether a DHCP client passes received DNS server addresses to the DNS client. use the DHCPCLIENT SHOW INTERFACECONFIG command. use the DHCPCLIENT LIST INTERFACECONFIGS command.AT-RG 600 Residential Gateway – Software Reference Manual 247 To retrieve the current settings. Option Description A name that identifies an existing DHCP client interface.

N/A ENABLED disabled DISABLED Example --> dhcpclient set interfaceconfig client1 givednstoclient disabled See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT SET INTERFACECONFIG GIVEDNSTORELAY Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} GIVEDNSTORELAY {ENABLED|DISABLED} Description This command enables/disables whether a DHCP client passes received DNS server addresses to the DNS relay. To display client interface numbers. To retrieve the current settings. use the DHCPCLIENT LIST INTERFACECONFIGS command. Option Description A name that identifies an existing DHCP client interface. DHCP client passes learnt DNS server addresses to the DNS relay. DHCP client does not pass learnt DNS server addresses to the DNS relay. To display client interface names.DHCP number A number that identifies an existing DHCP client interface. To display client interface numbers. use the DHCPCLIENT LIST INTERFACECONFIGS command.248 Chapter 10 – Dynamic Host Configuration Protocol . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). DHCP client passes learnt DNS server addresses to the DNS client. If no DHCP interfaceconfigs have been added to the system. use the DHCPCLIENT LIST INTERFACECONFIGS command. Default Value name N/A number N/A ENABLED enabled DISABLED Example --> dhcpclient set interfaceconfig client1 givednstorelay disabled . by default the DHCP client will pass DNS server addresses to the DNS relay. use the DHCPCLIENT SHOW INTERFACECONFIG command. A number that identifies an existing DHCP client interface. DHCP client does not pass learnt DNS server addresses to the DNS client.

A name that identifies an existing IP interface. To display client interface names. . To display interface names. use the DHCPCLIENT LIST INTERFACECONFIGS command. The client interface can only set the IP configuration if the IP interface has DHCP enabled. The DHCP server must have 'allowunknownclients' enabled in order to work with DHCP clients that are not specifically named in DHCP server configuration or its lease database. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the DHCPCLIENT LIST INTERFACECONFIGS command. Options The following table gives the range of values for each option which can be specifie d with this command and a default value (if applicable). use the IP LIST INTERFACES command.AT-RG 600 Residential Gateway – Software Reference Manual 249 See also DHCPCLIENT LIST INTERFACECONFIGS DHCPCLIENT SET INTERFACECONFIG INTERFACE Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} INTERFACE <ipinterface> Description This command sets the IP interface that will have its configuration set by the DHCP client interface. using the IP SET INTERFACE DHCP command. Default Value name N/A number N/A ipinterface N/A Example --> dhcpclient set interfaceconfig client1 interface ip2 See also DHCPCLIENT LIST INTERFACECONFIGS IP LIST INTERFACES IP SET INTERFACE DHCP DHCPCLIENT SET INTERFACECONFIG NOCLIENTID Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} NOCLIENTID Description This command deletes a client identifier from a DHCP client. The interface must have DHCP enabled. Option Description A name that identifies an existing DHCP client interface. To display client interface numbers. A number that identifies an existing DHCP client interface.

The lease time (in seconds) that a DHCP client requests from the DHCP server. To display client interface numbers. The DHCP server will `cap' a requested lease time if it is too large. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). A number that identifies an existing DHCP client interface.250 Chapter 10 – Dynamic Host Configuration Protocol . To display client interface names. use the DHCPCLIENT LIST INTERFACECONFIGS command. Option Description A name that identifies an existing DHCP client interface. use the DHCPCLIENT LIST INTERFACECONFIGS command. use the DHCPCLIENT LIST INTERFACECONFIGS command. Default Value name N/A number N/A Example --> dhcpclient set interfaceconfig client1 noclientid See also DHCPCLIENT SET INTERFACECONFIG CLIENTID DHCPSERVER SET ALLOWUNKNOWNCLIENTS DHCPCLIENT SET INTERFACECONFIG REQUESTEDLEASETIME Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} REQUESTEDLEASETIME <requestedleasetime> Description The DHCP client requests a specific lease time from the DHCP server for the allocated IP addresses. To display client interface names. A number that identifies an existing DHCP client interface. This command determines the length of lease time requested.DHCP Option Description A name that identifies an existing DHCP client interface. To display client interface numbers. use the DHCPCLIENT LIST INTERFACECONFIGS command. Default Value name N/A number N/A requested lease time 86400 Example --> dhcpclient set interfaceconfig client1 requestedleasetime 70000 See also DHCPCLIENT LIST INTERFACECONFIGS DHCPSERVER SET MAXLEASETIME DHCPSERVER SET DEFAULTLEASETIME .

If the first unicast fails. it tries to reacquire the last address that it had. use the dhcpclient list interfaceconfigs command The IP address of a DHCP server that DHCP client can use to obtain configuration parameters.168.101..168. this command will unicast the first DHCPINFORM message to the specific DHCP server at the specified IP address.AT-RG 600 Residential Gateway – Software Reference Manual 251 DHCPCLIENT SET INTERFACECONFIG SERVER Syntax DHCPCLIENT SET INTERFACECONFIG {<name>|<number>} SERVER <ipaddress> Description If DHCPCLIENT SET DHCPINFORM has been set to enabled. The IP address is displayed in the following format: 192.3 Default Value name NA number NA ipaddress NA Example --> dhcpclient set interfaceconfig client1 server 192. Option Description Default Value . To display client interface numbers. use the DHCPCLIENT SHOW command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). At the expiry of this time.102. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). A number that identifies an existing DHCP client interface. This command sets the time for which the client tries to reacquire its last address.2 See also DHCPSERVER SET INTERFACECONFIG DHCPINFORM DHCPCLIENT SET REBOOT Syntax DHCPCLIENT SET REBOOT <reboottime> Description When the DHCP client is restarted. the DHCPINFORM will default to broadcasting its messages. use the dhcpclient list interfaceconfigs command. Option Description A name that identifies an existing DHCP client interface. To display client interface names. To retrieve the current settings. it gives up and tries to discover a new address.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To retrieve the current settings.DHCP reboottime The time (in seconds) for which a client tries to reacquire the last IP address it had. Option Description The time (in seconds) that must pass after the client has determined that no DHCP server is present before it tries again to contact a DHCP server. 10 Example --> dhcpclient set reboot 5 DHCPCLIENT SET RETRY Syntax DHCPCLIENT SET RETRY <retrytime> Description This command sets the time that must pass after the client has determined that no DHCP server is present before it tries again to contact a DHCP server.252 Chapter 10 – Dynamic Host Configuration Protocol . Default Value retrytime 300 Example --> dhcpclient set retry 150 DHCPCLIENT SHOW Syntax DHCPCLIENT SHOW Description This command displays the following global configuration information about DHCP client: • reboot time • retry time • maximum backoff time Example --> dhcpclient show Global DHCP Client Configuration: Reboot time: 10 Retry time: 300 Max. After this time the client gives up and tries to discover a new address. backoff time: 120 See also DHCPCLIENT SET REBOOT DHCPCLIENT SET RETRY DHCPCLIENT SET BACKOFF . use the DHCPCLIENT SHOW command.

Changes made to the client configuration are not actually applied until this command has been entered. Reset imminent. . Example --> dhcpclient update dhcpclient: Reset request acknowledged.AT-RG 600 Residential Gateway – Software Reference Manual 253 DHCPCLIENT UPDATE Syntax DHCPCLIENT UPDATE Description This command updates the DHCP client configuration.

0 See also DHCPSERVER LIST SUBNETS DHCPRELAY UPDATE DHCPRELAY CLEAR SERVERS Syntax DHCPRELAY CLEAR SERVERS . configure and manage DHCP Relay module. The relay can store a maximum of 10 DHCP server addresses. AT-RG623 and AT-RG656 Residential Gateway to enable.g 192.168.252. Any new server IP addresses added are not actually used until the DHCPRELAY UPDATE command has been entered. Option Description The IP address of a DHCP server that DHCP relay can use. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).102.197.254 Chapter 10 – Dynamic Host Configuration Protocol . DHCP relay CLI commands The table below lists the DHCP relay commands provided by the CLI: Command DHCPRELAY ADD SERVER DHCPRELAY CLEAR SERVERS DHCPRELAY DELETE SERVER DHCPRELAY ENABLE|DISABLE DHCPRELAY LIST SERVERS DHCPRELAY SHOW DHCPRELAY UPDATE DHCPRELAY ADD SERVER Syntax DHCPRELAY ADD SERVER <ipaddress> Description This command adds the IP address of a DHCP server to the DHCP relay's list of server IP addresses.DHCP DHCP Relay Command Reference This section describes the commands available on the AT-RG613.3) Default Value ipaddress N/A Example --> dhcprelay add server 239. The IP address is displayed in the IPv4 format (e.

AT-RG 600 Residential Gateway – Software Reference Manual 255 Description This command deletes all DHCP server IP addresses stored in DHCP relay's list of server IP addresses. Option Description A number that identifies the DHCP server in the DHCP relay’s list of servers. Note: DHCP relay and DHCP server cannot be enabled at the same time. DHCP relay must be enabled in order to carry out any DHCP relay configuration. Default Value enable Example --> dhcprelay enable . Default Value number N/A Example --> dhcprelay delete server 3 See also DHCPRELAY LIST SERVERS DHCPRELAY CLEAR SERVERS DHCPRELAY ENABLE|DISABLE Syntax DHCPRELAY {ENABLE|DISABLE} Description This command enables/disables DHCP relay. Trying to configure DHCP relay when DHCP server is enabled results in CLI warning message. Disables configuration of DHCP relay. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option ENABLE DISABLE Description Enables configuration of DHCP relay. Example --> dhcprelay clear servers See also DHCPRELAY DELETE SERVER DHCPRELAY DELETE SERVER Syntax dhcprelay delete server <number> Description This command deletes a single DHCP server address stored in the DHCP relay's list of server IP addresses. To display server numbers. use the DHCPRELAY LIST SERVERS command.

Reset imminent.0 -----------------------See also DHCPSERVER LIST SUBNETS DHCPRELAY SHOW Syntax DHCPRELAY SHOW Description This command tells you whether DHCP relay is enabled or disabled.197. Example --> dhcprelay list servers DHCP Servers: ID | IP Address -----|-----------------1 | 192.102.252. Changes made to the relay configuration will not take effect until this command has been entered. Example --> dhcprelay show server Global DHCP Relay Configuration: Status: ENABLED See also DHCPRELAY ENABLE|DISABLE DHCPRELAY UPDATE Syntax DHCPRELAY UPDATE Description This command updates the DHCP relay configuration.256 Chapter 10 – Dynamic Host Configuration Protocol .3 2 | 239.168. .DHCP See also DHCPSERVER ENABLE|DISABLE DHCPRELAY LIST SERVERS Syntax DHCPRELAY LIST SERVERS Description This command displays the DHCP relay's list of DHCP server IP addresses with their identification numbers. Example --> dhcprelay update dhcprelay: Reset request acknowledged.

For example. Figure 12. However. such as the Internet. a system for naming computers and network services that is organized into a hierarchy of domains. When a user enters a DNS name in an application. A friendly name can be easier to learn and remember. The following graphic shows a basic use of DNS. Domain Name System . computers communicate over a network by using numeric addresses. you have used DNS. If you have ever used a Web browser. to locate computers and services through user-friendly names. which is finding the IP address of a computer based on its name.com” to locate a computer such as a mail or web server on a network. most users prefer a friendly name such as “alliedtelesyn.AT-RG 600 Residential Gateway – Software Reference Manual 257 Chapter 11 Domain Name System -DNS Introduction DNS is an abbreviation for Domain Name System. DNS naming is used in TCP/IP networks. such as an IP address. DNS services can resolve the name to other information associated with the name. To make use of network resources easier. name services such as DNS provide a way to map the user-friendly name for a computer or service to its numeric address.

a client computer queries a server. to use this function you must add DNS server addresses that will be used by the Residential Gateway ONLY for its own lookups. devices on the LAN can treat the Residential Gateway as though it were the DNS Server.DNS In this example. DNS Relay The AT-RG613. The DNS relay does not bind itself to any one specific interface or interface type. which is a host (A) resource record that contains the IP address information for host. When DNS relay will receive a DNS request it will check if the answer to this request is in this file and in this case it will answer to the question.alliedtelesyn. The example shows a simple DNS query between a single client and server.258 Chapter 11 – Domain Name System .com. In practice. It is possible to nominate both a primary and a secondary DNS server to contact. but rather will listen for traffic on all available IP interfaces. AT-RG623 and AT-RG656 can act as a DNS relay. It relies on the well-known UDP and TCP port number for a DNS server (port number 53) for receiving DNS traffic. It's also possible write a file named "dnsrelaylandb" with information about host attributes and a domain name and IP address mask.com as its DNS domain name. it replies with an answer containing the requested information.alliedtelesyn. Because the server is able to answer the query based on its local database. DNS queries can be more involved than this and include additional steps not shown here. . DNS packets which arrive at the Residential Gateway. asking for the IP address of a computer configured to use host. DNS Client AT-RG613. AT-RG623 and AT-RG656 are provided with an internal DNS client. Only the Residential Gateway needs to know the address of the real DNS Server looking into it's internal DNS Relay servers list. DNS responses received from the server are then forwarded back to the original host making the DHCP request. if it hasn’t enough information it will forward the request to a DNS server. So. In this way. It's possible configure the DHCP server running on the internal Residential Gateway's IP interface in order to offer the IP address of it's internal IP interface as DNS server's IP address for the internal hosts DNS requests. addressed to the Residential Gateway. Both UDP and TCP DNS requests are supported. will be relayed on to a known DNS Server.

The IP address is displayed in the IPv4 format (e. DNS Relay CLI commands The table below lists the dnsrelay commands provided by the CLI: Command dnsrelay add server dnsrelay clear cache dnsrelay clear landatabase dnsrelay clear servers dnsrelay delete server dnsrelay list servers dnsrelay set landatabasefile dnsrelay show lanaddress dnsrelay show landomainnam dnsrelay show landatabasefilename DNSRELAY ADD SERVER Syntax DNSRELAY ADD SERVER <ip-address> Description This command adds the IP address of a DNS server to DNS relay's list of server IP addresses.168.g.0. The relay can store a maximum of 10 DNS server addresses. AT-RG623 and AT-RG656 Residential Gateway to enable.102.17.AT-RG 600 Residential Gateway – Software Reference Manual 259 DNS Relay Command Reference This section describes the commands available on the AT-RG613.90.3) Default Value 0.0 Example --> dnsrelay add server 10.100 See also DNSRELAY LIST SERVERS DNSRELAY CLEAR CACHE Syntax DNSRELAY CLEAR CACHE . configure and manage the DNS Relay module.0. 192. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option ip-address Description The IP address of a DNS server that DNS relay can use.

use the DNSRELAY LIST SERVERS command Default Value id. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display server numbers.260 Chapter 11 – Domain Name System . DNS relay has a small local cache of DNS entries to increase performance for lookups of frequently used destinations. Example --> dnsrelay clear cache DNSRELAY CLEAR LANDATABASE Syntax DNSRELAY CLEAR LANDATABASE Description This command clears the DNS relay LAN database that was set using the DNSRELAY SET LANDATABASEFILE command.DNS Description This command clears the DNS relay cache in the current session.number N/A . Example --> dnsrelay clear landatabase See also DNSRELAY SET LANDATABASEFILE DNSRELAY SHOW LANDATABASEFILENAME DNSRELAY CLEAR SERVERS Syntax DNSRELAY CLEAR SERVERS Description This command deletes all DNS server IP addresses stored in DNS relay's list of server IP addresses. Example --> dnsrelay clear servers See also DNSRELAY DELETE SERVER DNSRELAY DELETE SERVER Syntax DNSRELAY DELETE SERVER <id-number> Description This command deletes a single DNS server address stored in DNS relay's list of server IP addresses. Option Description A number that identifies the DNS server in the DNS relay list.

The file is an ASCII file that you have created and stored in the ISFS configuration file. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Your LAN then has its own small DNS relay local database. Example --> dnsrelay list servers DNS Relay Servers: ID | IP Address -----|-----------------1 | 239.197. The landatabase file contains the following: • information about local host names and IP addresses • the domain name that the relay should use • the IP address and netmask that the relay should use Once the filename is set. Default Value N/A Example --> dnsrelay set landatabasefile dnsrelaylandb See also DNSRELAY SHOW LANDATABASEFILENAME .AT-RG 600 Residential Gateway – Software Reference Manual 261 Example --> dnsrelay delete server 3 See also DNSRELAY LIST SERVERS DNSRELAY LIST SERVERS Syntax DNSRELAY LIST SERVERS Description This command displays the DNS relay's list of DNS server IP addresses with their identification numbers.0 ------------------------ DNSRELAY SET LANDATABASEFILE Syntax DNSRELAY SET LANDATABASEFILE <filename> Description This command tells DNS relay which filename it should load its local database from. DNS relay will load this database and use it to answer requests for local host names and/or IP addresses. Option filename Description The name of an existing file that contains a database of LAN host names and IP addresses.252.

DNS DNSRELAY SHOW LANADDRESS Syntax DNSRELAY SHOW LANADDRESS Description This command displays the IP address and subnet mask that the DNS relay uses to determine if a query is for an element of the local database. Example --> dnsrelay show landatabasefilename LAN Database File Name: //isfs/dnsrelaylandb Example --> domain_name yourdomain.0 LAN IP Mask: 255.yourdomain.255. The second example shows the LANDATABASEFILENAME content. lan_address 172.0 lan_mask 255.15 See also DNSRELAY SET LANDATABASEFILE .262 Chapter 11 – Domain Name System . Example --> dnsrelay show lanaddress LAN IP Address: 172. Example --> dnsrelay show landomainname LAN Domain Name: atkk.com.10 host_name host1.255.39.yourdomain. address 172.com.com.200.39.0 See also DNSRELAY SHOW LANDOMAINNAME DNSRELAY SHOW LANDOMAINNAME Syntax DNSRELAY SHOW LANDOMAINNAME Description This command displays the domain name used by the DNS relay to determine if a host name request is for the local database.10. These information are in collected in the LANDATABASEFILENAME file.255. address 172.10.10.0 host_name host1.255.com See also DNSRELAY SHOW LANADDRESS DNSRELAY SHOW LANDATABASEFILENAME Syntax DNSRELAY SHOW LANDATABASEFILENAME Description This command displays the name of the file that was set using the DNSRELAY SET LANDATABASEFILENAME command.16. These information are in collected in the LANDATABASEFILENAME file.39.

AT-RG623 and AT-RG656 Residential Gateway to enable.com DNSCLIENT ADD SERVER Syntax DNSCLIENT ADD SERVER <ipaddress> Description This command adds a server IP address to the server list. Default Value searchstring N/A Example --> dnsclient add searchdomain alliedtelesyn. but specifies an incomplete domain name for the host. Option Description A search string used to find the IP address for an incomplete domain name. DNS Client CLI commands The table below lists the DNSCLIENT commands provided by the CLI: Command dnsclient add searchdomain dnsclient add server dnsclient clear searchdomains dnsclient clear servers dnsclient delete searchdomain dnsclient delete server dnsclient list searchdomains dnsclient list servers DNSCLIENT ADD SEARCHDOMAIN Syntax DNSCLIENT ADD SEARCHDOMAIN <searchstring> Description This command creates a domain search list. configure and manage the DNS Client module.AT-RG 600 Residential Gateway – Software Reference Manual 263 DNS Client Command Reference This section describes the commands available on the AT-RG613. The search string specified replaces any previous search strings added previously using this command. The DNS client uses this list when a user asks for the IP address of a host. You can have a maximum of 6 incomplete domain names in the search string. This enables you to retrieve a domain name for a given IP address. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). .

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).219.168. You can add a maximum of 3 addresses to the server list. Option searchstring Description A number that identifies a search string used to find the IP address for an Default Value N/A . Example --> dnsclient clear servers See also DNSCLIENT ADD SEARCHDOMAIN DNSCLIENT DELETE SERVER DNSCLIENT DELETE SEARCHDOMAIN Syntax DNSCLIENT DELETE SEARCHDOMAIN <searchstring> Description This command deletes a single domain name from the domain search list.102. Example --> dnsclient clear searchdomains See also DNSCLIENT ADD SEARCHDOMAIN DNSCLIENT DELETE SEARCHDOMAIN DNSCLIENT CLEAR SERVERS Syntax DNSCLIENT CLEAR SERVERS Description This command deletes all the server IP addresses to the server list.264 Chapter 11 – Domain Name System .DNS Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The IP address is displayed in the following format: 192.3 Default Value ipaddress N/A Example --> dnsclient add server 192. Option Description The IP address of the server that has an unknown domain name.168.196 DNSCLIENT CLEAR SEARCHDOMAINS Syntax DNSCLIENT CLEAR SEARCHDOMAINS Description This command deletes all domain names from the domain search list.

To list domain search strings. but specifies an incomplete domain name for the host. use the DNSCLIENT LIST SEARCHDOMAINS command. Example --> dnsclient delete searchdomain 1 DNSCLIENT DELETE SERVER Syntax DNSCLIENT DELETE SERVER <number> Description This command deletes a single server IP addresses from the server list. The DNS client uses this list to retrieve a domain name for a given IP address. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).com --------------------------- DNSCLIENT LIST SERVERS Syntax DNSCLIENT LIST SERVERS Description This command lists the server IP addresses that you have added to the DNS client using the DNSCLIENT ADD SERVER command. Option Description The server number that identifies an IP address of the server that has an unknown domain name. To display server numbers. Example --> dnsclient list searchdomains ID | Domain -----|--------------------1 | alliedtelesyn. The DNS client uses this list when a user asks for the IP address of a host. Example --> dnsclient list servers DNS Client Servers: .AT-RG 600 Residential Gateway – Software Reference Manual 265 incomplete domain name. Default Value number N/A Example --> dnsclient delete server 1 DNSCLIENT LIST SEARCHDOMAINS Syntax DNSCLIENT LIST SEARCHDOMAINS Description This command lists the domain search strings that you have added to the DNS client using the DNSCLIENT ADD SEARCHDOMAIN command. use the DNSCLIENT LIST SERVERS command.

266 Chapter 11 – Domain Name System .1 ------------------------ .100.DNS ID | IP Address ----|-----------------1 | 192.168.100.7 2 | 192.168.

but sends no reply o . organize and adjust the time-synchronization of the local system. at most. provides a complete and simplified method to access international timeservers to receive. The SNTP client described herein is a scaled down version of the Network Time Protocol (NTP) which is specified in RFC 1305. AT-RG623 and AT-RG656 Residential Gateway: • Boot time and runtime synchronization of the system clock can both be configured. The client is configured to listen. Also. a request for time synchronization and expects a reply only from that particular server. Broadcast /Multicast Mode .A multicast NTP server periodically transmits a message to the local subnet broadcast address. which is described in RFC 2030. The client then configures itself based on this information. a single (S)NTP server. AT-RG623 and AT-RG656 system clock to global sources of time-based information using UDP. SNTP Version 4 clients include an “anycast” mode in addition to unicast and broadcast access modes not available in past versions of NTP/SNTP clients SNTP Features The following feature are available on then AT-RG613.AT-RG 600 Residential Gateway – Software Reference Manual 267 Chapter 12 SNTP The SNTP Version 4 client is an OSI Layer 7 application that allows the synchronization of the AT-RG613. • SNTP in the AT-RG613. located at a specific previously configured address. and receives the synchronized timebased information. The main difference between an SNTP and an NTP client is the fact that most SNTP clients will interact with.The SNTP client sends to a server. AT-RG623 and AT-RG656 system can function in one of three transfer modes: o Unicast Mode . Its detailed implementation.

The SNTP client mode session uses the standard remote UDP port 123 for all data transfers. Therefore. there is no mechanism for the automatic change to/from a standard time/daylight savings time.a. Any other server responses that are received by the client afterwards are ignored. the client will not automatically adjust the time or time zone to US Eastern Standard Time (-5h UTC) on any new time synchronization. A manual time zone configuration change from the user is needed to handle this transition. One or several anycast SNTP servers can respond with an individual timestamp and a unicast address. it sends out a sync request to a local subnet broadcast address. Time Zones and Daylight Savings (Summer Time) Conversion Although Daylight Savings (a. • Automatic periodic timeserver polling is configurable. The client subsequently binds to the first response it receives and continues its operations in a unicast mode with that particular server. Summer Time) time zones are configurable using the SNTP client. For example. • 64 local time zones (which include summertime /daylight savings time) configurations are supported (see [10]). Port 123 will be used in both the Source Port and Destination Port fields of the UDP header. . if the client configures the system time for EDT (US Eastern Daylight Time) which is –4h UTC.k. • Configuration of packet timeouts and retry transmissions is supported.268 Chapter 12 – SNTP o Anycast Mode – When the client is configured in anycast mode. • Getting NTP Time Server IP Addresses via DNS lookup can be used. and a time change date arrives. the user must manually configure the local time zone when the change in standard time occurs.

AT-RG623 and ATRG656 residential Gateway to enable. Example The following command sets the system clock to 11:10:13pm. SNTP CLI commands The table below lists the SNTPCLIENT commands provided by the CLI: Command SNTPCLIENT SET CLOCK SNTPCLIENT SET MODE SNTPCLIENT SET POLL-INTERVAL SNTPCLIENT SET RETRIES SNTPCLIENT SET SERVER SNTPCLIENT SET TIMEOUT SNTPCLIENT SET TIMEZONE SNTPCLIENT SHOW ASSOCIATION SNTPCLIENT SET CLOCK Syntax SNTPCLIENT SET CLOCK <yyyy:mm:dd:hh:mm:ss> Description This command sets the system clock to a specific time and date. The SNTP client attempts to contact the specific server in the association in order to receive a timestamp when the sntpclient sync command is issued. and each mode can be separately enabled or disabled: • Unicast mode • Enable . configure and manage SNTP module.AT-RG 600 Residential Gateway – Software Reference Manual 269 SNTP Command Reference This section describes the commands available on AT-RG613. There are three modes to choose from. . • Disable .the unicast server is removed from the association list. This command can be used as an alternative to synchronizing the local system clock via internal or external timeservers.the mode sends unicast messages to the IP address or hostname in the SNTP server association list. 2nd November 2001: --> sntpclient set clock 2001:11:02:23:10:13 SNTPCLIENT SET MODE Syntax SNTPCLIENT SET MODE {UNICAST|BROADCAST|ANYCAST} {ENABLE|DISABLE} Description This command enables/disables a particular access mode for the STNP client.

stops synchronization via anycast mode.stops synchronization via broadcast mode. Default Value N/A N/A N/A N/A N/A BROADCAST ANYCAST ENABLE DISABLE Example --> sntpclient set mode anycast enable See also SNTPCLIENT SET SERVER SNTPCLIENT SET POLL-INTERVAL Syntax SNTPCLIENT SET POLL-INTERVAL <0-30> Description This command sets the SNTP client to automatically send a time synchronization request (specific to the mode) to the network at a specific interval. The client then uses the first reply it receives to establish a link for future sync operations in unicast mode.270 Chapter 12 – SNTP • Broadcast mode • Enable . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Enables the selected time synchronous access mode. The server learnt by the anycast process takes precedence over any entries currently in the associations list when the sntpclient sync command is issued. • Disable . the polling mechanism will be disabled. If the pollinterval is set to 0. • Disable . Sets the time synchronous access mode to use the broadcast server. . Option UNICAST Description Sets the time synchronous access mode to use the unicast server.the SNTP client sends time synchronized broadcast packets to the network and subsequently expects a reply from a valid timeserver.allows the SNTP client to accept time synchronization broadcast packets from an SNTP server located on the network. • Anycast mode • Enable . Enables the selected time synchronous access mode. Sets the time synchronous access mode to use the anycast server. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The client ignores any later replies from other servers after the first one is received. This server will then be added to the server association list. and updates the local system time accordingly.

AT-RG 600 Residential Gateway – Software Reference Manual 271 Option 0-30 Description Sets the polling interval (in minutes) that SNTP client will send a time sync request. up to the number of retries specified in this command. If the client receives no reply to its sync requests. You can set the server by specifying either the IP address or the hostname. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The hostname of the dedicated unicast server that SNTP can use to synchronize its time. it willcontinue sending request packets at a fixed interval (set by the SNTPCLIENT SET TIMEOUT command). Default Value 0 (disabled) Example --> sntpclient set poll-interval 10 SNTPCLIENT SET RETRIES Syntax SNTPCLIENT SET RETRIES <0-10> Description This command sets the number of retry attempts that will be made when no response is received from a timeserver. This can be any value between 0 and 30. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value 2 Example --> sntpclient set retries 4 See also SNTPCLIENT SET TIMEOUT SNTPCLIENT SET SERVER Syntax SNTPCLIENT SET SERVER {IPADDRESS <ipaddress> | HOSTNAME <hostname>} Description This command sets the dedicated unicast server with which the SNTP client can synchronize its time. Default Value N/A hostname N/A . Option ipaddress Description The IP address of the dedicated unicast server that SNTP can use to synchronize its time. Option 0-10 Description Sets the number of packet retry attempts made when no response is received from a timeserver.

15. The table also contains the difference in time (in hours and minutes) from the UTC. If a response is not received within the time specified by this command.6.28 hostname --> sntpclient set server hostname time-a. Options The following table gives the 64 time zone abbreviations that you can use in this command. Default Value 5 seconds Example --> sntpclient set timeout 10 See also SNTPCLIENT SET RETRIES SNTPCLIENT SET TIMEZONE Syntax SNTPCLIENT SET TIMEZONE <abbreviation> Description This command sets the local time zone. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). or the cycle has been repeated for the number of times specified in the SNTPCLIENT SET RETRIES command.nist. Option 0-30 Description Sets the received packet response timeout value (in seconds). and a description of the area of the world (from west to east) where the time difference is calculated from: Abbreviation IDLW NT + UTC -1200 -1100 World Area of Time Zone International Date Line West Nome . This cycle will continue until either a reply is received. 64 of the worlds most prominent time zones are represented (including both standard times and summer/daylight saving times).gov SNTPCLIENT SET TIMEOUT Syntax SNTPCLIENT SET TIMEOUT <0-30> Description This command sets the received packet response timeout value (in seconds) upon sync request initiation. the client will resend the request. The timezone is represented by one of the abbreviations given in a table below. This can be any value between 0 and 30. Setting the timeszonecan configure the local system to be up to + 13 hours different from Universal Time Coordinate (UTC).272 Chapter 12 – SNTP Examples IP address --> sntpclient set server ipaddress 129.

AT-RG 600 Residential Gateway – Software Reference Manual 273 HST AKST YST YDT PST PDT MST MDT CST CDT EST EDT AST NFST NFT BRA ADT NDT AT WAT GMT UTC WET CET FWT MET MEWT SWT BST EET FST MEST SST IST -1000 -0900 -0900 -0800 -0800 -0700 -0700 -0600 -0600 -0500 -0500 -0400 -0400 -0330 -0330 -0300 -0300 -0230 -0200 -0100 +0000 +0000 +0000 +0100 +0100 +0100 +0100 +0100 +0100 +0200 +0200 +0200 +0200 +0200 Hawaii Standard Alaska Standard Yukon Standard Yukon Daylight US Pacific Standard US Pacific Daylight US Mountain Standard US Mountain Daylight US Central Standard US Central Daylight US Eastern Standard US Eastern Daylight Atlantic Standard Newfoundland Standard Newfoundland Brazil Standard Atlantic Daylight Newfoundland Daylight Azores West Africa Greenwich Mean Universal (Coordinated) Western European Central European French Winter Middle European Middle European Winter Swedish Winter British Summer Eastern Europe French Summer Middle European Summer Swedish Summer Israeli Standard .

which is five hours earlier than UTC (-0500): --> sntpclient set timezone EST SNTPCLIENT SHOW ASSOCIATION Syntax SNTPCLIENT SHOW ASSOCIATION Description This command lists the server being used by the SNTP client and displays whether or not the client is currently synchronized with this server.274 Chapter 12 – SNTP IDT BT IT USZ3 USZ4 INST USZ5 NST WAST USZ6 JT CCT WADT ROK KST JST CAST KDT EAST GST CADT EADT IDLE NZST NZT NZDT +0300 +0300 +0330 +0400 +0500 +0530 +0600 +0630 +0700 +0700 +0730 +0800 +0800 +0900 +0900 +0900 +0930 +1000 +1000 +1000 +1030 +1100 +1200 +1200 +1200 +1300 Israeli Daylight Baghdad Iran Russian Volga Russian Ural Indian Standard Russian West-Siberian North Sumatra West Australian Standard Russian Yenisei Java China Coast West Australian Daylight Korean Standard Korean Standard Japan Standard Central Australian Standard Korean Daylight Eastern Australian Standard Guam Standard Central Australian Daylight Eastern Australian Daylight International Date Line East New Zealand Standard New Zealand New Zealand Daylight Example In the example below. . the time zone is set to Unites States Eastern Standard Time.

2342 second(s) Server Reference ID: GPS.28 ** Local clock synchronized with this server. Eastern Daylight Time Time Difference +-VTC: -4:00 Precision: 1/16384 of a second Root Dispersion: +0.gov ** Local clock synchronized with this server.nist. 2001 . Round Trip Delay: 2 second(s) Local Clock Offset: -1 second(s) Resync Poll Interval 15 minute(s) Packet Retry Timeout: 5 seconds Packet Retry Attempts: 3 See also SNTPCLIENT SHOW ASSOCIATION SNTPCLIENT SYNC Syntax SNTPCLIENT SYNC Description This command forces the SNTP client to immediately synchronize the local time with the server located in the association list (if unicast) or. hostname --> sntpclient show association Time Reference Server Hostname: time-a. Example --> sntpclient sync See also SNTPCLIENT SET SERVER . if anycast is enabled. initiate an anycast sequence.6. Example --> sntpclient show status Clock Synchronized TRUE SNTP Standard Version Number: 4 SNTP Mode(s) Configured: Unicast Broadcast Local Time: Tuesday.AT-RG 600 Residential Gateway – Software Reference Manual 275 Examples IP address --> sntpclient show association Time Reference Server IP address: 129. 28 Aug. See also SNTPCLIENT SET SERVER SNTP SHOW STATUS Syntax SNTPCLIENT SHOW STATUS Description This command displays the SNTP client status information.14:39:25 Local Timezone: EDT.15.

Thus. a router or server receiving a request via PPP where the origin of the request is not secure. it was necessary to create a protocol that could transmit TCP/IP packets over serial lines. This authentication is part of PPP. When serial links that are part of the public telephone system are used. To this end PPP incorporates user name and password security. To make TCP/IP work over these serial links. PPP is used by Internet Service Providers (ISPs) to allow dial-up users to connect to the Internet. and is appropriately called PPP over Ethernet (PPPoE). PPP is generally used by Internet Service Providers (ISPs) to allow dial-up users to connect to the Internet.276 Chapter 13 – PPPoE Chapter 13 PPPoE Telecommunications companies offer serial communications links around the globe right now and have done so for many years. PPP has now been adapted to Ethernet. Because of its ability to route TCP/IP packets over serial links and its authentication capabilities. users are often confused as to why one would want to use PPP over Ethernet at all. care must be taken to ensure the authenticity of all communications. . Figure 13. The two protocols that do this are: • SLIP (Serial Line Internet Protocol) • PPP PPP is more feature rich and has largely supplanted SLIP. would require authentication. Since PPP was designed to do things that were either impossible or unnecessary with Ethernet.

They offer speedy access between two welldefined points and allow you to count passengers. Without disturbing main street traffic. It is easy to get on to and off the street. Because of this. That is what tramways do. You can't get on and off anywhere. many require the added functionality of PPP over Ethernet. Travel is generally between two well-defined points. Streets can serve many access points. PPP. on the other hand. one IP interface must be added to the PPP stack and attached to a PPPoE transport. It is relatively easy to count and monitor passengers. use Ethernet. the basic TCP/IP protocol would be comparable to a network of city streets. it is. PPPoE support on the AT-RG6xx Residential Gateway series In order to use the PPP stack. You need a ticket to board. DSL providers. which allows them to secure communications through the use of user logins and have the ability to measure the volume of traffic each user generates. Additional access points can be added with little disruption. Serial ISPs already use PPP over modem communications. would be comparable to a railway. yes. not serial communications. on the other hand. then is not PPPoE like running railway tracks down Main Street? In fact.AT-RG 600 Residential Gateway – Software Reference Manual 277 If we were to compare TCP/IP traffic to vehicle traffic. PPP over Ethernet brings this sort of functionality to ISPs that do not use serial links to connect their users. PPPoE allows ISPs to monitor the volume of traffic that their users generate. they bring the advantages of railways. Example of PPPoE connection. It is hard to tell how many cars are actually using each street. And you need a ticket to board. . If this is true.

To establish the PPP connection. PPPoE transport is an abstraction layer used to classify the format of the PPPoE packets that will be transferred through the network. The other type of transport explained above in chapter 5 is ethernet. and then send the authentication parameters (User Name and Password) requested by the access service.278 Chapter 13 – PPPoE Typically PPPoE is the “way” to connect the internal device with the external world. In fact among the negotiation parameters there are “User Name” and “Password”. the “speakers” are the PPPoE Client on the RG6xx and the PPPoE Server of the Access Concentrator on the other end of the connection. Because the system supports VLANs. IP interfaces use typically the services provided by pppoe transports. it's necessary firstly negotiate which authentication protocol (PAP or CHAP) to be use. Packets transmitted through a pppoe connection or Ethernet connection will have different frame formats even though they convey the same type of information to the IP layer. the command vlan add v2 vid 2 vlan add v2 port wan frame untagged • Define the vlan as PPPoE transport using the command: pppoe add transport v2 4 • Create an IP interface and attach the IP interface to the PPPoE using the following command: ip add interface ip2 ip attach ip2 v2 Negotiation of PPPoE connections A PPPoE connection is a point-to-point connection. Each PPPoE instance must have a unique subnet and belong to a unique VLAN. Adding and attaching PPPoE connections PPPoE connections are added and attached using the commands provided in the IP and PPPoE modules respectively. The most relevant feature of PPP connections is the Security provided by the PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol) protocols. Therefore it's not possible map a pppoe transport directly to a physical ethernet port. the same ethernet port can be shared between different VLANs. Instead pppoe transports are mapped to VLANs that from a logical point of view act as an ethernet port would do in a simple system without VLANs To attach a pppoe transport to the Residential Gateway the following steps must be performed: • Create a VLAN on the wan port using. for example. . which are unique identifiers the particular PPPoE Client.

the PPPoE client negotiates with the Server the IP parameters for the connection: • IP address for client and server ends of the link • • Primary DNS Server IP address Secondary DNS Server IP address .AT-RG 600 Residential Gateway – Software Reference Manual 279 To configure the authentication related parameters on a PPPoE instance the following steps must be performed: pppoe set transport v2 welogin ( none/auto/chap/pap) pppoe set transport v2 username abcdef….. pppoe set transport v2 password abcdef… After the completion of the authentication phase of the PPP negotiation.

configure and manage the PPPoE module. AT-RG623 and AT-RG656 Residential Gateway to enable. PPPoE CLI commands The table below lists the PPPoE commands provided by the CLI: Command PPPOE ADD TRANSPORT PPPOE CLEAR TRANSPORTS PPPOE DELETE TRANSPORT PPPOE LIST TRANSPORTS PPPOE SET TRANSPORT ACCESSCONCENTRATOR PPPOE SET TRANSPORT AUTOCONNECT PPPOE SET TRANSPORT AUTOCONNECT FILTER ADD PPPOE SET TRANSPORT AUTOCONNECT FILTER DELETE PPPOE SET TRANSPORT ENABLED/DISABLED PPPOE SET TRANSPORT GIVEDNS CLIENT PPPOE SET TRANSPORT GIVEDNS RELAY PPPOE SET TRANSPORT LCPECHOEVERY PPPOE SET TRANSPORT LCPMAXCONF PPPOE SET TRANSPORT LCPMAXFAIL PPPOE SET TRANSPORT LCPMAXTERM PPPOE SET TRANSPORT STATIC_IP/DYNAMIC_IP PPPOE SET TRANSPORT PASSWORD PPPOE SET TRANSPORT SERVICENAME PPPOE SET TRANSPORT USERNAME PPPOE SET TRANSPORT WELOGIN PPPOE SHOW TRANSPORT PPPOE ADD TRANSPORT Syntax PPPOE ADD TRANSPORT <name> <vlanname> [ACCESSCONCENTRATOR <concentrator>] [SERVICENAME <servicename>] .280 Chapter 13 – PPPoE PPPoE Command Reference This section describes the commands available on the AT-RG613.

the PPPoE transport will connect to the first access concentrator it finds that uses this service.org/rfc/rfc2516. If set. A PPPoE tag that identifies a specific service that is acceptable to the PPPoE client. If no concentrator tag is set. It can be made up of one or more letters or a combination of letters and digits. The internal system port that used to distinguish PPPoE packets. The tag name/number is determined by your ISP. see http://www. It allows you to specify the following parameters for the PPPoE client: • the vlan used to receive and send packets belonging to the PPP interface • the internal port that will transport data • access concentrator (optional • service name (optional) Options The following table gives the range of values for each option which can be specified with this command and a default value for each option (if applicable). Default Value name N/A vlanname N/A port N/A concentrator N/A service name N/A Example --> pppoe add transport pppoe1 default 1 See also PPPOE LIST TRANSPORTS ETHERNET LIST PORTS For more information on host unique tags. PPPoE connects to the first access concentrator that responds.AT-RG 600 Residential Gateway – Software Reference Manual 281 Description This command creates a PPPoE transport that performs dialout over Ethernet. A PPPoE tag that identifies a remote access concentrator (or PPPoE server). Option Description An arbitrary name that identifies the transport. Available values are from 1 to 8. The vlan name used to carry PPPoE packets of the current PPP interface. If an access concentrator is also set. but it cannot start with a digit. the PPPoE transport will connect to the specified service on the named concentrator.. The service name is determined by your ISP.txt .ietf. PPPoE will only connect to the named access concentrator.

Default Value N/A number N/A Example --> pppoe delete transport pppoe1 See also PPPOE LIST TRANSPORTS PPPOE LIST TRANSPORTS Syntax PPPOE LIST TRANSPORTS Description This command lists PPPoE transports that have been created using the PPPOE ADD TRANSPORT command. It displays the following information about the transports: • transport identification number • transport name .282 Chapter 13 – PPPoE PPPOE CLEAR TRANSPORTS Syntax PPPOE CLEAR TRANSPORTS Description This command deletes all PPPoE transports that were created using the PPPoE ADD TRANSPORT command. A number that identifies an existing PPPoE transport. Example --> pppoe clear transports See also PPPOE DELETE TRANSPORT PPPOE DELETE TRANSPORT Syntax PPPOE DELETE TRANSPORT {<name>|<number>} Description This command deletes a single PPPoE transport. Option name Description A name that identifies an existing PPPoE transport. Options The following table gives the range of values for each option which can be specified with this command and a default value for each option (if applicable). To display transport numbers. If an IP interface is attached to the pppoe transport. it's necessary detach the IP interface using the IP DETACH command before removing the pppoe transport. use the PPPOE LIST TRANSPORTS command. use the PPPOE LIST TRANSPORTS command. To display transport names.

AT-RG 600 Residential Gateway – Software Reference Manual 283 Example --> pppoe list transports PPPOE transports: ID | Name | Port -----|------------|----------1 | default | ethernet2 2 | vlan21 | ethernet2 -----------------------------See also PPPOE SHOW TRANSPORT PPPOE SET TRANSPORT ACCESSCONCENTRATOR Syntax PPPOE SET TRANSPORT {<name>|<number>} ACCESSCONCENTRATOR <concentrator> Description This command specifies the access concentrator that you want PPPoE to connect to. To display transport names. To display transport numbers. You can also specify a service name using the SET TRANSPORT SERVICENAME command so that PPPoE will only accept a specific service via a specific access concentrator. to remove it. use the PPPOE LIST TRANSPORTS command. it's necessary remove the pppoe transport where the access concentrator refers. Option name Description A name that identifies an existing PPPoE transport. use the PPPOE LIST TRANSPORTS command. If an access concentrator has been defined. A number that identifies an existing PPPoE transport. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The tag name/number is determined by your ISP. If no concentrator tag is set. A PPPoE tag that identifies a remote access concentrator (or PPPoE server). PPPoE connects to the first access concentrator that responds. PPPoE will only connect to the named access concentrator. Default Value N/A number N/A concentrator Empty string Example --> pppoe set transport pppoe1 accessconcentrator server5 See also PPPOE LIST TRANSPORTS .

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). . See PPPOE SET TRANSPORT AUTOCONNECT ADD FILTER command. Option name Description A name that identifies an existing PPPoE transport. Disables PPPoE autoconnect. use the PPPOE LIST TRANSPORTS command. To display transport numbers.ietf.org/rfc/rfc2516. PPPoE automatically opens the link to the access concentrator whenever the link is down and a user needs to send TCP/IP packets to a public address. use the PPPOE LIST TRANSPORTS command. PPPOE SET TRANSPORT AUTOCONNECT Syntax PPPOE SET TRANSPORT {<name>|<number>} AUTOCONNECT {ENABLED|DISABLED } Description This command enables/disables the PPPoE autoconnect function. A number that identifies an existing PPPoE transport. Enables PPPoE autoconnect. It's possible specify one or more filters to block the autoconnect function when a UDP or TCP connection is requested to a particular port. If enabled. To display transport names.284 Chapter 13 – PPPoE PPPOE SET TRANSPORT SERVICENAME PPPOE SHOW TRANSPORT For more information on PPPoE and access concentrators. http://www. Default Value N/A number N/A ENABLED DISABLED disable Example --> pppoe set transport pppoe1 autoconnect enable See also PPPOE SET TRANSPORT AUTOCONNECT FILTER PPPOE SET TRANSPORT AUTOCONNECT FILTER ADD Syntax PPPOE SET TRANSPORT {<NAME>|<NUMBER>} AUTOCONNECT FILTER ADD {TCPPORT <TCPPORT>|UDPPORT <UDPPORT> } Description This command disables the PPPoE autoconnect function when a TCP/UDP session is requested for a specific address port. see RFC2516.txt.

The destination port related to the TCP section that must be blocked. To display transport names. The destination port related to the TCP section that must be blocked. use the PPPOE LIST TRANSPORTS command. To display transport numbers. To display transport names. Default Value N/A number N/A tcpport udpport N/A N/A Example --> pppoe set transport pppoe1 autoconnect filter add tcpport 23 See also PPPOE SET TRANSPORT AUTOCONNECT PPPOE SET TRANSPORT AUTOCONNECT FILTER DELETE Syntax PPPOE SET TRANSPORT {<NAME>|<NUMBER>} AUTOCONNECT FILTER DELETE {TCPPORT <TCPPORT>|UDPPORT <UDPPORT> } Description This command removes a PPPoE filter previously added with the command PPPOE SET TRANSPORT AUTOCONNECT FILTER ADD. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name Description A name that identifies an existing PPPoE transport. Default Value N/A number N/A tcpport udpport N/A N/A . A number that identifies an existing PPPoE transport. The destination port related to the UDP section that must be blocked. Option name Description A name that identifies an existing PPPoE transport. The destination port related to the UDP section that must be blocked. To display transport numbers. use the PPPOE LIST TRANSPORTS command.AT-RG 600 Residential Gateway – Software Reference Manual 285 Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). A number that identifies an existing PPPoE transport. use the PPPOE LIST TRANSPORTS command. use the PPPOE LIST TRANSPORTS command.

Once IPCP has discovered the DNS server IP address. . Option name Description A name that identifies an existing PPPoE transport. You must have the DNS client process included in your image build in order to use this feature. Disables a PPPoE transport. To display transport numbers. use the PPPOE LIST TRANSPORTS command. Default Value N/A number N/A ENABLED DISABLED disable Example --> pppoe set transport pppoe1 enabled See also PPPOE LIST TRANSPORTS PPPOE SET TRANSPORT GIVEDNS CLIENT Syntax PPPOE SET TRANSPORT {<name>|<number>} GIVEDNS CLIENT {ENABLED | DISABLED} Description This command controls whether the PPP Internet Protocol Control Protocol (IPCP) can request a DNS server IP address for a remote PPP peer. a PPP session that is not attached but needed for testing purposes) the transport must be enabled explicitly. Options The following table gives the range of values for each option which can be specified with this command and a default value for each option (if applicable).286 Chapter 13 – PPPoE Example --> pppoe set transport pppoe1 autoconnect filter delete tcpport 23 See also PPPOE SET TRANSPORT AUTOCONNECT PPPOE SET TRANSPORT ENABLED/DISABLED Syntax PPPOE SET TRANSPORT {<name>|<number>} {ENABLED|DISABLED} Description This command explicitly enables/disables a PPPoE transport. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display transport names. Attaching a transport to an interface implicitly enables it. it gives the address to the local DNS client so that it can be used for DNS lookups initiated from the Residential Gateway itself. A number that identifies an existing PPPoE transport. multiple channels on an interface. Enables a PPPoE transport. but for cases where no attach is performed (for example. use the PPPOE LIST TRANSPORTS command.

ietf. Default Value N/A number N/A ENABLED enabled DISABLED Example --> pppoe set transport pppoe1 givedns client enabled See also PPPOE SET TRANSPORT GIVEDNS RELAY ENABLED|DISABLED PPPOE SET TRANSPORT REMOTEDNS PPPOE SET TRANSPORT DISCOVERDNS PRIMARY PPPOE SET TRANSPORT DISCOVERDNS SECONDARY For more information on DNS client. A DNS server IP address learnt by IPCP will not be passed to the DNS client. use the PPPOE LIST TRANSPORTS command.org/rfc/rfc1035.AT-RG 600 Residential Gateway – Software Reference Manual 287 Option name Description A name that identifies an existing PPPoE transport. use the PPPOE LIST TRANSPORTS command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). see ATMOS DNS Client Functional Specification: DO-008322-PS. To display transport names. PPPOE SET TRANSPORT GIVEDNS RELAY Syntax PPPOE SET TRANSPORT {<name>|<number>} GIVEDNS RELAY {ENABLED | DISABLED} Description This command controls whether the PPP Internet Protocol Control Protocol (IPCP) can request the DNS server IP address for a remote PPP peer. IPCP can request a DNS server IP address and then give the address to DNS client. You must have the DNS relay process included in your image build in order to use this feature.txt. use the PPPOE LIST TRANSPORTS command. To display transport numbers. A number that identifies an existing PPPoE Default Value N/A N/A . see http://www. A number that identifies an existing PPPoE transport. To display transport names. Option name number Description A name that identifies an existing PPPoE transport. For information on DNS implementation and specification. Once IPCP has discovered the DNS server IP address. it gives the address to the local DNS relay so it can be used for relayed DNS lookups.

To display transport numbers. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). ENABLED IPCP can request a DNS server IP address and then give the address to DNS relay. PPPOE SET TRANSPORT LCPECHOEVERY Syntax PPPOE SET TRANSPORT {<name>|<number>} LCPECHOEVERY <interval> Description This command tells a specified PPP transport to send an LCP (Link Control Protocol) echo request frame at specified intervals (in seconds). the PPP connection is turned down. The length of time (in seconds) between LCP echo request frames being sent. A DNS server IP address learnt by IPCP will not be passed to the DNS relay.ietf. If you do not want echo request frames to be sent. If no reply is received. use the PPPOE LIST TRANSPORTS command. A number that identifies an existing PPPoE transport.org/rfc/rfc1035. Default Value N/A number N/A interval 10 seconds Example --> pppoe set transport pppoe2 lcpechoevery 0 . enabled DISABLED Example --> PPPOE SET TRANSPORT PPPOE1 GIVEDNS RELAY ENABLED See also PPPOE SET TRANSPORT GIVEDNS CLIENT ENABLED|DISABLED PPPOE SET TRANSPORT REMOTEDNS PPPOE SET TRANSPORT DISCOVERDNS PRIMARY PPPOE SET TRANSPORT DISCOVERDNS SECONDARY DNS RELAY CLI COMMANDS For information on DNS implementation and specification. specify zero (0) in the <interval> attribute. use the PPPOE LIST TRANSPORTS command. use the PPPOE LIST TRANSPORTS command.288 Chapter 13 – PPPoE transport. To display transport numbers. If you do not want to send LCP echo frames. Option name Description A name that identifies an existing PPPoE transport.txt. specify `0' as the interval. To display transport names. see http://www. This functionality is also known as `keep-alive'.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 289 See also PPPOE SHOW TRANSPORT PPPOE LIST TRANSPORTS PPPOE SET TRANSPORT LCPMAXCONF Syntax PPPOE SET TRANSPORT {<name>|<number>} LCPMAXCONF <lcp max configure> Description This command sets the maximum number of Link Control Protocol (LCP) configure requests that will be sent by an existing PPPoE transport before it decides that the PPP peer is not responding. use the PPPOE LIST TRANSPORTS command. . the maximum number of configures that can be transmitted without reply before assuming that the PPP peer is unable to respond. Default Value N/A number N/A lcp max configure 10 Example --> pppoe set transport pppoe1 lcpmaxconf 20 See also PPPOE SHOW TRANSPORT PPPOE LIST TRANSPORTS PPPOE SET TRANSPORT LCPMAXFAIL Syntax PPPOE SET TRANSPORT {<name>|<number>} LCPMAXFAIL <lcp max fail> Description This command sets the Link Control Protocol (LCP) maximum fail number. the transport changes from the REQ SENT state back to the STARTING state. Link Control Protocol. The LCPmaxconf can be any positive value. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option name Description A name that identifies an existing PPPoE transport. use the PPPOE LIST TRANSPORTS command. A number that identifies an existing PPPoE transport. To display transport names. Upon having decided that the peer is not responding.This is the number of configure-nak packets sent without receiving a valid configure ack before assuming the configuration is not converging. ie it stops trying to negotiate the link. To display transport numbers.

use the PPPOE LIST TRANSPORTS command. To display transport numbers. When the transport has sent this number of consecutive LCP terminate requests without receiving a reply. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). A number that identifies an existing PPPoE transport. use the PPPOE LIST TRANSPORTS command. To display transport numbers. use the PPPOE LIST TRANSPORTS command. The maximum number of consecutive LCP negative acknowledgements (indicating that the information received contains errors) that can be transmitted before assuming that parameter negotiation is not converging. use the PPPOE LIST TRANSPORTS command. The maximum number of consecutive LCP Terminate Requests that will be sent without reply before assuming that the destination address is unable to respond. The LCPfailterm can be any positive value. it will assume that the PPP peer is unable to reply. To display transport names. The LCPmaxfail can be any positive value. To display transport names. A number that identifies an existing PPPoE transport. and will simply terminate the link.290 Chapter 13 – PPPoE Option name Description A name that identifies an existing PPPoE transport. Default Value N/A number N/A lcp max term 2 . Option name Description A name that identifies an existing PPPoE transport. Default Value N/A number N/A lcp max fail 5 Example --> pppoe set transport pppoe1 lcpmaxfail 20 See also PPPOE SHOW TRANSPORT PPPOE LIST TRANSPORTS PPPOE SET TRANSPORT LCPMAXTERM Syntax PPOE SET TRANSPORT {<name>|<number>} LCPMAXTERM <lcp max terminate> Description This command sets the Link Control Protocol (LCP) maximum terminate number for an existing PPPoE transport.

0. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).168.103. use the PPPOE LIST TRANSPORTS command. Option Name Description A name that identifies an existing PPPoE transport. To display transport names. To configure correctly an authenticated pppoe connection it's necessary send also the PPPOE SET TRANSPORT WELOGIN command and set the . use the PPPOE LIST TRANSPORTS command. The password is required when PPP negotiation takes place and is supplied to the remote PPP server for authentication.AT-RG 600 Residential Gateway – Software Reference Manual 291 Example --> pppoe set transport pppoe1 lcpmaxterm 20 See also PPPOE SHOW TRANSPORT PPPOE LIST TRANSPORTS PPPOE SET TRANSPORT STATIC_IP/DYNAMIC_IP Syntax PPPOE SET TRANSPORT {<name>|<number>} {STATIC_IP <ip-address> | DYNAMIC_IP} Description This command tells the PPP process the local IP address to be used on this PPP interface or sets the PPP interface to get the IP address dynamically.0. The IP address of the local `client-end' of the PPP link.222.254. displayed in the IPv4 format: 111.2 See also PPPOE SHOW TRANSPORT PPPOE LIST TRANSPORTS PPPOE SET TRANSPORT REMOTEIP PPPOE SET TRANSPORT PASSWORD Syntax PPPOE SET TRANSPORT {<name>|<number>} PASSWORD <password> Description This command sets an authentication password on a named transport. To display transport numbers. A number that identifies an existing PPPoE transport.0 Example --> pppoe set transport pppoe1 static_ip 192.4 Default Value N/A Number N/A ip-address 0.

use the PPPOE SHOW TRANSPORT command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). An arbitrary word that acts as a password enabling you to be authenticated by the remote end of the link. To remove a previously set servicename. To display transport names.292 Chapter 13 – PPPoE authentication username using the PPPOE SET TRANSPORT USERNAME command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value N/A number N/A password N/A Example --> pppoe set transport pppoe2 password mercury See also PPPOE LIST TRANSPORTS PPPOE SHOW TRANSPORT PPPOE SET TRANSPORT USERNAME PPPOE SET TRANSPORT SERVICENAME Syntax PPPOE SET TRANSPORT {<name>|<number>} SERVICENAME <servicename> Description This command specifies the service name that is acceptable to the PPPoE client.. The password will be required by the PPP server and is passed to the server using either the PAP or CHAP protocol. . Option Name Description A name that identifies an existing PPPoE transport. To display the password. You can also set the access concentrator using the SET TRANSPORT ACCESSCONCENTRATOR command so that PPPoE will only accept a specific service via a specific access concentrator. To display transport numbers. use the PPPOE LIST TRANSPORTS command. use the PPPOE LIST TRANSPORTS command. it's necessary remove the pppoe transport where the servicename was added. A number that identifies an existing PPPoE transport. It can be made up of one or more characters and/or digits.

To display transport names.AT-RG 600 Residential Gateway – Software Reference Manual 293 Option name Description A name that identifies an existing PPPoE transport. use the PPPOE LIST TRANSPORTS command. http://www. A number that identifies an existing PPPoE transport. Option Description Default Value .. the PPPoE transport will connect to the specified service on the named concentrator. the PPPoE transport will connect to the first access concentrator it finds that uses this service.ietf.org/rfc/rfc2516.txt. The username is required when PPP negotiation takes place and is supplied to the remote PPP server for authentication. see RFC2516. Default Value N/A number N/A service name Empty string Example --> pppoe set transport pppoe1 servicename jupiter See also PPPOE LIST TRANSPORTS PPPOE SET TRANSPORT ACCESSCONCENTRATOR PPPOE SHOW TRANSPORT For more information on PPPoE and service names. A PPPoE tag that identifies a specific service that is acceptable to the PPPoE client. To display transport numbers. PPPOE SET TRANSPORT USERNAME Syntax PPPOE SET TRANSPORT {<name>|<number>} USERNAME <username> Description This command sets a (dialout) username on a named transport. If set. The service name is determined by your ISP. If an access concentrator is also set. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To apply a positive authentication you must use not only this command but moreover you also must use PPPOE SET TRANSPORT PASSWORD and PPPOE SET TRANSPORT WELOGIN. To configure correctly an authenticated pppoe connection it's necessary send also the PPPOE SET TRANSPORT WELOGIN command and set the authentication password using the PPPOE SET TRANSPORT PASSWORD command. use the PPPOE LIST TRANSPORTS command.

To display the username. Option name Description A name that identifies an existing PPPoE transport. To display transport numbers. Together with the password. use the PPPOE LIST TRANSPORTS command. It can be made up of one or more characters and/or digits. this enables the PPP client to be authenticated by the remote end. To display transport names. A number that identifies an existing PPPoE transport. A name that identifies a user. A number that identifies an existing PPPoE transport. To display transport names. N/A number N/A username N/A Example --> pppoe set transport pppoe2 username jsmith See also PPPOE SET TRANSPORT PASSWORD PPPOE SET TRANSPORT WELOGIN Syntax PPPOE SET TRANSPORT {<name>|<number>} WELOGIN {NONE|AUTO|PAP|CHAP} Description This command sets the authentication protocol used to connect to external PPP servers (dialout).294 Chapter 13 – PPPoE name A name that identifies an existing PPPoE transport. use the PPPOE LIST TRANSPORTS command. To configure correctly an authenticated pppoe connection it's necessary set also the login username using the PPPOE SET TRANSPORT USERNAME command and set the authentication password using the PPPOE SET TRANSPORT PASSWORD command. use the PPPOE SHOW TRANSPORT command. Default Value N/A number N/A . The username will be required by the PPP server and will be passed to the server using the PAP or CHAP protocol. use the PPPOE LIST TRANSPORTS command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). use the PPPOE LIST TRANSPORTS command. To display transport numbers.

the server sends an authentication request to the remote user dialling in. CHAP passes the encrypted username and password to be verified by the server. The authentication protocol used by the remote PPP server is discovered and used.dialin status • Headers . Challenge Handshake Authentication Protocol. PAP passes the unencrypted username and password to be verified by the server. Password Authentication Protocol. the server sends an authentication request to the remote user dialling in. PAP None CHAP Example --> pppoe set transport pppoe2 welogin pap See also PPPOE SET TRANSPORT THEYLOGIN PPPOE SHOW TRANSPORT PPPOE LIST TRANSPORTS PPPOE SHOW TRANSPORT Syntax PPPOE SHOW TRANSPORT {<name>|<number>} Description This command displays the following information about an existing PPPoE transport: • Description • Interface number • Server .the data format that the transport can accept or receive • SVC status (false) • Local IP address • Subnet mask • Remote IP address • Remote DNS • Propagate DNS to client (true or false) • Propagate DNS to relay (true or false) • Create route (true or false) • Specific route (true or false) • Route netmask .AT-RG 600 Residential Gateway – Software Reference Manual 295 NONE AUTO No authentication method is used.

0. use the PPPOE LIST TRANSPORTS command Default Value N/A number N/A Example --> pppoe show transport pppoe2 PPP Transport: pppoe2 Description: pppoe2 Interface ID: 1 Headers: learn Local IP: 0.0.0.0.0.0 Subnet mask: 0.0.0 Remote DNS: 0. use the PPPOE LIST TRANSPORTS command.0 Propogate DNS to client: true Create route: true Specific route: false Route netmask: 0.0.0 Server: false SVC: false To relay: true .0.0. A number that identifies an existing PPPoE transport.0.296 Chapter 13 – PPPoE • Dialout Username • Dialout Password • Dialout Authentication method • Dialin Authentication method • LCP Max Configure • LCP Max Failure • LCP Max Terminate • LCP Echo Period • Autoconnect status (true or false) • User Idle Timeout setting (in minutes) • Access concentrator • Service name • Port name Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Name Description A name that identifies an existing PPPoE transport.0 Remote IP: 0. To display transport numbers. To display transport names.

: none LCP Max.: none Dialin auth.AT-RG 600 Residential Gateway – Software Reference Manual 297 Dialout username: Dialout password: Dialout auth. Conf.: Service name: y See also PPPOE LIST TRANSPORTS . Failure: 5 LCP Max Terminate: 2 LCP Echo Every: 10 Autoconnect: true User Idle Timeout: 30 Access Conc.: 10 LCP Max.

In the opposite direction. Up to 2 simultaneous calls can be made on the S/T bus (the limitation is due to the Basic Rate service that support only two bearer channels of 64Kbps each). In this case the two ports use the same S/T bus and ISDN terminals can use one port or the other one independently. The AT-RG613TX(J) supports two FXS ports to connect up to 2 standard DTMF analogue telephones. fax with data networks incorporating packet-based protocols such as Internet protocol (IP). the FXO port allows an incoming PSTN call to reach a VoIP end-point. The AT-RG623TX supports two ISDN Basic Rate ports to connect up to 8 ISDN terminals to the residential gateway. This system incorporates a voiceband processor (VoIP DSP) that operates in conjunction with analog interface circuitry and with the unit main processor (CPU). connecting the local phones to the PSTN operator. .298 Chapter 14 – VoIP Analogue and Digital Access Ports Chapter 14 VoIP Analogue and Digital access ports Introduction This chapter describes the telephony services available on the Residential Gateway and the support for analog voice ports (FXS) and digital ISDN interfaces (Basic Rate). A further PSTN port (AT-RG613TXJ model only) is available to connect the Residential Gateway to a Central Office or to an analog PBX. The same FXO port acts like lifeline when the unit is powered off (or when no local user is registered to a SIP server or Gatekeeper). The access port module controls both analog and digital ports: • on FXS models it detects hardware events like off-hook and DTMF key press and controls hardware functions like tone generation and ringing. • on the ISDN models it implements the ISDN protocol conforming to Euro ISDN standards (ETSI). The PSTN port (also named FXO port) allows a VoIP end-point to reach an external phone connected to the PSTN network. The access port module also performs the voiceband processing required to interface analog or PCM voice.

726-16Kbps. On the AT-RG613TXJ model two FXS ports are provided plus one FXO port. In this case an internal relay connects the first FXS port to the PSTN port.726-24Kbps. allowing the user to make external calls to a Central Office or to analog PBX.30 Intenet Fax Protocol (IFP) packets.38 support for transmission of T. Digital Ports The AT-RG623TX supports two ISDN Basic Rate (BRI) ports.711 A-/µ-law 64 Kbps PCM Speech CODEC • G.729A/B CS-ACELP Speech CODEC with VAD • G.168 Line Echo Cancellation (programmable 8 ms – 32 ms tail length) • Voice Activity Detection (VAD) • Comfort Noise Generation (CNG) Telecom Tones Management • Tone Generation • DTMF Detection Analog Ports On the AT-RG613TX model two FXS ports are provided. G. The following are the features available on the Voice system: Voice Encoding/Decoding • G. simply by selecting the desired country via the VOIP EP SET COUNTRY command.726-32Kbps and G. . Connection from the unit to standard DTMF analogue telephones is made via two RJ11 8-pin connectors. An additional RJ11 connector is available as pass-through PSTN port when the unit is not powered.726-40Kbps • T. Analog ports are able to reproduce telecom tones similar to the tones provided from a regional central office or local exchange. while the voice-band processor primarily performs mathematically intensive DSP algorithms. G.30 fax signals into T.AT-RG 600 Residential Gateway – Software Reference Manual 299 The unit main processor implements packet network protocol stacks and system control. The analog front-end circuit is designed to support 5REN (Ring Equivalent Number) load on each FXS port. Voice Quality Management • Jitter Buffer Management • Fixed Gain Control configurable independently on TX and RX transmission • G.

plus one signaling channel (called the D channel) of 16Kbps. In this case there are no strong constraints between the minimum distance between TEs . T and U refer to reference points in the ITU-T Recommendations defining ISDN. With respect to a standard ISDN Basic Rate Access. The S/T bus can be up to 100 meters long using 100 ohm UTP cable (only a short passive S bus). From the system point of view they are one logical port and access a resource named isdn0.300 Chapter 14 – VoIP Analogue and Digital Access Ports A block diagram of a typical Basic Rate Access circuit is shown in Figure 14. The Basic Rate access available on the AT-RG623TX consists of 2 data channels (called B1 and B2) of 64Kbps each. Power may be transferred from the NT to TEs (or vice-versa) over the signal wires or one of the outer pairs. The S/T loop may be shared by a number of TEIs and TAs communicating with a single Network Termination (NT). ISDN Basic Access. The letters S. The S/T bus must be terminated with a 100 ohm resistive load at both ends. The other 100 ohm termination must be installed during network configuration. The U loop may be several kilometres in length and runs between the NT and the Line Termination (LT) on the ISDN service provider's premises.The four centre pins on the connector are used for the transmit and receive pairs. the AT-RG623TX is designed to operate like an NT (LT-S) termination offering access to a VoIP network instead of an ISDN network. . The S/T loop portion of the circuit support up to 8 ISDN terminals according to a point-to-multipoint bus topology over a strictly limited distance and is intended for operation within the customer premises. One 100 ohm termination is already installed inside the AT-RG623TX unit. ISDN BRI Physical Layer Connection from the S/T loop to a TE is made via two RJ45 8-pin connectors. Analogue Phone/FAX TA S/T BUS NT1 U BUS ISDN switch (LT) ISDN Switched Nework ISDN switch (LT) Digital Phone/FAX Digital Phone/FAX Figure 14. but 10 meters between TEs is the suggested separation. This allows two simultaneous calls (outgoing or/and incoming) to be in operation at the same time.

The call control module uses ITU-T Recommendation Q.g. In normal operation the LAPD module will not require any configuring since the default configuration will allow it to function fully.931 to set up and tear down ISDN calls. or data link layer. LAPD is not used on the ISDN B channels. .1.A. Default Configuration Signalling Protocol Config.Call Control ISDN layer 3 is responsible for maintaining and controlling ISDN calls. It is a layer 2..921.2. ISDN Layer 3 . A single D channel is able to support multiple layer 3 entities. and error detection for higher layer users of the ISDN D channel. flow control. LAPD is responsible for providing addressing. as defined by ITU-T Recommendation Q. Users Creation Users Binding Incoming/ Outgoing Calls Figure 15. VoIP subsystem configuration .A. Common Port creation and configuration (if necessary) are part of the VoIP system configuration steps required in order to receive or make calls. By default.LAPD LAPD is the Link Access Protocol for the ISDN D channel. ISDN Layer 2 .2.AT-RG 600 Residential Gateway – Software Reference Manual 301 See ETS 300 012-1 Annex A .1 Short passive bus for more technical details. The default for BRI interfaces is to operate with automatic TEI (Terminal Endpoint Identifier) assignment. (SIP/H323) Access Port Creation Forwarding Database Access Port Config. analog or digital access ports are not configured in the system when the unit starts from a factory default configuration. as illustrated in Figure 15.1 Point-to-multipoint .basic steps. the AT-RG623). protocol which is used for communication between ISDN Terminal Equipment and Network Equipment (e.

specified either as a set of digits or timers. It is used to configure the following subsections: • Digit Map/Dial Mask • Voice Coder/Decoder • Voice Quality Management • Telecom Tones Management Digit Map The Digit Map is a rule used by the access port to understand when dialing is is to be considered completed and the dialed number is ready to be processed by the call control layer. A busy tone may be reproduced locally on the ISDN telephone depending on phone model (typically the busy tone is generated for few seconds and then the user is invited to replace the handset). tel2 tel1. "B". attempting to make a call through an undefined analogue port will result in absence of any tone provided by the unit. no users can be added to the port and therefore no incoming calls can be received and no outgoing calls can be made. or "*". On the AT-RG613. . "C". A digit map is defined either by a (case insensitive) "string" or by a list of strings. use the command VOIP EP CREATE and to enable a port use the command VOIP EP ENABLE. On the AT-RG623. "#". Each access port has a unique identifier used during the VOIP EP CREATE command. Port configuration Port configuration is managed through the VOIP EP SET command. The following constructs can be used in each digit map: DTMF: A digit from '0' to '9' or one of the symbols "A". Each string in the list is an alternative numbering scheme. "D". the following ports and port identifiers can be used: Model AT-RG613TX AT-RG613TXJ AT-RG623TX VoIP port type al-fxs-del al-fxs-del al-fxo-del dl-bri-lt-s VoIP port identifier tel1. To create a port. It works for outgoing calls (in the direction from user to VoIP network).302 Chapter 14 – VoIP Analogue and Digital Access Ports If a port is not defined. Depending on the model. tel2 tel3 tel To disable a port use the VOIP EP DISABLE command. attempting to make an outgoing call through an undefined digital port will result in a DISCONNECT message from the unit. or as an expression over which the port will attempt to find a shortest possible match.

Range: One or more DTMF symbols enclosed between square brackets ("[" and "]"). 3. the corresponding Digit Map command could look as: voip ep analogue set prt0 digitmap [2-4]xx If the number dialed begins with anything other than 2. or external (a local call). or 4. Let’s consider an example where the user in an office wants to call a co-worker’s 3digit extension. it checks if the number begins with 9 and the second digit is any digit between 2 and 9 and the number has 7 digits It may sometimes be required that users dial the “#” or “*” to make calls. including zero.AT-RG 600 Residential Gateway – Software Reference Manual 303 Timer: The symbol 'T' matching the timer expiry. Assuming that dialling “9” makes an external call. Wildcard: The symbol "x".. which is equivalent to OR. the called number is processed. if all extensions in the user company begin with 2. note that the whole Digit Map shall not exceed 128 characters. The left-most expression has precedence over the other expressions Let’s consider the case of a choice: the Digit Map must check if the number is internal (an extension). Position: A period (". Subrange: Two digits separated by a hyphen ("-") which matches any digit between and including the two. of occurrences of the preceding construct. which matches any digit ("0" to "9"). the call is rejected and a busy tone is generated. between "[" and "]". It's possible to refine this Digit Map by including a range of digits. the call is placed."). which matches an arbitrary number. For example. Also. i. or 4 and the number has 3 digits If not. 3. The subrange construct can only be used inside a range construct. The command to set the Digit Map could look as follows: voip ep analogue set prt0 digitmap xxx This Digit Map specifies that after the user has entered any three digits. the dialed number shall be considered complete. If the symbol T appearsi in the middle of digit map expression is not considered and skipped during expression evaluation. The symbol 'T' at the end of Digit Map indicates that if user has not dialed a digit for a time longer than the value of the inter-digit time. 3. the Digit Map could be defined with the command: voip ep analogue set prt0 digitmap ([2-4]xx|9[2-9]xxxxxx) In this case the Digit Map checks if the number begins with 2. This can be easily incorporated in a Digit Map with the command: . or 4.e. The Digit Map is defined in such a way that after the user has entered 3 digits. Another way to achieve the same result would be: voip ep analogue set prt0 digitmap [234]xx It is possible to combine two or more expressions in the same Digit Map by using the “|” operator.

729) (G. It's possible to specify more than one codec type for each port using the command VOIP EP SET CODECS. The signaling protocol (SIP or H323) will negotiate the active codec based on the capabilities supported by the other peer involved in the VoIP connection.711 µ law) (G. On the fxo port dial mask works only far calls in the direction PSTN to VoIP thus only on incoming calls on fxo port.304 Chapter 14 – VoIP Analogue and Digital Access Ports voip ep analogue set prt0 digitmap xxxxxxx#|xxxxxxx* The “#” or “*” character could indicate users must dial the “#” or “*” character at the end of their number to indicate it is complete. AT-RG623 and AT-RG656 units: • g711a • g711u • g729 • g726-16 • g726-24 • g726-32 • g726-40 • T.711 A law) (G. When a user digits the called party number.726 40kbps) . the number of digits specified by the dial mask parameter are removed from the selection This feature is available both on AT-RG613TX and AT-RG623TX models.726 16kbps) (G. Dial Mask The Dial Mask specifies the number of digits that must be removed from the dialed number before checking the dialed number against the Digit Map.726 24kbps) (G.38 (G. Voice Coder/Decoder The Voice system makes use of a specific DSP with an embedded sigma-delta Coder/Decoder to process voice and data from/to access ports. In the case of local calls. The codec specified at the leftdmost ens of the codec list has precedence over the other codecs. The following codecs are available on the AT-RG613. On AT-RG613TXJ model. When processing the outgoing call the call control layer removes any '#''. Different codec types are available in order to satisfy the requirements of different environments. dial mask acts both on fxs ports and on the fxo port.726 32kbps) (G. '*' and 'T' symbols from the dialed number. codec negotiation is performed locally by the call control layer.

which logarithmically quantise each input sample.729 Annex A. The digitised.711 codec is very simple. Much coarser quantisation steps are used for large amplitude signals. has very low delay. There is a lower complexity version of the original G. For 32 kbps operation.711 codec is specified by ITU-T and consists of two similar non-uniform pulse code modulation (PCM) schemes called µ. but the G. and results in high quality speech known as "toll" quality.729 Annex B describes a voice activity detection/comfort noise generation algorithm that can be operated in conjunction with either of the speech coders to further reduce the bit rate during periods of silence. G.726 codec is specified by ITU-T and is an adaptative differential pulse code modulation (ADPCM) speech-coding algorithm capable to operate at 16kbps.729 except it performs slightly worse in environments with background noise and in the presence of bit errors.law and A-law. which occur more frequently in speech signals.729 described in G. The algorithmic delay (block processing size) is 10 ms (80 samples). with some notes about quality and performance.729 codec is specified by ITU-T and consists of a Conjugate Structure Algebraic CELP (CS-ACELP) analysis-by-synthesis algorithm that results in a compressed bit rate of 8 kbps. G. however it requires less than half the processing requirements in terms of MIPS. each input voice sample is converted into a 4-bit quantized difference signal resulting in a compression ratio (respect to a reference G711 codec) of 2:1.711 requires trivial processor resources but its high bit rate generally precludes its use in systems where bandwidth or storage space is a concern. It results in good speech quality. G.0. G. 32 kbps and 40kbps. The speech quality for G.729A is very close to that of G. G.729. G.729 A/B CS-ACELP Speech codec The G.726 ADPCM Speech codec The G.711 μ/A-law 64 Kbps PCM Speech codec The G.729 Annex A is interoperable with G. The MOS for G. Α-law and µ-law are waveform codecs. with a MOS value of 4.9. The complexity is high.AT-RG 600 Residential Gateway – Software Reference Manual 305 A brief description of each codec is provided below.729 algorithm also incorporates a 5 ms look-ahead resulting in a 15 ms delay for the encoder. A-law is commonly used in Europe and µ-law is commonly used in North America and Japan. For the 24kbps and 40kbps operation the quantized difference signal is 3 bits . linear PCM input signals (13 and 14 bits respectively) sampled at an 8 KHz sampling rate are converted into an 8-bit compressed floating-point PCM representation for a total bit rate equal to 64Kbps The G.729A is 3. Fine quantisation steps are used for the low level amplitudes. 24kbps.

A brief description of each setting is provided below: Jitter Buffer Voice-over-packet systems require a “jitter” buffer to compensate for delay variation due to packet queuing. The following settings are available on both the AT-RG613. automatically the Residential Gateway switches to a non compressed codec like G711u or G711a. If this fails.38 is not properly a codec but is a technical solution to map FAX signals into a dedicated IP protocol that overrides the limitations (e. respectively. The system is designed to zeroing the process latency for ports using the same codec algorithm. The voice DSP make use of one shared output buffer in the encode direction.38 support is enabled and a fax must be sent or received.38 is reported under the codec supported list in AT-RG600 family. AT-RG623 and AT-RG656 are designed to support the transmission of T.g. Even if T. this optimization is less effective and some channel data could suffer a variable delay (jitter). .306 Chapter 14 – VoIP Analogue and Digital Access Ports and 5 bits. signal distortion) that are present when faxes are sent using codec designed for speech applications.38 Internet Fax Protocol (IFP) packets. At 32kbps ADPCM has a low delay and is considered "tollquality". The jitter buffer is designed to prevent data starvation on the packet-receiving end. This may be because packets from other equal priority voice channels are also ready to be transmitted or because a lower priority data packet has started transmission and must be allowed to complete.e.30 fax signals using T. the number of other voice channels. which could simultaneously produce a packet. and the willingness to reduce network packet efficiency by transmitting a partially filled packet. This delay is dependent on a number of factors including the minimum size data packet. or other network phenomena. especially below 24kbps. T. network congestion. the Residential Gateway tries firstly to negotiate T. When T. At lower bit rates.38 support with the called or calling end-point respectively. This delay results when a complete voice packet ready for transmission cannot be immediately transmitted. Voice Quality Management To increase the voice/data quality additional parameters can be set on the voice system DSP. i. virtually indistinguishable from A-law and u-law for a single encoding.38 support AT-RG613. T. speech quality is dramatically reduced. AT-RG623 and ATRG656 models. and may dynamically adjust its buffer depth depending on network performance characteristics. In the case that access ports are not using the same codec.

since virtually all VoIP systems add delay to the system. In this case an impedance mismatch in this device will almost always result in some “talker echo”. The command VOIP EP SET JITTERDELAY is used to specify the jitter delay. 16 and 32 msec. G. while they are separate proprietary algorithms when used in conjunction with the G.711 codec. Volume Gain Control To adjust volume gain appropriate to the operational environment. Voice Activity Detection Generation (CNG) (VAD) / Comfort Noise Voice activity detection / comfort noise generation (VAD/CNG) are two algorithms designed to reduce bit rates beyond the nominal values defined by the selected codec when no speech is present. it's possible to set the gain on the Tx direction (from phone/user to AT-RG600/VoIP network) separately from that in the Rx direction (from AT-RG600/VoIP network to phone/user) to values between –48dB and +24dB. The delay parameter represents the delay in milliseconds that the jitter buffer waits before it transmits the data samples that are collected from the VoIP network.729 algorithms. Silence detection algorithms simply replace periods when speech is not detected with silence. A line echo canceller is an adaptive FIR filter.168 specifies the requirements for line echo cancellers. allowing the output to mute. it is generally preferable to produce some amount of “comfort noise” (CNG) which sounds similar to the speaker’s background noise. VAD/CNG features are embedded in codec G. Gain control can be set separately on each access port on AT-RG613TX(J) modelswhile on AT-RG623 model it acts simultanously on both B1 and B2 channels. voice/data packets are managed in separate jitter buffers (one for each access port) to compensate efficiently for jitter injected by the network. A value of 0 for Line Echo Cancellation results is turning off the Line Echo Cancellation feature. the less the echo amplitude that can be tolerated before being annoying to the talker. Thus. which operates upon frames of digitised data. Telecommunications sector (ITU-T) G. Acceptable values for Line Echo Cancellation are 8. . Therefore during periods of non-speech. which is a reflection of the received analog signal back to the far-end talker on the transmission path.AT-RG 600 Residential Gateway – Software Reference Manual 307 On the decoding path (from VoIP network to access port). The longer the delay through the system.168 Line Echo Cancellation (8 ms – 32 ms tail length) International Telecommunications Union. line echo cancellation is almost always required. but many listeners find it disconcerting when the background noise is completely muted during periods when they are talking. This solution has the advantage of greatly reducing the average bit-rate. and is typically used in telephony applications to cancel the electrical echo caused by 2-to-4 wire conversion hybrids.

the called party number is provided to the Residential Gateway both in the Q.931 SETUP message and in one or more INFO messages during the call establishment phase. If the call is established using a compressed codec.931 SETUP message during the call establishment phase. g711u or g711a). the called party number is provided to the Residential Gateway in the Q. When the Residential Gateway attempts to establish a call. On digital access models (AT-RG623) the called party number is provided to the Residential Gateway using EnBlock mode or Multi Frame mode. if tone is managed similarly to voice. - Inter-digit time / Inter-digit critical time . Using the EnBlock Mode. If the call is established using a compressed codec. the endpoints negotiate a specific RTP packet payload (Named Telephone Event) used only to tranfer DTMF tones as specified in RFC 2833 (section 3). • DTMF Relay under SIP protocol To prevent tone distortion. during call establishment. DTMF Relay DTMF Relay is a protocol dependent solution used to transfer DTMF tones when in a call a low compressed codec is used. the Residential Gateway will send DTMF tone in-band (independently if the called endpint supports or not RTP packet Named Telephone Event) on the same path used for voice. the tone may be distorted during compression and decompression phase and therefore a specific application must be used to support DTMF transfer. Then if the call is established using an uncompressed codec (i.308 Chapter 14 – VoIP Analogue and Digital Access Ports Telecom Tones Management On analog access models (AT-RG213) the called party number is provided to the unit through DTMF dialed digits. otherwise it switches to the same path used for voice (accepting DTMF distorsion). the Residential Gateway will send DTMF tones using RTP packet Named Telephone Event only if the called end-point supports it. Then if the call is established using an uncompressed codec (i. otherwise it switches to the same path used for voice (accepting DTMF distorsion). - When the Residential Gateway is going to accept a call. the Residential Gateway will send DTMF tone in-band (independently if the caller endpint supports or not RTP packet Named Telephone Event) on the same path used for voice. In this case. Using the Multi Frame Mode.e. g711u or g711a). it adds to the capabilities list the RTP packet Named Telephone Event only if a compressed codec (g726 or g729ab) has been configured for the Voice access port involved in the call.e. the Residential Gateway will send DTMF tones using RTP packet Named Telephone Event only if the caller end-point supports it. it adds to the capabilities list the RTP packet Named Telephone Event only if a compressed codec (g726 or g729ab) has been configured for the Voice access port involved in the call.

5000 425 1000 .4000 450 1000 . Off-hook time is the minimum time (msec) that the analog line must stay in off-hook before the system detects the off-hook state.3000 425 400x16 1000 .4000 1000 .200 Continuous Australia Austria Belgium Canada China France Germany Israel Italy Japan .2000 450 1000 . Busy Tone and Ring Back Tone refer to ITU-T E.2000 Cadence (msec) Continuous Continuous Continuous Continuous Continuous Continuous Continuous Continuous 600 . To change the value of the inter-digit time use the VOIP EP SET IDT-PARTIAL command The Inter-digit critical time is the maximum acceptable time between the off-hook event and the dialing of the first digit.200 400x17 400 .500 350 .4000 440 1500 .500 500 . On-hook time is the minimum time (msec) that the analog line must stay in onhook before the system detects the on-hook state.500 200 .AT-RG 600 Residential Gateway – Software Reference Manual 309 The Inter-digit time is the maximum acceptable time between the dialing of one digit and the next.4000 400 1000 .200 500 .3500 250 .375 300 .300 500 . dialling is considered complete. then the connection is closed and a busy tone is generated. Dial Tone.3000 440+480 2000 .4000 425 1000 .4000 1000 .180 specifications as reported in the following table: Country Dial Tone Frequency (Hz) 425x25 450 425 350+440 450 440 425 400 425 400 Busy Tone Frequency Cadence (Hz) (msec) 400 450 425 480+620 450 440 425 400 425 400 375 . Country-specific Telecom Tones The AT-RG613.1000 200 . To change the value of the inter-digit critical time use the VOIP EP SET IDTCRITICAL command Off-hook time / On-hook time Off-hook time and On-hook time are configuration parameters available only for analog access ports.480 500 . If a time greater than the inter-digit time elapses after the dialing of a digit. If a time greater than this has elapsed since off-hook and dialing has not yet started. The Inter-digit time value is used by the timer 'T' in the digit map expression.500 480 . AT-RG623 and AT-RG656 are able to reproduce the same countryspecific telecom tones used by Central Offices or Foreign Exchanges simply by selecting the preferred country via the VOIP EP SET COUNTRY command.500 Ring Back Tone Frequency Cadence (Hz) (msec) 400 .350 500 .

. no dial tone is provided through a disabled analogue port.200 250 .500 1000 .5000 2000 .200 400 .250 500 .200 400 .OFF Port enable/disable It's possible to temporarily disable a port by using the VOIP EP ANALOGUE/DIGITAL DISABLE command.4000 Note:Frequency in Hz: f1xf2 means f1 is modulated by f2 f1+f2 is the juxtaposition of two frequencies f1 and f2 without modulation.500 400 + 450 425 425 425x24 425 425 450 400+450 440+480 400 . each user added to the port starts to un-register from the Location Server (SIP signaling protocol) or Gatekeeper (H323 signaling protocol). use the VOIP EP ANALOGUE/DIGITAL ENABLE command. or sent to.500 375 . attempting to make an outgoing call through a disabled digital port will result in a DISCONNECT message from the unit.750 200 . To show the users attached to a port.200 400 .4000 400 . To show the user registration status. Cadence in seconds: ON . A busy tone may be reproduced locally on the ISDN telephone depending on phone model (typically the busy tone is generated for few seconds and then the user is invited to replace the handset).3200 400 . use the VOIP EP ANALOGUE/DIGITAL SHOW command. use the VOIP USER SHOW command.400 750 . On the AT-RG613. a user attached to a disabled access port is discharged.2000 1500 .3000 1000 .310 Chapter 14 – VoIP Analogue and Digital Access Ports New Zealand Norway Russia Singapore Spain Sweden Turkey United Kingdom United States 400 no tone no tone 425 425 425 450 350+440 350+440 Continuous // // Continuous Continuous Continuous Continuous Continuous Continuous 400 425 425 425 425 425 450 400 480+620 500 . On the AT-RG623.500 800 .4000 400 .2000 500 . Any call originated from. As soon the port is enabled all the users attached to the port automatically restart the process of registration with the location server or gatekeeper.2000 2000 . To change the port status from disabled to enabled.375 500 . When a port is disabled.

EP). If particular parameters or commands specific only for one type of port. If not otherwise stated. voip ep CLI commands The table below lists the VOIP EP commands provided by the CLI: Command VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SET CNG VOIP EP SET CODECS VOIP EP SET COUNTRY VOIP EP SET DIALMASK VOIP EP SET DIALMODE VOIP EP SET DIGITMAP VOIP EP SET IDT-CRITICAL VOIP EP SET IDT-PARTIAL VOIP EP SET JITTERDELAY VOIP EP SET LEC VOIP EP SET OFFHOOK-TIME VOIP EP SET ONHOOK-TIME VOIP EP SET RXGAIN VOIP EP SET TXGAIN VOIP EP SET VAD VOIP EP SHOW . The syntax for both analogue and digital ports is described below. this will be explicitly indicated in the description. Two types of port are defined: analogue and digital. configure and manage access ports (also called end points .AT-RG 600 Residential Gateway – Software Reference Manual 311 VoIP EP Command Reference This section describes the commands available on the Residential Gateway to create. command parameters apply both to analogue and digital ports.

LT-S termination. up 2 analogue ports with TYPE al-fxs-del and PHYSICAL-PORT tel1 or tel2 can be created plus a third analog port with TYPE al-fxo-del and PHYSICAL-PORT tel3. direct exchange line. If the physical resource is already assigned to another named port. but it cannot start with a digit. Options The following table gives the range of values for each option that can be specified with this command and a default value (if applicable). On AT-RG623TX model. foreign exchange office side. al-fxo-del: analog line. Option Description An arbitrary name that identifies the access port. direct exchange line. Default Value name N/A port-type N/A . an error is raised and the command fails. foreign exchange subscriber side. dl-bri-lt-s: digital line. The maximum length is fixed to 16 characters. This is the user access typology served by the physical port. ISDN basic rate interface. On AT-RG613TXJ model. up 2 analogue ports can be created with TYPE al-fxsdel and PHYSICAL-PORT tel1 or tel2. only one digital port can be created with TYPE dl-bri-lt-s and PHYSICAL-PORT tel. only one digital port can be created with TYPE dl-brilt-s and PHYSICAL-PORT tel. Valid values are: al-fxs-del: analog line. It can be made up of one or more letters or a combination of letters and digits. On AT-RG613TX model. On AT-RG623TX model.312 Chapter 14 – VoIP Analogue and Digital Access Ports VOIP EP CREATE Syntax VOIP EP ANALOGUE CREATE <name> TYPE <port-type> PHYSICAL-PORT <phyport-id> VOIP EP DIGITAL CREATE <name> TYPE <port-type> PHYSICAL-PORT <phyport-id> Description This command adds a named access port and binds it to a physical access port. the possible values depend on the model (analog access or digital access).

and a default value (if applicable). use the VOIP EP LIST command. Default Value N/A Example --> voip ep analogue delete prt0 --> voip ep digital delete prt0 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP ENABLE VOIP EP LIST VOIP EP SET . causes a deregistration procedure to be invoked for the users attached to the removed port.AT-RG 600 Residential Gateway – Software Reference Manual 313 phy-port-id This is the physical port providing the access to VoIP network. which can be specified with this command. It may assume the following values depending on port-type selection: tel1: first analog fxs port tel2: second analog fxs port tel3: analog fxo port (only AT-RG613TXJ model) tel1: digital isdn port N/A Example --> voip ep analogue create prt0 type al-fxs-del physical-port tel1 --> voip ep digital create prt0 type dl-bri-lt-s physical-port tel1 See also VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SET VOIP EP SHOW VOIP EP DELETE Syntax VOIP EP ANALOGUE DELETE <name> VOIP EP DIGITAL DELETE <name> Description This command deletes the named access port created previously using the VOIP EP CREATE command. Option name Description A name that identifies an existing access port. Options The following table gives the range of values for each option. Deleting an access port where one or more users are attached. To display existing access port names.

use the VOIP EP LIST command. Use the VOIP EP SHOW command to retrieve the Operational Status of a specific port.314 Chapter 14 – VoIP Analogue and Digital Access Ports VOIP EP SHOW VOIP EP DISABLE Syntax VOIP EP ANALOGUE DISABLE <name> VOIP EP DIGITAL DISABLE <name> Description This command disables the physical port referred to by the named access port. Default Value N/A . which can be specified with this command. which can be specified with this command. Options The following table gives the range of values for each option. To display existing access port names. Default Value N/A Example --> voip ep analogue disable prt0 --> voip ep digital disable prt0 See also VOIP EP CREATE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SET VOIP EP SHOW VOIP EP ENABLE Syntax VOIP EP ANALOGUE ENABLE <name> VOIP EP DIGITAL ENABLE <name> Description This command enables the physical port referred to by the named access port. Option name Description A name that identifies an existing access port. Use the VOIP EP SHOW command to retrieve the Operational Status of a specific port. Options The following table gives the range of values for each option. use the VOIP EP LIST command. To display existing access port names. Option name Description A name that identifies an existing access port. and a default value (if applicable). and a default value (if applicable).

The following information is displayed: • end-point (analogue or digital) ID value • end-point (analogue or digital) name • physical port index • physical port typology Example --> voip ep analogue list Gateway access ports: ID | Name | Physical Port | Typology -----|------------|------------------|-----------------1 | prt0 | tel1 | al-fxs-del ---------------------------------------------------------> voip ep digital list Gateway access ports: ID | Name | Physical Port | Typology -----|------------|------------------|-----------------1 | prt0 | isdn0 | dl-bri-lt-s -------------------------------------------------------See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP SET VOIP EP SHOW VOIP EP SET CFWD Syntax CFWD all-calls .AT-RG 600 Residential Gateway – Software Reference Manual 315 Example --> voip ep analogue enable prt0 --> voip ep digital enable prt0 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP LIST VOIP EP SET VOIP EP SHOW VOIP EP LIST Syntax VOIP EP ANALOGUE LIST VOIP EP DIGITAL LIST Description This command lists the named access port defined in the system using the VOIP EP CREATE command.

316 Chapter 14 – VoIP Analogue and Digital Access Ports VOIP EP <analogue/digital> SET <name> CFWD ENABLE ALL-CALLS ONPREFIX <on-prefix> ON-SUFFIX <on-suffix> OFF-PREFIX <off-prefix> CFWD on-busy VOIP EP <analogue/digital> SET <name> CFWD ENABLE ON-BUSY ON-PREFIX <on-prefix> ON-SUFFIX <on-suffix> OFF-PREFIX <off-prefix> CFWD on-no-answer VOIP EP <analogue/digital> SET <name> CFWD ENABLE ON-NO-ANSWER ONPREFIX <on-prefix> ON-SUFFIX <on-suffix> OFF-PREFIX <off-prefix> VOIP EP <analogue/digital> SET <name> CFWD ON-NO-ANSWER TIMEOUT <secs> Description Call ForWarDing (CFWD) enables to forward incoming calls to another destination previously decided in a static way. The feature must be enabled on the RG6xx via the command line. The sequence to be composed on the phone keyboard. type the following command: voip ep <digital/analogue> disable <port-name> cfwd <all-calls/on-busy/on-noanswer> Options The following table gives the range of values for each option. and can be set for following cases: • CFWD for all incoming calls • CFWD in case of busy state of the receiver of the call • CFWD in case of no answer. to disable it on the phone. To display access port names. you need to digit the "off-prefix". You can see changes on the RG6xx by typing the following command: voip ep <digital/analogue> show <port-name> cfwd <all-calls/on-busy/on-noanswer> Then. and a default value (if applicable). The timer allows users to decide a time threshold after which the call is considered not answered. Option name Description A name that identifies an existing access port. use the VOIP EP LIST command. If you want to disable it on the RG600. you need to digit on the phone keyboard the "on-prefix + <the number> + on-suffix". which can be specified with this command. In order to have all rules set at the same time. before the phone number to where the call will be forwarded The sequence to be composed on the phone keyboard after the prefix and the phone Default Value N/A on-prefix N/A on-suffix N/A . In this case a timer can be set.

The status of the comfort noise generation feature. Valid values are: off: CNG disabled on: CNG enabled Default Value N/A status N/A Example --> voip ep analogue set prt0 cng off --> voip ep digital set prt0 cng off See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE . The time threshold after which the call is considered not answered N/A secs N/A Example --> voip ep analogue set tel1 cfwd enable all-calls on-prefix *123* on-suffix # offprefix ** --> voip ep analogue set tel1 cfwd enable on-busy on-prefix *123* on-suffix # off-prefix ** --> voip ep analogue set tel1 cfwd enable on-no-answer on-prefix *123* on-suffix # off-prefix ** voip ep analogue set tel1 cfwd on-no-answer timeout 10 See also VOIP EP SHOW CFWD VOIP EP DISABLE VOIP EP SET CNG Syntax VOIP EP ANALOGUE SET <name> CNG <status> VOIP EP DIGITAL SET <name> CNG <status> Description This command enables or disables the comfort noise generation feature. which can be specified with this command. Option name Description A name that identifies an existing access port. use the VOIP EP LIST command. To display access port names.AT-RG 600 Residential Gateway – Software Reference Manual 317 number off-suffix The sequence to be composed by the user on his phone keyboard to disable the call forwarding. and a default value (if applicable). Options The following table gives the range of values for each option.

711 µ-law PCM g729ab: referring to G. and a default value (if applicable). Options The following table gives the range of values for each option. Valid values are: g711a: referring to G.726 24 kbps g726-32:referring to G. T38 support must always be selected together with another speech codec (G711a/u or G726 or G729ab).726 16 kbps g726-24:referring to G. Option name Description A name that identifies an existing access port.g729ab --> voip ep digital set prt0 codecs g711a.711 a-law PCM g711u: referring to G.g729ab See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET COUNTRY Syntax VOIP EP ANALOGUE SET <name> COUNTRY <country> . which can be specified with this command.726 32 kbps g726-40:referring to G. use the VOIP EP LIST command.726 40 kbps T38 Default Value N/A codec-list N/A Example --> voip ep analogue set prt0 codecs g711a.g711u. The value or a comma separated list of values defining the compression algorithm on codec.g711u.729A/B 8 kbps ACELP A/B g726-16:referring to G. To display access port names.318 Chapter 14 – VoIP Analogue and Digital Access Ports VOIP EP LIST VOIP EP SHOW VOIP EP SET CODECS Syntax VOIP EP ANALOGUE SET <name> CODECS <codec-list> VOIP EP DIGITAL SET <name> CODECS <codec-list> Description This command sets the codec capability list for an existing access port.

appropriately for the selected country. Option name Description A name that identifies an existing access port. busy tone and ring back tone frequencies and cadences on the physical port referred to by the named access port.AT-RG 600 Residential Gateway – Software Reference Manual 319 VOIP EP DIGITAL SET <name> COUNTRY <country> Description This command sets dial tone. Options The following table gives the range of values for each option. Valid values are: australia austria belgium canada china france germany israel italy japan newzealand norway russia singapore spain sweden turkey uk usa Default Value N/A country N/A Example --> voip ep analogue(digital) set prt0 country USA See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET DIALMASK Syntax VOIP EP ANALOGUE SET <name> DIALMASK <digit-number> . To display access port names. which can be specified with this command. use the VOIP EP LIST command. The national signalling system and defines the analogue signaling criteria in use. and a default value (if applicable).

Acceptable values are from 0 to 3. it's also necessary select the pulse rate: 10pps or 20pps. dial mask works only in the direction PSTN to FXO port. if DIALMODE is set to AUTO. Example --> voip ep analogue set prt0 dialmode auto See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE . The number of digits to be removed from the dialed number. the Residential Gateway examines the type of signalling mode supported on the PSTN line and set the port signalling to the same mode automatically. Options The following table gives the range of values for each option. which can be specified with this command. If PULSE mode is selected. if DIALMODE is set to AUTO. On fxs ports. To display the existing access port names. and a default value (if applicable). Option name Description A name that identifies an existing access port.320 Chapter 14 – VoIP Analogue and Digital Access Ports VOIP EP DIGITAL SET <name> DIALMASK <digit-number> Description This command sets the dial mask value (number of chars to be removed from the dialed number) on the physical port referred to by the named access port. On AT-RG613 TXJ FXO port. Default Value N/A digit-number N/A Example --> voip ep analogue set prt0 dialmask 2 --> voip ep digital set prt0 dialmask 2 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET DIALMODE Syntax VOIP EP ANALOGUE SET DIALMODE {AUTO | DTMF | PULSE 10PPS|20PPS} Description This command sets the dial mode used by analogue ports. use the VOIP EP LIST command. the Residential Gateway uses the same signalling mode selected for fxo port. On the fxo port.

Options The following table gives the range of values for each option. A Digit map may have up to 32 chars. The following symbols can be used: DTMF: A digit from '0' to '9' or one of the symbols "A". "C". use the VOIP EP LIST command. "B". or "*"." Default Value N/A digit-map N/A Example --> voip ep analogue set prt0 digitmap x.AT-RG 600 Residential Gateway – Software Reference Manual 321 VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET DIGITMAP Syntax VOIP EP ANALOGUE SET <name> DIGITMAP <digit-map> VOIP EP DIGITAL SET <name> DIGITMAP <digit-map> Description This command sets the digit map rule on the physical port referred to by the named access port. "#".T --> voip ep digital set prt0 digitmap x. To display the existing access port names. The digit map expression.T See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET IDT-CRITICAL Syntax VOIP EP ANALOGUE SET <name> IDT-CRITICAL <secs> VOIP EP DIGITAL SET <name> IDT-CRITICAL <secs> . Timer: The symbol "T" Wildcard: The symbol "x" Range: The symbols "[" and "]" Subrange: The symbol "-" Position: The symbol ". and a default value (if applicable). Option name Description A name that identifies an existing access port. "D". which can be specified with this command.

use the VOIP EP LIST command.322 Chapter 14 – VoIP Analogue and Digital Access Ports Description This command set the Inter-digit critical time on the physical port referred to by the named access port. To display access port names. Options The following table gives the range of values for each option. which can be specified with this command. Acceptable values are from 2secs to 10secs. use the VOIP EP LIST command. and a default value (if applicable). Default Value N/A secs N/A Example --> voip ep analogue set prt0 idt-critical 16 --> voip ep digital set prt0 idt-critical 16 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET IDT-PARTIAL Syntax VOIP EP ANALOGUE SET <name> IDT-PARTIAL <secs> VOIP EP DIGITAL SET <name> IDT-PARTIAL <secs> Description This command sets the Inter-digit time on the physical port referred to by the named access port. The time duration in seconds of the interdigit time. which can be specified with this command. Options The following table gives the range of values for each option. Acceptable values are from 5secs to 30secs. To display existing access port names. and a default value (if applicable). Option name Description A name that identifies an existing access port. Default Value N/A secs N/A Example --> voip ep analogue set prt0 idt-partial 10 --> voip ep digital set prt0 idt-partial 10 See also VOIP EP CREATE . Option name Description A name that identifies an existing access port. The time duration in seconds of the interdigit critical time.

. To display the existing access port names. which can be specified with this command. Options The following table gives the range of values for each option. Valid values are from 0 to 130msec: Default Value N/A msec N/A Example --> voip ep analogue set prt0 jitterdelay 6 --> voip ep digital set prt0 jitterdelay 6 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET LEC Syntax VOIP EP ANALOGUE SET <name> LEC <msec> VOIP EP DIGITAL SET <name> LEC <msec> Description This command sets the line echo cancellation length on the port referred to by the named access port. use the VOIP EP LIST command. and a default value (if applicable). The delay in milliseconds that the jitter buffer waits before it transmits the data samples that are collected from the VoIP network. Option name Description A name that identifies an existing access port. which can be specified with this command. and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 323 VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET JITTERDELAY Syntax VOIP EP ANALOGUE SET <name> JITTERDELAY <msec> VOIP EP DIGITAL SET <name> JITTERDELAY <msec> Description This command sets the jitter delay value on the port referred to by the named access port. Options The following table gives the range of values for each option.

which can be specified with this command. Default Value N/A msec N/A Example --> voip ep analogue set prt0 offhook-time 350 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW . Options The following table gives the range of values for each option. Valid values are 0. Valid values are from 100 to 500msec. 16 and 32 msec. The line echo cancellation length in milliseconds. use the VOIP EP LIST command. To display the existing access port names. The off-hook time in millisecond. Only analog access ports accept off-hook time settings.324 Chapter 14 – VoIP Analogue and Digital Access Ports Option name Description A name that identifies an existing access port. Option name Description A name that identifies an existing access port. 8. and a default value (if applicable). To display the existing access port names. Default Value N/A msec N/A Example --> voip ep analogue set prt0 lec 16 --> voip ep digital set prt0 lec 16 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET OFFHOOK-TIME Syntax VOIP EP ANALOGUE SET <name> OFFHOOK-TIME <msec> Description This command set the off-hook time on the port referred to by the named access port. use the VOIP EP LIST command.

Options The following table gives the range of values for each option. use the VOIP EP LIST command. The on-hook time in millisecond. Default Value N/A gain N/A Example --> voip ep analogue set prt0 rxgain –3. and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 325 VOIP EP SET ONHOOK-TIME Syntax VOIP EP ANALOGUE SET <name> ONHOOK-TIME <msec> Description This command set the on-hook time on the port referred to by the named access port. use the VOIP EP LIST command. Only analog access ports accept on-hook time settings. which can be specified with this command. Option name Description A name that identifies an existing access port. Valid values are from 100 to 500msec. The value of rx gain in dB. Default Value N/A msec N/A Example --> voip ep analogue set prt0 onhook-time 250 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET RXGAIN Syntax VOIP EP ANALOGUE SET <name> RXGAIN <gain> VOIP EP DIGITAL SET <name> RXGAIN <gain> Description This command sets the input gain (in the direction from AT-RG600/VoIP network to phone/user) of the port referred to by the named access port. Option name Description A name that identifies an existing access port.0 . To display the existing access port names. and a default value (if applicable). Options The following table gives the range of values for each option. To display the existing access port names. which can be specified with this command. Valid values are from –48dB to +28dB.

0 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET TXGAIN Syntax VOIP EP ANALOGUE SET <name> TXGAIN <gain> VOIP EP DIGITAL SET <name> TXGAIN <gain> Description This command sets the output gain (in the direction from phone/user to ATRG600/VoIP network) of the port referred to by the named access port. use the VOIP EP LIST command. which can be specified with this command. Valid values are from –48dB to +28dB. The value of tx gain in dB. and a default value (if applicable). . Default Value N/A gain N/A Example --> voip ep analogue set prt0 txgain –3. Options The following table gives the range of values for each option. and a default value (if applicable). Options The following table gives the range of values for each option.326 Chapter 14 – VoIP Analogue and Digital Access Ports --> voip ep digital set prt0 rxgain –3. To display the existing access port names.0 --> voip ep digital set prt0 txgain –3.0 See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SET VAD Syntax VOIP EP ANALOGUE SET <name> VAD <status> VOIP EP DIGITAL SET <name> VAD <status> Description This command enables or disables the voice activity detection feature on the port referred to by the named access port. which can be specified with this command. Option name Description A name that identifies an existing access port.

Valid values are: on VAD enabled off VAD disabled Default Value N/A status N/A Example --> voip ep analogue set prt0 vad off --> voip ep digital set prt0 vad off See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SHOW VOIP EP SHOW Syntax VOIP EP ANALOGUE SHOW <name> VOIP EP DIGITAL SHOW <name> Description This command displays the following information about a named access port: • Physical Port • Typology • Operational status • Comfort Noise Generation (CNG) • Codec Capabilities • Country • Critical-digit time • Inter-digit time • Dialing Mode (AT-RG613TX and AT-RG613TXJ models) • Digit map • Dial mask • Line Echo Cancellation (AT-RG613TX and AT-RG613TXJ models) • Jitter Delay • Voice Activity Detection (VAD) • Off-hook time (AT-RG613TX and AT-RG613TXJ models) . To display the existing access port names. use the VOIP EP LIST command. The status of the VAD feature.AT-RG 600 Residential Gateway – Software Reference Manual 327 Option name Description A name that identifies an existing access port.

Voice Activity Detection (VAD): ON Off-hook time: 250 mSec. On-hook time: 350 mSec. Default Value N/A Example --> voip ep analogue show prt0 --> voip ep analogue show prt0 Gateway access port: prt0 -------------------------------------------------Physical port: tel1 Typology: al-fxs-del Operational status: Activated Confort Noise Generation (CNG): OFF Codec Capabilities: G711A. Digit map: x.G711U Country: Italy Critical-digit time: 16 Sec. and a default value (if applicable).328 Chapter 14 – VoIP Analogue and Digital Access Ports • On-hook time (AT-RG613TX and AT-RG613TXJ models) • Rx gain • Tx gain • Attached users Options The following table gives the range of values for each option. which can be specified with this command. Tx gain: +0.0 dB.T Dial mask: 0 Dial mode: DTMF Line Echo Cancellation (LEC): 16 Jitter Delay: 130 mSec. Attached users: See also VOIP EP CREATE VOIP EP DISABLE VOIP EP DELETE VOIP EP ENABLE VOIP EP LIST VOIP EP SET . To display the existing access port names. Option name Description A name that identifies an existing access port.0 dB. use the VOIP EP LIST command. Inter-digit time: 4 Sec. Rx gain: -3.

calling from PSTN. the first dialled number allows to gain the access to VoIP network and next selection have to be dialled to reach the final destinationadds a named access port and binds it to a physical access port. .AT-RG 600 Residential Gateway – Software Reference Manual 329 VoIP Lifeline Command Reference This section describes the commands available on the Residential Gateway to manage the lifeline port (fxo port). The following commands are available only on AT-RG613TXJ model. Serious VoIP network failures like ethernet link down or location server/gatekeeper unreacheble bring outgoing call to be forwarded on the network terminated by fxo port. Incoming calls are forwarded only to local fxs ports. Outgoing call is forwarded to it on dial selection base. Example --> voip lifeline disable See also VOIP LIFELINE ENABLE VOIP LIFELINE SHOW VOIP LIFELINE ENABLE Syntax VOIP LIFELINE DISABLE Description This command enable the lifeline support. needs two phases to reach the destination. while incoming call may be forwarded to any internal and external user allowing destination re-dialling. voip lifeline CLI commands The table below lists the VOIP LIFELINE commands provided by the CLI: Command VOIP LIFELINE DISABLE VOIP LIFELINE ENABLE VOIP LIFELINE SHOW VOIP LIFELINE DISABLE Syntax VOIP LIFELINE DISABLE Description This command disable the lifeline feature and in this case the fxo port is used to offer gateway service. If it is enabled the system uses it as back-up line. A user.

See also VOIP LIFELINE DISABLE VOIP LIFELINE ENABLE .330 Chapter 14 – VoIP Analogue and Digital Access Ports Example --> voip lifeline enable See also VOIP LIFELINE DISABLE VOIP LIFELINE SHOW VOIP LIFELINE SHOW Syntax VOIP LIFELINE SHOW Description This command shows the current lifeline status.

to be able to provide directories (LDAP).specifically to ensure transport (RTP). Members in a session can communicate via multicast or via a mesh of unicast relations. to authenticate users (RADIUS. . a VoIP Network. or connect to. Internet telephony is evolving from its use as a "cheap" (but low quality) way to make international phone calls to a serious business telephony capability. the implementation of the call processes in the AT-RG613. or via a combination of these. AT-RG623 and AT-RG656 to provide. DIAMETER). modifying and terminating sessions with one or more participants. These sessions include Internet multimedia conferences. signalling inter-working with today’s telephony network. AT-RG623 and AT-RG656 and how to configure and operate the AT-RG613. Internet (or any IP Network) telephone calls and multimedia distribution. SIP Protocol SIP (Session Initiation Protocol) is a protocol developed to assist in providing advanced telephony services across the Internet. SIP is part of the IETF standards process and is modeled upon other Internet protocols such as SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol. SIP is one of a group of protocols required to ensure that this evolution can occur. change and tear down (end) calls between one or more users in an IP-based network. YESSIR). SIP is described as a control protocol for creating.AT-RG 600 Residential Gateway – Software Reference Manual 331 Chapter 15 VoIP SIP Introduction This chapter describes the main features of the SIP standard. the protocols supported. It is used to establish.). and to scale to meet the anticipated growth curves. to be able to guarantee voice quality (RSVP. In order to provide telephony services there is a need for a number of different standards and protocols to come together .

) The client element initiates the calls and the server element answers the calls. It also supports user mobility by proxying and redirecting requests to the user's current location. What will be available is perhaps an email-like address or a telephone number associated with the called party. the User Agent Client (UAC) and a server element. In essence. • Call Participant Management During a call a participant can bring other users onto the call or cancel connections to other users. SIP has to provide or enable the following functions: Name Translation and User Location Ensuring that the call reaches the called party wherever they are located. Ensuring that details of the nature of the call (Session) are supported. The SIP User Agent and the SIP Network Server. The User agent itself has a client element. This allows peer-to-peer calls to be made using a client-server protocol. but in the course of the call. users could be transferred or placed on hold. • Feature Negotiation This allows the group involved in a call (this may be a multi-party call) to agree on the features supported – recognizing that not all the parties can support the same level of features. SIP is not tied to any particular conference control protocol. .332 Chapter 15 – VoIP SIP SIP supports session descriptions that allow participants to agree on a set of compatible media types. The User Agent is effectively the end system component for the call and the SIP Server is the network device that handles the signaling associated with multiple calls. there is plenty of scope for negotiation. the User Agent Server (UAS. In addition. For example video may or may not be supported. The main function of the SIP servers is to provide name resolution and user location. a call may have been set up as ‘voice-only’. the caller’s user agent can identify with a specific server to "resolve" the address information – it is likely that this will involve many servers in the network. the SIP stateless proxy server and the SIP re-direct server. A third party joining a call may require different features to be enabled in order to participate in the call Protocol Components There are two components within SIP.the SIP stateful proxy server. • Call feature changes A user should be able to change the call characteristics during the course of the call. Carrying out any mapping of descriptive information to location information. There are effectively three forms of server that can exist in the network . as any form of MIME type is supported by SIP. For example. the users may need to enable a video function. since the caller is unlikely to know the IP address or host name of the called party. Using this information. The SIP Server element also provides for more than one type of server.

SIP URLs are easy to associate with a user’s e-mail address. SIP addresses users by an email-like address. A re-direct server receives requests.. controlling domains of users and becoming the prime platform for the application services. but rather than passing these onto the next server it sends a response to the caller indicating the address for the called user. SIP provides the necessary protocol mechanisms so that end systems and proxy servers can provide services: • User location • User capabilities • User availability • Call set-up • Call handling • Call forwarding. including • The equivalent of 700-. locationindependent address even when the user changes terminals . This provides the address for the caller to contact the called party at the next server directly. along with the responses it sends back and the outgoing requests it sends on. This allows a stateful proxy server to fork requests to try multiple possible user locations in parallel and only send the best responses back.e.and 900. Stateful proxy servers are then most likely to be the local devices close to the User Agents. SIP is typically used over UDP or TCP. Each user is identified through a hierarchical URL that is built around elements such as a user’s phone number or host name (for example. 800. Because of this similarity. where numbers can be any (preferably unique) naming scheme • Personal mobility. determines where to send these. i. There can be many server hops in the network. A stateless proxy server forgets all information once it has sent on a request.type calls • • • • Call-forwarding no answer Call-forwarding busy Call-forwarding unconditional Other address-translation services • Callee and calling "number" delivery. SIP:user@company. and passes them onto the next server (using next hop routing principals). Stateless Proxy servers are most likely to be the fast.AT-RG 600 Residential Gateway – Software Reference Manual 333 A SIP proxy server receives requests. backbone of the SIP infrastructure. SIP provides its own reliability mechanism and is therefore independent of the packet layer and only requires an unreliable datagram service. The difference between a stateful and stateless proxy server is that a stateful proxy server remembers the incoming requests it receives. the ability to reach a called party under a single.com).

Once found. proxy or redirect the call to additional servers until it arrives at one that definitely knows the IP address where the called user can be found. white-boarding. or where someone is ringing both a boss and their secretary. This feature is handy if a user is working between two locations (a lab and an office. for example. If that server is a proxy server it will attempt to resolve the called user’s location and send the request to them. • Terminal capability negotiation • Caller and callee authentication • Blind and supervised call transfer • Invitations to multicast conferences When a user wants to call another user. The second significant feature is SIP’s unique ability to return different media types. the user can always add functions—such as videoconferencing. In the simplest case. for example). If the client knows the location of the other party it can send the request directly to their IP address. the client responds to the invitation with the designated capabilities* of the client software and a connection is established. and from there several options arise. of course. one SIP network server can. e.g. The request contains enough information for the called party to join the session. it can return to the customer’s phone client via a Web Interactive Voice Response page (IVR or could use the term Interactive Web Response or IWR). etc. There are many ways it can do this. SIP has two additional significant features. If the user declines the call. Take the example of a user contacting a company.334 Chapter 15 – VoIP SIP • Terminal-type negotiation and selection: a caller can be given a choice how to reach the party. SIP Messages A SIP request message consists of three elements: • Request Line • Header . During the course of locating a user. If not the client can send it to a locally configured SIP network server. mobile phone. the request is sent to the user. the user’s telephony client receives the request—that is. the user’s phone rings. Regardless. via Internet telephony. The first is a stateful SIP proxy server’s ability to split or "fork" an incoming call so that several extensions can be rung at once. Clicking the appropriate link sends an invitation to that user to set up a call. The first extension to answer takes the call. "Designated capabilities" refers to the functions that the user wants to invoke. but the user may only want to use audio conferencing. with the extensions of the available departments or users provided on the list. If the user takes the call. When the SIP server receives the client’s connection request. the server may be a redirect server that may return the called user location to the calling client for it to try directly. Alternatively. such as searching the DNS or accessing databases. the caller initiates the call with an invite request. The client software might support videoconferencing.. the session can be redirected to a voice mail server or to another user. or a third user—by issuing another invite request to other users on the link. an answering service.

AT-RG623 and AT-RG656.AT-RG 600 Residential Gateway – Software Reference Manual 335 • Message Body A SIP response message consists of three elements: • Status Line • Header • Message Body The Request line and header field define the nature of the call in terms of services. for mid-session signalling. AT-RG623 and AT-RG656 can communicate with the following devices: • Another VoIP terminal on the IP network. is also being added Related Standards Activity. • Cancel ends a pending request. letting a server know the location of other users. terminates the call between two of the users on a call requests information on the capabilities of a server confirms that a client has received a final response to an INVITE • Register provides the map for address resolution. addresses and protocol features. but does not end the call • The INFO method. such as another AT-RG613. The message body is independent of the SIP protocol and can contain anything. AT-RG623 and AT-RG656 Call Processes The AT-RG613. SIP defines the following methods (SIP uses the term ‘method’ to describe the specification areas): • Invite • Bye • Options • Ack invites a user to join a call. for instance: • a Soft Phone • an IP phone directly connected to the IP network Calls Involving Another Terminal The following example shown in Figure 16 illustrates how to reach a phone or fax on another AT-RG613/AT-RG623TX terminal. . • Any LAN SIP endpoint on the IP network. AT-RG613.

Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone A user makes a call with the phone connected to an AT-RG613/AT-RG623. which reaches the corresponding LAN SIP endpoint on the IP network (Figure 17). Calls Involving a Terminal and a SIP Endpoint The following examples illustrate how a phone connected to an AT-RG613/ATRG623TX terminal can communicate with a LAN SIP endpoint on the IP network. which completes the connection to the phone which is attached to it.336 Chapter 15 – VoIP SIP SIP IP Phone VoIP Network Analog Phone (or Digital Phone) AT-RG613 (or AT-RG623) A B AT-RG613 (or AT-RG623) Analog Phone (or Digital Phone) SIP Server Figure 16. Such endpoints could be: • a Soft Phone • an IP phone directly connected to the IP network A user makes a call with the phone connected to an AT-RG613/AT-RG623. . which in turn contacts another AT-RG613/ AT-RG623.

Users & Forwarding Database Introduction The VoIP SIP subsystem on AT-RG613. are three basic steps in correctly configuring the VoIP SIP subsystem (see Figure 18). local users and forwarding database. . • Users are entities uniquely identified in the system by a name with an associated phone number.AT-RG 600 Residential Gateway – Software Reference Manual 337 SIP IP Phone VoIP Network Analog Phone (or Digital Phone) AT-RG613 (or AT-RG623) A B AT-RG613 (or AT-RG623) Analog Phone (or Digital Phone) SIP Server Figure 17. • Forwarding rules are local call routing rules used to forward an incoming call on a local user to a remote system or to a remote user. users. local users. Definition of SIP servers. The following section describe SIP servers. The User's phone number represents the user's address on the local system. Phone --> AT-RG613/RG623 (A) --> SIP IP Phone VoIP SIP Servers. call forwarding rules and access ports. Forwarding rules are also used for locally originated calls when the called party is not a local user and the call must be routed to a specific contact that typically is different from the proxy server. AT-RG623 and AT-RG656 residential gateways is based on the concept of SIP servers. and optionally forwarding database rules. • SIP servers are servers where local users register themselves (Location Servers) and where calls are routed (Proxy Servers) when an outgoing call is going to be set up.

basic steps. VoIP subsystem configuration . it's possible to set a location server as Master: all the registration requests will start from the master location server independently of the position of the server in the location servers list. Once a successful registration with a server has been achieved no further registration requests will be performed even if other location servers are defined. The system will attempt to register the local users on all the location servers available in the location server list (see VOIP SIP LOCATIONSERVER LIST command) until the first registration phase achieves a positive result. In the case of registration failure on the Master server. SIP Servers Location Servers The SIP module needs to know where locally defined users attempt to register their contact in the network. In the case that more than one location server is defined in the system. the Location Server list will be used as server address table where registration requests will be sent.338 Chapter 15 – VoIP SIP Default Configuration SIP Signaling Protocol Configuration Access Port Creation Users Creation Location Servers Forwarding Database Proxy Servers Access Port Config. Users Binding Incoming/ Outgoing Calls Figure 18. the system starts trying to use the server addresses defined in the Proxy Server list as a location server. It's possible to define more that one location server in order to increase system reliability in case the first location server doesn't work or cannot be reached. The VOIP SIP LOCATIONSERVER CREATE command is used to set the location servers used to register users. . If no location servers are defined.

the Proxy Server list will be used as server address table where INVITE requests will be sent. The VOIP SIP PROXYSERVER CREATE command is used to inform the system about the proxy servers that can be contacted when an outgoing call is going to be established. In that case no further INVITE requests are sent to the other proxy servers even if the called user cannot be reached. it's possible to define more that one proxy server in order to increase system reliability in case the first proxy server doesn't work or cannot be reached. The Proxy Server is also used as registration server if no location servers are defined. the user domain will be automatically associated with the proxy server where the user has been registered. If users are defined without specify the user domain (see VOIP SIP USER CREATE command) and no Location Servers are defined. Users are defined by the VOIP SIP USER CREATE command. shared between users and forwarding rules. Each user must have an associated user number. an area code number if a complete E. it's possible to set a proxy server as Master: all the INVITE requests will start from the master proxy server independently of the position of the server in the proxy servers list. composed of an address number and. . Users The system is designed to support up to 100 entries. the user domain will be automatically associated to the location server address where the user has been registered. The system will attempt to contact all the proxy servers available in the proxy server list (see VOIP SIP PROXYSERVER LIST command) until the first server answers to the INVITE request. In the case that more than one proxy server is defined in the system. Proxy Servers The SIP module needs to know which proxy server must be used when an outgoing call cannot be processed by a local number or by a well defined forwarding rule but must resolved by an external proxy server. Similarly to location servers. optionally.164 number must be defined.AT-RG 600 Residential Gateway – Software Reference Manual 339 If users are defined without specify the user domain (see VOIP SIP USER CREATE command). In the case that the Master proxy server cannot be reached.

340

Chapter 15 – VoIP SIP

Note: In any given system there cannot exist two or more users with the same area code and address. In any given system it is allowable to have two or more users with the same address but different area code or no area code at all. Users may inform the VoIP network about the location (IP address) where they can be contacted by registering themselves on the location server defined in the VOIP SIP LOCATIONSERVER CREATE command. In this way, other endpoints on the VoIP network can contact each user by simply using the user address. The domain where users are members is the domain defined in the VOIP SIP USER CREATE command. If the DOMAIN is not defined, users will get as domain the address of the Location Server (or Proxy Server if no location servers are defined) where they are registered. To know the user's registration status use the VOIP SIP USER SHOW command. The user number used in the location registration messages is the complete user number: area code + address number. users and access port A user needs to be attached to at least one physical port in order to receive or to make a call. To attach a user to a physical port use the VOIP SIP USER ADD command. When a user receives a call, only the access lines where the user is attached are engaged by the communication. The same user may be attached to more than one access port. In this case when a call is made to that user, all the lines on which the user is attached will be used to signal the incoming call. To know the physical port where a user is attached, use the VOIP SIP USER SHOW command Note that physical access ports don’t have their own fixed phone number. They inherit the phone number from the user number of attached users. More than one user may be attached to the same physical access port and therefore more than one phone number can be associated to the same physical access port. If a user receives a call but the physical line where the user is attached is already involved in another communication (because it is used by another user), the call is rejected. When an outgoing call (in the direction user to VoIP network) is made and more than one user is attached on the access port being used to make the call, the identity of calling user is deemed to be the first user defined in the list of users attached to that port. To know which users are attached to a physical port, use the VOIP EP SHOW command. All the local users belong to the same domain.

AT-RG 600 Residential Gateway – Software Reference Manual

341

When an access port is deleted from the system, all the users previously attached are removed from the port. Removing a user from a port, by using the VOIP SIP USER REMOVE command or by deleting the access port, results in an un-registration process from the location server defined during user creation phase.

Forwarding Database (FDB)
The forwarding database is a technical solution implemented on the Residential Gateway to redirect a call to a different destination address based on the called party number. The forwarding database is used by the signaling end-point layer every time the called end-point cannot be found among the local users. It is used both for incoming calls from the VoIP network or for outgoing calls generated locally and directed to a remote end-point. The forwarding database may collect up to 100 entries (including users). Forwarding entries are defined by the VOIP SIP FDB CREATE command. Each fdb entry is uniquely identified by a name and defines the conditions that a calls must satisfy in order to be routed to the end point specified by fdb entry parameters. • When the signaling end-point layer receives a call it retrieves the called end-point address (called number). o Typically the called number is defined in the call signaling messages received from the network (in the To header). If the call is originated locally, the called number address is equal the dialed number (unless the anologue/digital endpoint as the dialmask set to a value different from 0).

o

• The Called end-point address is searched for among the local user addresses to check if the recipient of the call is a user on the local system. • If the called end-point matches the address of a local user, the physical resource (analog or digital port) associated with the called user starts ringing (if the resource is available) • If the called number cannot be found among the local users, the forwarding database is scanned to look for all the entries matching the called number. The forwarding algorithm acts differently if the call is originated locally or the call is an incoming call: Local originated calls o If a match is found, the INVITE message is routed to the IP address defined in the CONTACT field of the matched fdb entry. The called user domain will be set to the DOMAIN value (optional) or to the CONTACT value (if no DOMAIN is specified) defined by the DOMAIN and CONTACT fields in the fdb entry respectively.

342

Chapter 15 – VoIP SIP

If the fdb entry has defined the FWADDRESS field, the called number is changed from the dialed number to the number defined in the fdb entry FWADDRESS field. In this way it's possible to dial short numbers that will be replaced by full qualified numbers in the outgoing calls. By default, the calling user is the first user defined in the system that is attached to the outgoing physical port. o If no match is found in the forwarding database, the INVITE message is routed to the first available proxy server (starting from the Master proxy server if defined) using as called endpoint domain the same domain as the calling user. By default, the calling user is the first user defined in the system that is attached to the outgoing physical port. Incoming calls o If a match is found, a MOVED TEMPORARY message is sent back to the call originator reporting the contact address defined by the CONTACT field in the matched fdb entry. If the fdb entry has defined the FWADDRESS field, the called number is changed from the dialed number to the number defined in the fdb entry FWADDRESS field. o If no match is found in the forwarding database, the call is discharged.

Address and digit-map The address field specified in fdb entries can be defined using digit map expressions. Digit map expressions are used to increase system flexibility when defining forwarding rules that must mach multiple addresses (the digit map is used also in the voip access port module). A digit map is defined either by a (case insensitive) "string" or by a list of strings. Each string in the list is an alternative numbering scheme, specified either as a set of digits or as an expression to which the called address is compared by the signaling end-point layer to find the shortest possible match. The following constructs can be used in each digit map: Digit: A digit from '0' to '9' Wildcard: The symbol "x" which matches any digit ("0" to "9"). Range: One or more digit symbols enclosed between square brackets ("[" and "]"). Subrange: Two digits separated by hyphen ("-") which matches any digit between and including the two. The subrange construct can only be used inside a range construct, i.e., between "[" and "]". Position: A period ("."), which matches an arbitrary number, including zero, of occurrences of the preceding, construct. Digit map expressions are typically used when managing locally originated calls.

AT-RG 600 Residential Gateway – Software Reference Manual

343

In this case, using digit map expressions, it is possible to define a generic rule in such a way that all the calls are routed to a specific contact (e.g. the proxy server) that will be in charge of proceeding with the call routing. Digit map expressions are also useful for designing a small network without making use of any location servers or proxy servers or gatekeepers.

344

Chapter 15 – VoIP SIP

VoIP SIP Command Reference
This section describes the commands available on the AT-RG613, AT-RG 623 and AT-RG656 Residential Gateway to configure and manage the SIP protocol signaling module.

VoIP sip protocol CLI commands
The table below lists the VOIP SIP PROTOCOL commands provided by the CLI: Command VOIP SIP PROTOCOL DISABLE VOIP SIP PROTOCOL ENABLE VOIP SIP PROTOCOL RESTART VOIP SIP PROTOCOL SET DEFAULTPORT VOIP SIP PROTOCOL SET EXTENSION VOIP SIP PROTOCOL SET NAT VOIP SIP PROTOCOL SET NETINTERFACE VOIP SIP PROTOCOL SET ROUNDTRIPTIME VOIP SIP PROTOCOL SET SESSIONEXPIRE VOIP SIP PROTOCOL SHOW

VOIP SIP PROTOCOL DISABLE
Syntax VOIP SIP PROTOCOL DISABLE Description This command stops the VoIP SIP signalling protocol and releases all the resources associated to it.: • any analogue or digital port defined in the system is removed. • any user defined in the system is deleted. • any forwarding entry in the fdb is deleted. • any SIP server reference (location and proxy) is removed. This command is typically used when it's necessary to change the VoIP signalling protocol, i.e. from SIP to H323. To simply restart the SIP module, use the VOIP SIP PROTOCOL RESTART command. It doesn't remove any resources defined under the voip main module. To enable the SIP module, use the VOIP SIP PROTOCOL ENABLE command. Example --> voip sip protocol disable See also VOIP SIP PROTOCOL RESTART VOIP SIP PROTOCOL ENABLE.

AT-RG 600 Residential Gateway – Software Reference Manual

345

VOIP SIP PROTOCOL ENABLE
Syntax VOIP SIP PROTOCOL ENABLE Description This command turns on the SIP signaling module. To bind the SIP module to a specific IP interface use the VOIP SIP PROTOCOL SET INTERFACE command. Binding the SIP module to a specific IP interface defines the value of the source IP address for signallng and voice packets. SIP URLs with local reference offer the hostname and the IP address belonging the provisioned interface.

The SIP module MUST be enabled in order to create/set analog/digital ports, users, call forwarding rules and SIP servers..

Example --> voip sip protocol enable See also VOIP SIP PROTOCOL SHOW VOIP SIP PROTOCOL DISABLE

VOIP SIP PROTOCOL RESTART
Syntax VOIP SIP PROTOCOL RESTART

Description This command restarts the VoIP SIP signaling protocol module. Any pending and active calls are released. Users previously registered to location servers start to unregister themselves and then re-register. on the same location servers. This command doesn't release any resources (users, physical ports and fdb entries) previously created during module configuration. Example --> voip sip protocol restart See also VOIP SIP PROTOCOL ENABLE

VOIP SIP PROTOCOL SET DEFAULTPORT
Syntax VOIP SIP PROTOCOL SET DEFAULTPORT <ipport> Description This command sets the default listening/sending port used for SIP signaling

346

Chapter 15 – VoIP SIP

messages. By default, when the SIP module is attached to an IP interface using theVOIP SIP PROTOCOL SET NETINTERFACE command, the following default value is used: • defaultport: 5060

Changing the signaling port causes the SIP module to restart.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description UDP/TCP port number used for signalling messages. Available values are from 1026 to 65534. Only even values can be accepted Default Value

ipport

5060

Example --> voip sip protocol set defaultport 5060 See also VOIP SIP PROTOCOL ENABLE

VOIP SIP PROTOCOL SET EXTENSION
Syntax VOIP SIP PROTOCOL SET EXTENSION <extension> Description This command sets the protocol features extended by the protocol.

100rel and Session Timer are always supported when requested; setting “session-timer” the user agent explicitly requires this keep-alive mechanism. Info method overlaps the event transfer supported by RTP sessions.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description extensions is a comma separated list of values defining the protocol extension. Available values are: info session-timer none Default Value

extension

none

Example --> voip sip protocol set extension session-timer

AT-RG 600 Residential Gateway – Software Reference Manual

347

See also VOIP SIP PROTOCOL SHOW

VOIP SIP PROTOCOL SET NAT
Syntax VOIP SIP PROTOCOL SET NAT {NONE | <host> } Description This command sets the NAT host reference. Any SIP URLs with local reference is hidden by the NAT address value. Changing the NAT reference causes the SIP module to restart.

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description The address that must displayed in the local SIP URL references. It can be expressed in hostname format or IPv4 format. A Hostname can be a maximum of 255 characters long. Default Value

host

None

Example --> voip sip protocol set nat 10.17.90.110 --> voip sip protocol set nat at-rg600.voip.atkk.com See also VOIP SIP PROTOCOL ENABLE

VOIP SIP PROTOCOL SET NETINTERFACE
Syntax VOIP SIP PROTOCOL SET NETINTERFACE <interface_name> Description This command sets the IP interface used to access the VoIP network. • Signaling and voice packets will use the Source IP address defined for the selected interface. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option interface_name Description A name that identifies an existing IP interface. To display interface names, use the IP LIST INTERFACES command. Default Value N/A

Example --> voip sip protocol set netinterface ip0 See also VOIP SIP PROTOCOL ENABLE

348

Chapter 15 – VoIP SIP

VOIP SIP PROTOCOL SET ROUNDTRIPTIME
Syntax VOIP SIP PROTOCOL SET ROUNDTRIPTIME <msecs> Description This command sets the maximum time between the trasmission of a packet and the reception of the response. If the time expires, protocol primitives are retransmitted. Retransmission of protocol primitives are useful in case of unreliable transports like UDP to recover errors in transactions. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option msec Description The round trip time in milliseconds. Acceptable values are from 500 to 4000 msecs. Default Value 500

Example --> voip sip protocol set roundtriptime 1000 See also VOIP SIP PROTOCOL ENABLE

VOIP SIP PROTOCOL SET SESSIONEXPIRE
Syntax VOIP SIP PROTOCOL SET SESSIONEXPIRE <secs> Description This command sets the largest amount of time that can occur between session refresh in dialog before the session will be considered timed out.. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option secs Description The session expire time in seconds. Available values are from 30 to 86400 secs (24 hours). Default Value 1800

Example --> voip sip protocol set sessionexpire 180 See also VOIP SIP PROTOCOL SHOW

VOIP SIP PROTOCOL SHOW
Syntax VOIP SIP PROTOCOL SHOW Description This command displays basic SIP module configuration parameters set by the VOIP

AT-RG 600 Residential Gateway – Software Reference Manual

349

SIP PROTOCOL SET commands. Example --> voip sip protocol show Gateway base protocol: SIP -----------------------------------------------------------Network interface: ip0 Default port: 5060 NAT: 10.17.90.110 Round-trip time: 1000 msecs. Session expire time: 1800 secs. Extension features: none See also VOIP SIP PROTOCOL ENABLE VOIP SIP PROTOCOL SET MEDIAPORT VOIP SIP PROTOCOL SET EXTENSION

350

Chapter 15 – VoIP SIP

VoIP SIP Locationserver Command Reference
This section describes the commands available on the AT-RG613, AT-RG623 and AT-RG656 Residential Gateway to enable, configure and manage the VoIP SIP Locationserver module.

voip sip locationserver CLI commands
The table below lists the VOIP SIP LOCATIONSERVER commands provided by the CLI: Command VOIP SIP LOCATIONSERVER CREATE VOIP SIP LOCATIONSERVER DELETE VOIP SIP LOCATIONSERVER LIST VOIP SIP LOCATIONSERVER SET MASTER

VOIP SIP LOCATIONSERVER CREATE
Syntax VOIP SIP LOCATIONSERVER CREATE <name> CONTACT <host:port/transport > Description This command creates a new entry in the location servers list. Each location server must have a different <name>. If the location server already exists, an error message is raised. This command is accepted only if the SIP module is already running. See the VOIP SIP PROTOCOL ENABLE command to turn on the SIP module. This command doesn’t set the master location server. To define a location server as master use the VOIP SIP LOCATIONSERVER SET MASTER command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description An arbitrary name that identifies the location server. The name must not be present already. The name can be a maximum of 16 characters long; cannot start with a digit and cannot contain dots '.' or slash symbols '/'. The hostname or IPv4 address of the location server where registrations are sent host can be a maximum of 256 chars long (when using hostname format). Default Value

name

N/A

host

N/A

AT-RG 600 Residential Gateway – Software Reference Manual

351

port

The UDP/TCP port on the location server to which signalling messages are sent. The protocol used to transport the signalling messages to the location server. Possible values are: udp tcp

5060

transport

udp

Example --> voip sip locationserver create default contact 192.168.102.3 See also VOIP SIP LOCATIONSERVER LIST VOIP SIP LOCATIONSERVER SHOW

VOIP SIP LOCATIONSERVER DELETE
Syntax VOIP SIP LOCATIONSERVER DELETE <name> Description This command deletes a single location server created using the VOIP SIP LOCATIONSERVER CREATE command. To show the list of existing location servers, use the VOIP SIP LOCATIONSERVER LIST command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description A name that identifies an existing location server (it can also be the ID value associated with the location server). To display the existing location servers, use the VOIP SIP LOCATIONSERVER LIST command. Default Value

name

N/A

Example --> voip sip locationserver delete backuplocserv See also VOIP SIP LOCATIONSERVER CREATE VOIP SIP LOCATIONSERVER LIST VOIP SIP LOCATIONSERVER SHOW

VOIP SIP LOCATIONSERVER LIST
Syntax VOIP SIP LOCATIONSERVER LIST Description This command lists information about location servers that were added using the VOIP SIP LOCATIONSERVERS CREATE command. The following information is displayed:

352

Chapter 15 – VoIP SIP

• server ID numbers • server names • Master: whether the server has been set as Master or not. A star symbol in the field identifies the server as the current location server where local user are registered. • Contact: the IP address (IPv4 or hostname format) of the location server Note: If a name is longer than 32 chars, the name is shown in a short format (only the initial part of the name is displayed). To show the full name use the VOIP SIP LOCATIONSERVER SHOW command, specifying the server ID instead of server name.

Example --> voip sip location list ID | Name | Master | Contact -----|------------|----------|-------------------------------------------1 | default | false * | 192.168.1.2 -------------------------------------------------------------------------See also VOIP SIP LOCATIONSERVER CREATE VOIP SIP LOCATIONSERVER SHOW

VOIP SIP LOCATIONSERVER SET MASTER
Syntax VOIP SIP LOCATIONSERVER SET <name> MASTER Description This command sets a location server as Master. If another location server was set Master previously, the flag Master is removed from the old one. To show the list of existing location servers, use the VOIP SIP LOCATIONSERVER LIST command. Example --> voip sip locationserver set backuplocserv master See also VOIP SIP LOCATIONSERVER CREATE VOIP SIP LOCATIONSERVER LIST VOIP SIP LOCATIONSERVER SHOW

AT-RG 600 Residential Gateway – Software Reference Manual

353

VoIP SIP Proxyserver Command Reference
This section describes the commands available on the AT-RG613, AT-RG623 and AT-RG656 Residential Gateway to enable, configure and manage the VoIP SIP Proxyserver module.

voip sip proxyserver CLI commands
The table below lists the VOIP SIP PROXYSERVER commands provided by the CLI: Command VOIP SIP PROXYSERVER CREATE VOIP SIP PROXYSERVER DELETE VOIP SIP PROXYSERVER LIST VOIP SIP PROXYSERVER SET MASTER

VOIP SIP PROXYSERVER CREATE
Syntax VOIP SIP PROXYSERVER CREATE <name> CONTACT <host:port/transport > Description This command creates a new entry in the proxy servers list. Each proxy server must have a different <name>. If the proxy server already exists, an error message is raised. This command is accepted only if the SIP module is already running. See the VOIP SIP PROTOCOL ENABLE command to turn on the SIP module. This command doesn’t set the master proxy server. To define a proxy server as master use the VOIP SIP PROXYSERVER SET MASTER command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description An arbitrary name that identifies the proxy server. The name must not be present already. The name can be a maximum of 16 characters long; cannot start with a digit and cannot contain dots '.' or slash symbols '/'. The hostname or Ipv4 address of the proxy server where signaling messages are sent host can be a maximum of 256 chars long (when using hostname format). The UDP/TCP port on the proxy server to which signalling messages are sent. Default Value

name

N/A

host

N/A

port

5060

354

Chapter 15 – VoIP SIP

transport

The protocol used to transport the signalling messages to the proxy server. Possible values are: udp tcp

udp

Example --> voip sip proxy create default contact 192.168.102.3 See also VOIP SIP PROXYSERVER LIST VOIP SIP PROXYSERVER SHOW

VOIP SIP PROXYSERVER DELETE
Syntax VOIP SIP PROXYSERVER DELETE <name> Description This command deletes a single proxy server created using the VOIP SIP PROXYSERVER CREATE command. To show the list of existing proxy servers, use the VOIP SIP PROXYSERVER LIST command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description A name that identifies an existing proxy server (it can also be the ID value associated with the proxy server). To display the existing proxy servers, use the VOIP SIP PROXYSERVER LIST command. Default Value

name

N/A

Example --> voip sip proxyserver delete backuplocserv See also VOIP SIP PROXYSERVER CREATE VOIP SIP PROXYSERVER LIST VOIP SIP PROXYSERVER SHOW

VOIP SIP PROXYSERVER LIST
Syntax VOIP SIP PROXY LIST Description This command lists information about proxy servers that were added using the VOIP SIP PROXYSERVER CREATE command. The following information is displayed: • server ID numbers

Example --> voip sip proxyserver list ID | Name | Master | Contact -----|------------|----------|-------------------------------------------1 | default | false * | 192. A star symbol in the field identifies the server as the currect proxy server used by outgoing calls. Example --> voip sip proxyserver set backuplocserv master See also VOIP SIP PROXYSERVER CREATE VOIP SIP PROXYSERVER LIST VOIP SIP PROXYSERVER SHOW . To show the list of existing proxy servers.AT-RG 600 Residential Gateway – Software Reference Manual 355 • server names • Master: whether the server has been set as Master or not. the name is shown in a short format (only the initial part of the name is displayed). • Contact: the IP address (IPv4 or hostname format) of the proxy server Note: If a name is longer than 32 chars. If another proxy server was set Master previously. the flag Master is removed from the old one.1. To show the full name use the VOIP SIP PROXYSERVER SHOW command. specifying the server ID instead of server name. use the VOIP SIP PROXYSERVER LIST command.168.2 -------------------------------------------------------------------------See also VOIP SIP PROXYSERVER CREATE VOIP SIP PROXYSERVER SHOW VOIP SIP PROXYSERVER SET MASTER Syntax VOIP SIP PROXYSERVER SET <name> MASTER Description This command sets a proxy server as Master.

Option Description A name that identifies an existing user (it can be also the ID value associated with the user name). To display the user's registration status and port association use the VOIP SIP USER SHOW command. configure and manage the VoIP SIP User module. use the VOIP SIP USER LIST command. If no location servers are defined.356 Chapter 15 – VoIP SIP VoIP SIP User Command Reference This section describes the commands available on the AT-RG613. AT-RG623 and AT-RG656 Residential Gateway to enable. registration phase is not performed until a location server or proxy server is added to the SIP module. As soon as this command is entered. voip sip user CLI commands The table below lists the VOIP SIP USER commands provided by the CLI: Command VOIP SIP USER ADD VOIP SIP USER CREATE VOIP SIP USER DELETE VOIP SIP USER LIST VOIP SIP USER REMOVE VOIP SIP USER SHOW VOIP SIP USER ADD Syntax VOIP SIP USER ADD <username> PORT <portname> Description This command attaches a user created with the command VOIP SIP USER CREATE to a named port created with the command VOIP EP CREATE. If no proxy server are defined. To display the existing users. The system tries to register the user with the location server specified by the VOIP SIP LOCATIONSERVER CREATE command. the system tries to register the user with the proxy server specified by the VOIP SIP PROXYSERVER CREATE command. Default Value username N/A . Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). the registration phase starts.

The address can be 32 characters long. the VOIP SIP USER ADD command must be used. The name must not be present already.' or slash symbols '/'.164) used to reach the user. an error message is raised. cannot start with a digit and cannot contain dots '. See the VOIP SIP PROTOCOL ENABLE command to turn on the SIP module. If the DOMAIN parameter is not specified. Option Description An arbitrary name that identifies the user. N/A Example --> voip sip user add MrBrown port fxs0 See also VOIP SIP USER ADD VOIP SIP USER CREATE VOIP SIP USER DELETE VOIP SIP USER LIST VOIP SIP USER REMOVE VOIP SIP USER SHOW VOIP EP LIST VOIP SIP USER CREATE Syntax VOIP SIP USER CREATE <username> ADDRESS <digit-map> [AREACODE <areanumber>] [AUTHENTICATION <login:password>] [DOMAIN <host >] [TRANSPORT <transport>] Description This command creates a new entry in the users list. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Default Value username N/A digit-map N/A . Each user must have a different <username>. If the user already exists. The phone number (E. The username can be a maximum of 16 characters long. This command doesn’t bind the user to a physical access port.AT-RG 600 Residential Gateway – Software Reference Manual 357 portname A name that identifies an existing port. To display the existing ports. In order to inform the system that the user is attached to a specific physical port. use the VOIP EP LIST command. the user domain is set equal to the location server address (if defined) or proxyserver address (if location server is not defined). This command is accepted only if the SIP module is already running.

Valid values are: udp tcp empty login empty password empty host empty transport udp Example --> voip sip user create MrBrown address 12345 locationserver 192. the deregistration phase starts (REGISTER request) to the location server (registar) removing the user from the user list on the server. The user name used during the authentication phase. Options The following table gives the range of values for each option which can be specified . except the password can start with a digit. The password can be a maximum of 16 characters long. The same rules defined for the username field also apply here.3 See also VOIP SIP USER ADD VOIP SIP USER CREATE VOIP SIP USER DELETE VOIP SIP USER LIST VOIP SIP USER REMOVE VOIP SIP USER SHOW VOIP SIP USER DELETE Syntax VOIP SIP USER DELETE <username> Description This command deletes a single user created using the VOIP SIP USER CREATE command. The transport protocol used to contact the user. As soon this command is entered. The area number can be a maximum of 10 digits long. Valid characters are only numerical characters. The password used during the authentication phase. The domain address in hostname format or IPv4 format. except the login can start with a digit. The same rules defined for the username field also apply here. The login can be a maximum of 32 characters long. The domain can be a maximum of 255 characters long.102.358 Chapter 15 – VoIP SIP area-number The prefix number to be dialed before the destination number.168. use the VOIP SIP USER LIST command. To show the list of existing users.

use the VOIP SIP USER LIST command. Example --> voip sip user list ID ---1 ---| Name | Area Code | Address |------------|------------------|-----------------------------------| MrBrown | | 12345 |------------|------------------|-----------------------------------See also VOIP SIP USER ADD VOIP SIP USER CREATE VOIP SIP USER DELETE VOIP SIP USER LIST VOIP SIP USER REMOVE VOIP SIP USER SHOW . the name is shown in a short format (only the initial part of the name is displayed). The following information is displayed: • user ID numbers • user names • Area Codes • Addresses Note: If a user name is longer than 32 chars.AT-RG 600 Residential Gateway – Software Reference Manual 359 with this command and a default value (if applicable). To display the existing users. To show the full name use the VOIP SIP USER SHOW command. specifying the user ID instead of user name. Default Value username N/A Example --> voip sip user delete MrBrown See also VOIP SIP USER ADD VOIP SIP USER CREATE VOIP SIP USER DELETE VOIP SIP USER LIST VOIP SIP USER REMOVE VOIP SIP USER SHOW VOIP SIP USER LIST Syntax VOIP SIP USER LIST Description This command lists information about users that were added using the VOIP SIP USER CREATE command. Option Description A name that identifies an existing user (it can also be the ID value associated with the user name).

A name that identifies an existing port. Default Value username N/A portname N/A Example --> voip sip user remove MrBrown port fxs0 See also VOIP SIP USER ADD VOIP SIP USER CREATE VOIP SIP USER DELETE VOIP SIP USER LIST VOIP SIP USER REMOVE VOIP SIP USER SHOW VOIP SIP USER SHOW Syntax VOIP SIP USER SHOW <username> Description This command displays the following information about a named user: • Address • Area Code • Domain • Authetication (login:password) • Transport • Attached ports Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). . Removing a user from a port results in an un-registration request to the location server.360 Chapter 15 – VoIP SIP VOIP SIP USER REMOVE Syntax VOIP SIP USER REMOVE <username> PORT <name> Description This command remove a single user from the port where it was added with the VOIP SIP USER ADD command. To display the existing users. use the VOIP SIP USER LIST command. use the VOIP SIP USER SHOW command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description A name that identifies an existing user (it can also be the ID value associated with the user name). To know the ports where the user is added.

use the VOIP SIP USER LIST command.3 Authentication: charlie:123charlie Transport: State: registered (expire time: 2864 Sec. To display the existing users. Default Value N/A Example --> voip sip user show MrBrown Gateway user: MrBrown -------------------------------------------------------------Address: 12345 Area Code (AC): Domain: 192.102.AT-RG 600 Residential Gateway – Software Reference Manual 361 Option username Description A name that identifies an existing user.168.) Attached ports: port0 See also VOIP SIP USER ADD VOIP SIP USER CREATE VOIP SIP USER DELETE VOIP SIP USER LIST VOIP SIP USER REMOVE VOIP SIP USER SHOW .

Option Description An arbitrary name that identifies this specific fdb rule. dialed number 01 corresponds to 00390224141121) Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).362 Chapter 15 – VoIP SIP VoIP SIP FDB Command Reference This section describes the commands available on the AT-RG613. CONTACT is the host reference where the call is forwarded.proxy> [DOMAIN <host>] [FWADDRESS <tel-number>] Description This command creates a new entry in the forwarding database (FDB). From and To fields). The contact-host part is the default to form the URL domain (Request-URI.g. The DOMAIN assigns the call domain and it is used to format the "To" and "From" headers. The flag proxy modifies the rule to make the Request-URI: if it is present then the Request-URI domain gets the value from the contact-host part of CONTACT parameter otherwise the current call domain will be used. AT-RG623 and AT-RG656 Residential Gateway to configure and manage the FDB module. It is optional and it is used to make a short selection rule (e. The fdb name can be a maximum of 16 characters long. Default Value name N/A . It is optional and the contact host part is used if it is not set. voip sip fdb CLI commands The table below lists the VOIP SIP FDB commands provided by the CLI: Command VOIP SIP FDB CREATE VOIP SIP FDB DELETE VOIP SIP FDB LIST VOIP SIP FDB SHOW VOIP SIP FDB CREATE Syntax VOIP SIP FDB CREATE <name> ADDRESS <digit-map> CONTACT <contacthost:port/transport. ADDRESS is the called address expected to be received from the calling end-point in order to forward the call to the CONTACT. The name must not be present already. The FWADDRESS replaces the destination address of the call.

AT-RG 600 Residential Gateway – Software Reference Manual 363 digit-map The called user address (i. phone number) expected to be received.168. use the VOIP SIP FDB LIST command. Possible values are: udp tcp If proxy is specified.com See also VOIP SIP FDB LIST VOIP SIP FDB SHOW VOIP SIP FDB DELETE Syntax VOIP SIP FDB DELETE <name> Description This command deletes a single fdb entry created using the VOIP SIP FDB CREATE command. . The protocol used to transport the signalling messages to the contact host. contact 192. The digit-map can be a maximum of 32 chars long. another AT-RG613. the contact host is considered to be a proxy server. It can be a hostname or IPv4 address. Is the new number to which the call is redirected. N/A contact-host N/A port 5060 transport udp proxy none host N/A tel-number N/A Example --> voip sip fdb create default address 9x. The hostname or IPv4 address of the remote end-point where call must be routed.atkk. To show the list of existing FDB entries.e. Host can be a maximum of 256 chars long (when using hostname format).1. Contact-host can be a maximum of 256 chars long (when using hostname format). Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).g. otherwise the contact-host is considered to be another SIP end-point (e.10 domain voip. It can be a digit map expression as described in section 0. The UDP/TCP port on the contact host to which signalling messages are sent. ATRG623 and AT-RG656 unit) The domain assigned to the redirected call.

the name is shown in a short format (only the initial part of the name is displayed).364 Chapter 15 – VoIP SIP Option Description A name (or the ID value) that identifies an existing user in the forwarding database. To show the full name use the VOIP SIP FDB SHOW command. Example --> voip sip fdb list Gateway forwarding database: ID | Name | Address ----|------------|--------------------1 | pstn | 9x. specifying the user ID instead of user name. The following information is displayed: • FDB entry ID numbers • FDB entry names • FDB entry Address Note: If an fdb name is longer than 32 chars. The following information is displayed: • Address . To display the existing FDB entries. --------------------------------------See also VOIP SIP FDB CREATE VOIP SIP FDB SHOW VOIP SIP FDB SHOW Syntax VOIP SIP FDB SHOW <name> Description This command lists information about a named FDB entry added to the forwarding data base using the VOIP SIP FDB CREATE command. use the VOIP SIP FDB LIST command. Default Value name N/A Example --> voip sip fdb delete default See also VOIP SIP FDB CREATE VOIP SIP FDB LIST VOIP SIP FDB LIST Syntax VOIP SIP FDB LIST Description This command lists information about FDB entries added using the VOIP SIP FDB CREATE command.

0.17.51 See also VOIP SIP FDB LIST .168.90. Option Description A name (or the ID value) that identifies an existing user in the forwarding database.AT-RG 600 Residential Gateway – Software Reference Manual 365 • Domain • Contact Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).5 Contact: 10. Default Value name N/A Example --> voip sip fdb show MrJohn Gateway forwarding database entry: MrJohn ---------------------------------------------Address: 2010 Area Code (AC): Domain: 192. use the VOIP SIP FDB LIST command. To display the existing FDB entries.

and data communications over packet networks (see Figure 19).323 standard.323 can also be applied to multipoint-multimedia communications. metropolitan-area networks (MANs). H. or connect to.32x that provides multimedia communication services over a variety of networks. protocols and procedures that provide multimedia communication services. the implementation of the call processes in the AT-RG613. H.323 provides myriad services and. video and data. video. audio and data.366 Chapter 16 – VoIP H323 Chapter 16 VoIP H323 Introduction This chapter describes the main features of H. enterprise networks (ENs).323 is part of a family of ITU–T recommendations called H. H. real-time audio. a VoIP Network. Packet-based networks include IP based (including the Internet) or Internet packet exchange (IPX) based local-area networks (LANs). can be applied in a wide variety of areas consumer. business. the protocols supported. AT-RG623 and AT-RG656 to provide. therefore. H.323 can be applied in a variety of mechanisms audio only (IP telephony).323 is a standard that specifies the components. Packet Network (IP) H323 H323 Terminal H323 Terminal . AT-RG623 and ATRG656 and how to configure and operate the AT-RG613. and audio. and entertainment applications. H. including Internet protocol (IP) based networks. and wide area networks (WANs). audio and video (video telephony).323 Protocols H.

public switched telephone network PSTN. however. Because the basic service provided by an H.g.320 terminals on ISDN. bandwidth management and accounting. This connectivity of dissimilar networks is achieved by translating protocols for call setup and release. It is the focal point for all calls within the H.321 terminals on B– ISDN. running an H. .310 terminals on B–ISDN. For example. Gatekeepers may also provide call-routing services. and H. H.324 terminals on SCN and wireless networks. Although they are not required. an H.323 standard specifies four kinds of components.323 terminals are compatible with H.323 and the multimedia applications. e. H.322 terminals on guaranteed QoS LANs. for communication between two terminals on an H. converting media formats between different networks. an H. It supports audio communications and can optionally support video or data communications.. H. The primary goal of H. a gateway can connect and provide communication between an H.323 network. An H.323 terminals may be used in multipoint conferences. which. gatekeepers provide important services such as addressing.323 is to interwork with other multimedia terminals. running an H. H. An H.323 gateway provides connectivity between an H. A gateway is not required. H.323 Components The H. and transferring information between the networks connected by the gateway.323 terminal can either be a personal computer (PC) or a stand-alone device. Gatekeepers A gatekeeper can be considered the brain of the H.323 network.323 network.323 network and a non–H. provide the point-to-point and point-to-multipoint multimediacommunication services: • terminals • gateways • gatekeepers • multipoint control units (MCUs) Terminals Used for real-time bi-directional multimedia communications. Gateways A gateway connects two dissimilar networks. when networked together. authorization and authentication of terminals and gateways.323 network.323 stack and multimedia applications. H.323 Terminals on a Packet Network H.323 terminal plays a key role in IP–telephony services.323 terminal and SCN networks (SCN networks include all switched telephony networks.AT-RG 600 Residential Gateway – Software Reference Manual 367 Figure 19.323 terminal is audio communications.323 terminal can either be a PC or a stand-alone device.

323 terminal and decodes the received video code that is sent to the video display on the receiving H.711 recommendation (audio coding at 64 kbps).323 specifies support of video as optional.323 The protocols specified by H. The gatekeepers.1 (5.323 are listed below: • audio CODECs • video CODECs • H.323 is independent of the packet network and the transport protocols over which it runs. G.729 (8 kbps) may also be supported.323 standard. 56.261 recommendation. and G. admission. Because H. any H. Audio CODEC An audio CODEC encodes the audio signal from the microphone for transmission on the transmitting H.722 (64. The MCU manages conference resources. as specified in the ITU–T G.245 control signaling • real-time transfer protocol (RTP) • real-time control protocol (RTCP) H.3 and 6.323 terminals must have at least one audio CODEC support. All terminals participating in the conference establish a connection with the MCU. negotiates between terminals for the purpose of determining the audio or video coder/decoder (CODEC) to use. the support of video CODECs is optional as well. However.323 terminal and decodes the received audio code that is sent to the speaker on the receiving H. and 48 kbps).368 Chapter 16 – VoIP H323 Multipoint Control Units MCUs provide support for conferences of three or more H.723. G.323 terminals.728 (16 kbps).323 terminal. and MCUs are logically separate components of the H. and status (RAS) • H. and may handle the media stream. Video CODEC A video CODEC encodes video from the camera for transmission on the transmitting H.225 registration. Protocols Specified by H. Because audio is the minimum service provided by the H.323 standard but can be implemented as a single physical device. all H. gateways.323 terminal providing video communications must support video encoding and decoding as specified in the ITU–T H.225 call signaling • H.3 kbps).323 terminal. . Additional audio CODEC recommendations such as G.

323 endpoints. called a canonical name. H. status. together with UDP. This signaling channel is opened between an endpoint and a gatekeeper prior to the establishment of any other channels. Other RTCP functions include carrying a transport-level identifier for an RTP source. This is achieved by exchanging H. admission.225 protocol messages on the callsignaling channel. RTP. RTP provides payload-type identification.323 endpoints or between an endpoint and the gatekeeper. The primary function of RTCP is to provide feedback on the quality of the data distribution. time stamping. bandwidth changes. The call-signaling channel is opened between two H.245 control signaling is used to exchange end-to-end control messages governing the operation of the H.225 call signaling is used to establish a connection between two H.AT-RG 600 Residential Gateway – Software Reference Manual 369 H. Admission. which is used by receivers to synchronize audio and video. . RTP is typically used to transport data via the user datagram protocol (UDP).225 Registration. The RAS is used to perform registration. admission control.225 Call Signaling The H. and Status Registration. sequence numbering. H. RTP can also be used with other transport protocols. and disengage procedures between endpoints and gatekeepers. Real-Time Transport Control Protocol Real-time transport control protocol (RTCP) is the counterpart of RTP that provides control services.323 is used to transport data over IP–based networks. and status (RAS) is the protocol between endpoints (terminals and gateways) and gatekeepers.245 Control Signaling H. Whereas H. and delivery monitoring. These control messages carry information related to the following: • capabilities exchange • opening and closing of logical channels used to carry media streams • flow-control messages • general commands and indications Real-Time Transport Protocol Real-time transport protocol (RTP) provides end-to-end delivery services of realtime audio and video.323 endpoint. provides transport-protocol functionality. UDP provides multiplexing and checksum services. A RAS channel is used to exchange RAS messages.

T.323 gateway connects an IP network and SCN network (e.320 terminals on the ISDN.323–network side.323 terminals must also support the G. H. admissions. . Gateway and Gatekeeper Characteristics Gateway Characteristics A gateway provides translation of protocols for call setup and release.711 audio and H. video.225 for call signaling and call setup • RAS for registration and other admission control with a gatekeeper • RTP/RTCP for sequencing audio and video packets H.g.225 call signaling for call setup and release.323 and non H. The gateway translates these protocols in a transparent fashion to the respective counterparts on the non H. Terminals communicate with gateways using the H. a gateway runs SCN–specific protocols (e. a gateway runs H.323 terminals must support the following: • H. and MCU capabilities.g. ISDN and SS7 protocols).323–network side and the non–H. and data formats may also be performed by the gateway. and the transfer of information between H.225 call-signaling protocol.225 registration. Gatekeepers are aware of which endpoints are gateways because this is indicated when the terminals and gateways register with the gatekeeper. A gateway may be able to support several simultaneous calls between the H.323 network and vice versa.323 terminal on the H. in the case of a gateway to H.261 video.323 and non–H. A gateway is a logical component of H. Optional components in an H.323 and can be implemented as part of a gatekeeper or an MCU. On the H. both terminal types require G. so a common mode always exists. ISDN network). conversion of media formats between different networks. In addition. where the H.323 network and the other terminal on the non–H..323 gateway is in IP telephony.323 network it connects.711 audio CODEC. and H. The gateway has the characteristics of both an H. Translation between audio. and status (RAS) for registration with the gatekeeper.120 dataconferencing protocols..370 Chapter 16 – VoIP H323 Terminal Characteristics H.245 controlsignaling protocol and H.323 terminal are video CODECs.245 for exchanging terminal capabilities and creation of media channels • H. Audio and video translation may not be required if both terminal types find a common communications mode. The gateway also performs call setup and clearing on both the H.323 side.323 network. For example. On the SCN side.323 networks An application of the H.245 control signaling for exchanging capabilities.323 networks. a gateway may connect an H.323 network to a non–H.

for example.323 endpoint on the IP network.323 endpoints. However. Routing calls through gatekeepers provides better performance in the network. which the gatekeeper routes to the destination endpoints. and zone management. The services offered by a gatekeeper are defined by RAS and include address translation.323 but can be implemented as part of a gateway or MCU. AT-RG613. endpoints can send call-signaling messages directly to the peer endpoints. such as address translation and bandwidth management as defined within RAS. as monitoring of the calls by the gatekeeper provides better control of the calls in the network.164 telephone addresses into transport addresses. The H. admissions control. Alternately.323 standards both define mandatory services that the gatekeeper must provide and specify other optional functionality that it can provide.AT-RG 600 Residential Gateway – Software Reference Manual 371 Gatekeeper Characteristics Gatekeepers provide call-control services for H. AT-RG623 and AT-RG656 Call Processes The AT-RG613. such as another AT-RG613. A gatekeeper is a logical component of H. bandwidth control.323 networks that do not have gatekeepers may not have these capabilities. load balancing among gateways. terminals and gateways must use their services. • Any LAN H. the AT-RG613. Endpoints send callsignaling messages to the gatekeeper. H. AT-RG623 and AT-RG656 can communicate with the following devices: • Another terminal on the IP network. but H. AT-RG623 and AT-RG656.323 networks that contain IP telephony gateways should also contain a gatekeeper to translate incoming E. however. This feature of the gatekeeper is valuable. An optional feature of a gatekeeper is call-signaling routing. for instance: • a Soft Phone • an IP phone directly connected to the IP network • A PSTN phone or fax. . If they are present in a network. AT-RG623 and AT-RG656 would need to contact a PSTN gateway Calls Involving Another Terminal The following example (see Figure 20) illustrates how to reach a phone or fax on another AT-RG613/AT-RG623TX terminal. as the gatekeeper can make routing decisions based on a variety of factors.

323 Endpoint The following examples (see Figure 21) illustrate how a phone connected to an ATRG613/AT-RG623TX Residential Gateway can communicate with a LAN H.372 Chapter 16 – VoIP H323 H323 IP Phone VoIP Network Analog Phone (or Digital Phone) AT-RG613 (or AT-RG623) A B AT-RG613 (or AT-RG623) Analog Phone (or Digital Phone) H323 Gatekeeper Figure 20. Phone --> AT-RG613/RG623 (A) --> AT-RG613/RG623 (B) --> Phone A user makes a call with the phone connected to an AT-RG613/AT-RG623TX Residential Gateway. which completes the connection to its locally attached phone.323 endpoint on the IP network. Such endpoints could be: • a Soft Phone • an IP phone directly connected to the IP network . Calls Involving a Terminal and a H. which in turn contacts another AT-RG613/AT-RG623TX Residential Gateway.

The following section describe users while Error! Reference source not found. AT-RG623 and AT-RG656 Residential gateways is based on the concept of users and access ports. Phone --> AT-RG613/RG623 (A) --> H323 IP Phone A user makes a call with the phone connected to an AT-RG613/AT-RG623TX Residential Gateway. describes access ports. Users are entities uniquely identified in the system by a name with an associated phone number. VoIP H323 Users Introduction The VoIP H323 subsystem on the AT-RG613.323 endpoint on the IP network. A user's phone number represents the user's address on the local system. User definition is a mandatory step in the correct configuration of the VoIP H323 subsystem (see Figure 22). which reaches the corresponding LAN H.AT-RG 600 Residential Gateway – Software Reference Manual 373 H323 IP Phone VoIP Network Analog Phone (or Digital Phone) AT-RG613 (or AT-RG623) A B AT-RG613 (or AT-RG623) Analog Phone (or Digital Phone) H323 Gatekeeper Figure 21. .

Note 1: In any given system there cannot exist two or more users with the same area code and address. Users Binding Incoming/ Outgoing Calls Figure 22.164 number must be defined. Users The system is designed to support up to 100 users. i.it is not possible manage simultaneously registrations on multiple gatekeepers. In the any given it is valid to have two ore more users with the same address but different area code or no area code at all. In this way other endpoints on the VoIP network can contact each user by simply using the user address. optionally.basic steps.e. VoIP H323 subsystem configuration .374 Chapter 16 – VoIP H323 Default Configuration H323 Signaling Protocol Configuration Access Port Creation Users Creation Access Port Config. Each user must have an associated a user number composed of an address number and. Users are defined by the VOIP H323 USER CREATE command. . Note 3: All the users must use the same gatekeeper. Note 2: Users may inform the VoIP network about the location (IP address) where they can be contacted by registering themselves on the gatekeeper defined in the VOIP H323 USER CREATE command. a gatekeeper autodiscover procedure is initialized to find a list of available gatekeepers. an area code number if a complete E. To know the user's registration status use the VOIP H323 USER SHOW command. If no gatekeeper is specified.

AT-RG 600 Residential Gateway – Software Reference Manual 375 The user number used in the registration messages is the complete user number: area code + address number. To know which users are attached to a physical port. Removing a user from a port. More than one user may be attached to the same physical access port and therefore more than one phone number can be associated with the same physical access port. They inherit the phone number from the user number of the attached users. When an access port is deleted from the system. the identity of the calling user is deemed to be the first user defined in the list of attached users. When a user receives a call. all users previously attached are removed from the port. use the VOIP EP SHOW command. use the VOIP H323 USER SHOW command Note that physical access ports don’t have their own fixed phone number. users and access port A user needs to be attached at least to one physical port in order to receive or to make a call. . using the VOIP H323 USER REMOVE command or deleting the access port. All the local users belongs to the same domain. In this case when it receives the call all the lines where it is attached will be used to signal the incoming call. To know the physical port where a user is attached. If a user receive a call but the physical line where it is attached is already involved in another communication (because it is being used by another user). the call is rejected. The same user may be attached to more than one access port. When an outgoing call (in the direction user to VoIP network) is made and more than one user is attached on the access port being used to make the call. only the access lines where the user is attached are engaged by the communication. To attach a user to a physical port use the VOIP H323 USER ADD command. results in an un-registration process from the gatekeeper defined during user creation phase.

• any user defined in the system is deleted. To enable the H323 module. from H323 to SIP.e. VoIP h323 protocol CLI commands The table below lists the VOIP H323 PROTOCOL commands provided by the CLI: Command VOIP H323 PROTOCOL DISABLE VOIP H323 PROTOCOL ENABLE VOIP H323 PROTOCOL SET MEDIAPORT VOIP H323 PROTOCOL SET ALIAS VOIP H323 PROTOCOL SET CONNECT VOIP H323 PROTOCOL SET GATEKEEPER VOIP H323 PROTOCOL SET NETINTERFACE VOIP H323 PROTOCOL SET Q931PORT VOIP H323 PROTOCOL SET RASPORT VOIP H323 PROTOCOL SET REGISTRATION VOIP H323 PROTOCOL SET RESPONSE VOIP H323 PROTOCOL SET SECONDARYGATEKEEPER VOIP H323 PROTOCOL SHOW VOIP H323 PROTOCOL DISABLE Syntax VOIP H323 PROTOCOL DISABLE Description This command stops the VoIP H323 signaling protocol and releases all the resources associated with it. . AT-RG 623 and AT-RG656 Residential Gateway to configure and manage the H323 protocol signaling module. To simply restart the H323 module. use the VOIP H323 PROTOCOL ENABLE command. Example --> voip h323 protocol disable. i. It doesn't remove any resources defined under the voip main module. use the VOIP H323 PROTOCOL RESTART command. This command is typically used when it's necessary to change the VoIP signaling protocol.: • any analogue or digital port defined in the system is removed.376 Chapter 16 – VoIP H323 VoIP H323 Command Reference This section describes the commands available on the AT-RG613.

Binding the H323 module to a specific IP interface defines the value of the source IP address for signallng and voice packets. and a default value (if applicable).atkk.AT-RG 600 Residential Gateway – Software Reference Manual 377 See also VOIP H323 PROTOCOL RESTART VOIP H323 PROTOCOL ENABLE. translated by the Gatekeeper to the network address Options The following table gives the range of values for each option which can be specified with this command. Option alias Description The terminal alias used in H.225 registration messages to identify the residential gateway. Default Value N/A Example --> voip h323 protocol set alias at-rg613-1. The H323 module MUST be enabled in order to create/set analog/digital ports.com . By default. VOIP H323 PROTOCOL ENABLE Syntax VOIP H323 PROTOCOL ENABLE Description This command turns on the H323 signaling module. when the H323 module is started the following default values are used: • q931port: • rasport: 1720 1719 Example --> voip h323 protocol enable See also VOIP H323 PROTOCOL SHOW VOIP H323 PROTOCOL DISABLE VOIP H323 PROTOCOL SET ALIAS Syntax VOIP H323 PROTOCOL SET ALIAS <alias> • Description This command sets the user logical name used for remote party calling. To bind the H323 module to a specific IP interface uset the VOIP H323 PROTOCOL SET INTERFACE command. users and H323 gatekeeper.voip.

the following default values are used: • registration: • response: • connect: 7200 secs 20 secs 30 secs Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description The hostname or IPv4 address of the primary gatekeeper. By default. The port on primary gatekeeper where H225 registration messages are sent. and a default value (if applicable). Options The following table gives the range of values for each option which can be specified with this command. when the H323 module is started using the VOIP H323 PROTOCOL ENABLE command. Primary-host can be a maximum of 256 chars long (when using hostname format). Option Description The interval time (expressed in seconds) for which the system waits for CONNECTmessages when a call is placed before tearing down the connection.378 Chapter 16 – VoIP H323 See also VOIP H323 PROTOCOL SHOW VOIP H323 PROTOCOL SET CONNECT Syntax VOIP H323 PROTOCOL SET CONNECT <secs> Description This command sets response timeout value. Default Value gk N/A ipport 1719 . Acceptable value are from 10 to 5255 seconds. Default Value secs 30 Example --> voip h323 protocol set connect 60 See also VOIP H323 PROTOCOL SHOW VOIP H323 PROTOCOL SET GATEKEEPER Syntax VOIP H323 PROTOCOL SET GATEKEEPER <gk:port/id> Description This command sets the primary gatekeeper.

110 See also VOIP H323 PROTOCOL ENABLE VOIP H323 PROTOCOL SHOW VOIP H323 PROTOCOL SET NETINTERFACE Syntax VOIP H323 PROTOCOL SET NETINTERFACE <interface_name> Description This command sets the IP interface used to access the VoIP network. Options The following table gives the range of values for each option which can be specified with this command. use the IP LIST INTERFACES command. and a default value (if applicable). To display interface names.90. Signaling and voice packets will use the Source IP address defined for the selected interface. Option interface_name Description A name that identifies an existing IP interface. Default Value 1720 Example --> voip h323 protocol set q931port 1740 See also VOIP H323 PROTOCOL SET RASPORT VOIP H323 PROTOCOL SHOW .17. Options The following table gives the range of values for each option which can be specified with this command. Id can be 20 a maximum of 20 chars long N/A Example --> voip h323 protocol set gatekeeper 10. and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 379 id It's the gatekeeper identifier. Default Value N/A Example --> voip h323 protocol set netinterface ip0 See also VOIP H323 PROTOCOL ENABLE VOIP H323 PROTOCOL SHOW VOIP H323 PROTOCOL SET Q931PORT Syntax VOIP H323 PROTOCOL SET Q931PORT <ipport> Description This command sets the UDP/TCP port on the Residential Gateway used to send and receive signalling messages. Option ipport Description The UDP/TCP port on the Residential Gateway used to send and receive signalling messages.

the following default values are used: • registration: • response: • connect: 7200 secs 20 secs 30 secs Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).380 Chapter 16 – VoIP H323 VOIP H323 PROTOCOL SET RASPORT Syntax VOIP H323 PROTOCOL SET RASPORT <ipport> Description This command sets the UDP/TCP port on the Residential Gateway used to send and receive registration messages. when the H323 module is started using the VOIP H323 PROTOCOL ENABLE command. Options The following table gives the range of values for each option which can be specified with this command. Acceptable value are from 10 to 10800 seconds. Option Description The interval time (expressed in seconds) between two consecutive registrations. Default Value secs 7200 Example --> voip h323 protocol set registration 3600 See also VOIP H323 PROTOCOL SET RESPONSE VOIP H323 PROTOCOL SHOW . Option ipport Description The UDP/TCP port on the Residential Gateway used to send and receive registration messages. By default. and a default value (if applicable). Default Value 1719 Example --> voip h323 protocol set rasport 1739 See also VOIP H323 PROTOCOL SET Q931PORT VOIP H323 PROTOCOL SHOW VOIP H323 PROTOCOL SET REGISTRATION Syntax VOIP H323 PROTOCOL SET REGISTRATION <secs> Description This command sets registration timeout value.

AT-RG 600 Residential Gateway – Software Reference Manual 381 VOIP H323 PROTOCOL SET RESPONSE Syntax VOIP H323 PROTOCOL SET RESPONSE <secs> Description This command sets response timeout value. Secondary-host can be a maximum of 256 chars long (when using hostname format). Acceptable value are from 10 to 5255 seconds. Option Description The hostname or IPv4 address of the secondary gatekeeper. The port on secondary gatekeeper where H225 registration messages are sent. By default. when the H323 module is started using the VOIP H323 PROTOCOL ENABLE command. Option Description The interval time (expressed in seconds) for which the system waits for ALERTING messages when a call is placed before tearing down the connection. Default Value secs 20 Example --> voip h323 protocol set response 40 See also VOIP H323 PROTOCOL SET REGISTRATION VOIP H323 PROTOCOL SHOW VOIP H323 PROTOCOL SET SECONDARYGATEKEEPER Syntax VOIP H323 PROTOCOL SET SECONDARYGATEKEEPER <gk:port/id> Description This command sets the secondary gatekeeper. and a default value (if applicable). Options The following table gives the range of values for each option which can be specified with this command. Default Value gk N/A ipport 1719 . the following default values are used: • registration: • response: • connect: 7200 secs 20 secs 30 secs Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

90.111 Alias: Timers: Registration: 7200 Response: 20 Connect: 90 See also VOIP H323 PROTOCOL ENABLE . Example --> voip h323 protocol show Gateway base protocol: H323 -------------------------------------------------------------RAS port: 1719 Q931 port: 1720 Network interface: ip0 Gatekepeer: 192. Id can be a maximum of 20 chars long N/A Example --> voip h323 protocol set secondarygatekeeper 10.1.17.168.382 Chapter 16 – VoIP H323 id It's the gatekeeper identifier.111 See also VOIP H323 PROTOCOL ENABLE VOIP H323 PROTOCOL SHOW VOIP H323 PROTOCOL SHOW Syntax VOIP H323 PROTOCOL SHOW Description This command displays basic H323 module configuration parameters set by the VOIP H323 PROTOCOL ENABLE command.110 Secondarygatekepeer: 192.168.1.

To display the existing ports. H323 protocol: As soon this command is entered. configure and manage the VoIP H323 User module. A name that identifies an existing port. To display the existing users. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 383 VoIP H323 User Command Reference This section describes the commands available on the AT-RG613. Default Value username N/A portname N/A Example --> voip h323 user add MrBrown port fxs0 See also VOIP H323 USER ADD VOIP H323 USER CREATE . use the VOIP H323 USER LIST command. AT-RG623 and AT-RG656 Residential Gateway to enable. Option Description A name that identifies an existing user (it can also be the ID value associated with the user name). voip H323 user CLI commands The table below lists the VOIP H323 USER commands provided by the CLI: Command VOIP H323 USER ADD VOIP H323 USER CREATE VOIP H323 USER DELETE VOIP H323 USER LIST VOIP H323 USER REMOVE VOIP H323 USER SHOW VOIP H323 USER ADD Syntax VOIP H323 USER ADD <username> PORT <portname> Description This command attaches a user created with the command VOIP H323 USER CREATE to a named port created with the command VOIP EP CREATE. use the VOIP EP LIST command. the registration phase starts to the Gatekeeper specified in the VOIP H323 USER CREATE command.

The username can be a maximum of 16 characters long.164) used to reach the user.384 Chapter 16 – VoIP H323 VOIP H323 USER DELETE VOIP H323 USER LIST VOIP H323 USER REMOVE VOIP H323 USER SHOW VOIP EP LIST VOIP H323 USER CREATE Syntax VOIP H323 USER CREATE <username> ADDRESS <DIGIT-MAP> [AREACODE <area-number>] Description This command creates a new entry in the users list. This command doesn’t bind the user to a physical access port. and a default value (if applicable). This command is accepted only if the H323 module is already running. See the VOIP H323 PROTOCOL ENABLE command to turn on the H323 module. The prefix number to be dialed before the destination number. the VOIP H323 USER ADD command must be used. Default Value username N/A digit-map N/A area-number empty Example --> voip h323 user create MrBrown address 12345 See also VOIP H323 USER ADD VOIP H323 USER CREATE VOIP H323 USER DELETE VOIP H323 USER LIST VOIP H323 USER REMOVE VOIP H323 USER SHOW VOIP EP LIST . The address can be 32 characters long. The phone number (E. Each user must have a different <username>. Options The following table gives the range of values for each option. In order to inform the system that the user is attached to a specific physical port. If the user already exists. The area number can be a maximum of 10 digits long. Valid characters are only digits. cannot start with a digit and cannot contain dots '. an error message is raised. which can be specified with this command.' or slash symbols '/'. The name must not be present already. The username can be 16 characters in length. Option Description An arbitrary name that identifies the user.

As soon this command is entered. removing the user from the user list on the server. use the VOIP H323 USER LIST command. The following information is displayed: • user ID numbers • user names • Area Codes • Addresses Note: If the user name is longer than 32 chars. . To show the full name use the VOIP EP USER SHOW command. Default Value username N/A Example --> voip h323 user delete MrBrown See also VOIP H323 USER ADD VOIP H323 USER CREATE VOIP H323 USER DELETE VOIP H323 USER LIST VOIP H323 USER REMOVE VOIP H323 USER SHOW VOIP EP LIST VOIP H323 USER LIST Syntax VOIP H323 USER LIST Description This command lists information about users that were added using the VOIP H323 USER CREATE command. Option Description A name that identifies an existing user (it can also be the ID value associated with the user name). To show the list of existing users.AT-RG 600 Residential Gateway – Software Reference Manual 385 VOIP H323 USER DELETE Syntax VOIP H323 USER DELETE <username> Description This command deletes a single user created using the VOIP H323 USER CREATE command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). the deregistration phase starts to the Gatekeeper. specifying the user ID instead of user name. use the VOIP H323 USER LIST command. the name is shown in a short format (only the initial part of the name is displayed). To display the existing users.

use the VOIP H323 USER SHOW command. A name that identifies an existing port. To know the ports where the user is added. Removing a user from a port results in an deregistration request to the Gatekeeper specified in the VOIP H323 USER CREATE command. Default Value username N/A portname N/A Example --> voip h323 user remove MrBrown port fxs0 See also VOIP H323 USER ADD VOIP H323 USER CREATE VOIP H323 USER DELETE VOIP H323 USER LIST VOIP H323 USER REMOVE VOIP H323 USER SHOW VOIP EP LIST . To display the existing users. use the VOIP H323 USER LIST command. Option Description A name that identifies an existing user (it canalso be the ID value associated with the user name). Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).386 Chapter 16 – VoIP H323 Example --> voip h323 user list ID ---1 ---| Name | Area Code | Address |------------|------------------|-----------------------------------| MrBrown | | 12345 |------------|------------------|-----------------------------------See also VOIP H323 USER ADD VOIP H323 USER CREATE VOIP H323 USER DELETE VOIP H323 USER LIST VOIP H323 USER REMOVE VOIP H323 USER SHOW VOIP EP LIST VOIP H323 USER REMOVE Syntax VOIP H323 USER REMOVE <username> PORT <name> Description This command remove a single user from the port where it was added with the VOIP H323 USER ADD command.

Option username Description A name that identifies an existing user. use the VOIP H323 USER LIST command. Default Value N/A Example --> voip h323 user show MrBrown Gateway user: MrBrown -----------------------------------------------------Address: 10 Area Code (AC): 1 State: registered (expire time: 2739 Sec.AT-RG 600 Residential Gateway – Software Reference Manual 387 VOIP H323 USER SHOW Syntax VOIP H323 USER SHOW <username> Description This command displays the following information about a named user: • Address • Area Code • State • Attached ports Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display the existing users.) Attached ports: fxs0 See also VOIP H323 USER ADD VOIP H323 USER CREATE VOIP H323 USER DELETE VOIP H323 USER LIST VOIP H323 USER REMOVE VOIP H323 USER SHOW VOIP EP LIST .

The FWADDRESS replaces the destination address of the call.e.388 Chapter 16 – VoIP H323 VoIP H323 FDB Command Reference This section describes the commands available on the AT-RG613. ADDRESS is the called address expected to be received from the calling end-point in order to forward the call to the CONTACT. Default Value name N/A digit-map N/A . dialed number 01 corresponds to 00390224141121) Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The called user address (i. voip h323 fdb CLI commands The table below lists the VOIP H323 FDB commands provided by the CLI: Command VOIP H323 FDB CREATE VOIP H323 FDB DELETE VOIP H323 FDB LIST VOIP H323 FDB SHOW VOIP H323 FDB CREATE Syntax VOIP H323 FDB CREATE <name> ADDRESS <digit-map> CONTACT <host:port> [FWADDRESS <tel-number>] Description This command creates a new entry in the forwarding database (FDB). It is optional and it is used to make a short selection rule (e. Option Description An arbitrary name that identifies this specific fdb rule. AT-RG623 and AT-RG656 Residential Gateway to configure and manage the FDB module.g. CONTACT is the host reference where the call is forwarded. phone number) expected to be received. It can be also a digit-map if an address pool must be forwarded to a specific host address. The fdb name can be a maximum of 16 characters long. The name must not be present already. It can be a digit map expression The digit-map can be a maximum of 32 chars long.

1. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). N/A port tel-number 5060 N/A Example --> voip h323 fdb create default address 9x.10 See also VOIP H323 FDB LIST VOIP H323 FDB SHOW VOIP H323 FDB DELETE Syntax VOIP H323 FDB DELETE <name> Description This command deletes a single fdb entry created using the VOIP H323 FDB CREATE command. The UDP/TCP port on the contact host to which signalling messages are sent. use the VOIP H323 FDB LIST command. Option Description A name (or the ID value) that identifies an existing user in the forwarding database. Is the new number to which the call is redirected.168. use the VOIP H323 FDB LIST command. The following information is displayed: • FDB entry ID numbers • FDB entry names . Contact-host can be a maximum of 256 chars long (when using hostname format). contact 192. To display the existing FDB entries.AT-RG 600 Residential Gateway – Software Reference Manual 389 contact-host The hostname or IPv4 address of the remote end-point where call must be routed. Default Value name N/A Example --> voip h323 fdb delete default See also VOIP H323 FDB CREATE VOIP H323 FDB LIST VOIP H323 FDB LIST Syntax VOIP H323 FDB LIST Description This command lists information about FDB entries added using the VOIP H323 FDB CREATE command. To show the list of existing FDB entries.

To show the full name use the VOIP H323 FDB SHOW command. --------------------------------------See also VOIP H323 CREATE VOIP H323 SHOW VOIP H323 FDB SHOW Syntax VOIP H323 SHOW <name> Description This command lists information about a named FDB entry added to the forwarding data base using the VOIP H323 FDB CREATE command. use the VOIP H323 FDB LIST command. Example --> voip h323 fdb list Gateway forwarding database: ID | Name | Address ----|------------|--------------------1 | pstn | 9x.90.17.51 See also VOIP H323 FDB LIST . specifying the user ID instead of user name. Default Value name N/A Example --> voip h323 fdb show MrJohn Gateway forwarding database entry: MrJohn ---------------------------------------------Address: 2010 Contact: 10.390 Chapter 16 – VoIP H323 • FDB entry Address Note: If an fdb name is longer than 32 chars. The following information is displayed: • Address • Contact Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). To display the existing FDB entries. the name is shown in a short format (only the initial part of the name is displayed). Option Description A name (or the ID value) that identifies an existing user in the forwarding database.

and the Media Gateway (MG) that provides conversion between the audio signals carried on telephone circuits and data packets carried over Internet or packets networks and expects to execute command sent by the Call Agent. while the call agent is mandatory and manages the calls and conferences and supports the services provided. the call agent. Physical endpoint creation requires hardware installation while software is sufficient for creating a virtual endpoint.AT-RG 600 Residential Gateway – Software Reference Manual 391 Chapter 17 VoIP MGCP Introduction The MGCP (Media Gateway Control Protocol) is a protocol that assumes a call control architecture where the call control "intelligence" is outside the gateways and handled by external call control elements. Endpoints are sources or sinks of data and can be physical or virtual. MGCP is a master/slave protocol. two are the MGCP entities: Call Agent (Media Gateway Controller MGC) which handles the call control “intelligence”. MGCP assumes that the gateways have limited storage and functionality. it’s simply expected to execute commands sent by the call agent. So. An interface on a gateway that terminates a trunk . the endpoint is unaware of the calls and conferences and does not maintain call states. Connections & Endpoints MGCP introduces the concepts of connections and endpoints for establishing endto-end voice paths and the concepts of events and signals for establishing and tearing down calls. that means the call signaling and the call processing functions.

The concepts of events and signals are central to MGCP. UDP port and RTP profiles. off-hook events.g. The concepts of Signals and Events are used for establishing and tearing down calls. The call agent can ask a gateway to detect a set of digits or letters either by individually describing those letters. documented in RFC 2327. The call agent uses MGCP to provision the gateways with the description of connection parameters such as IP addresses. An audio source in an audio-content server is an example of a virtual endpoint. Letters may include the asterisk "*".392 Chapter 17 – VoIP MGCP connected to a PSTN switch is an example of a physical endpoint. the pound sign "#" and others. Digits. or by using the "range" notation defined in the syntax of digit strings. For instance. dial-tone. Connections may be either point-to-point or multipoint. A call agent may ask to be notified about certain events occurring in an endpoint. A Call agent initiates transactions to manage/configure Endpoint using MGCP commands. Endpoint sends responses Call agent transaction requests using either a notification or restart command. and another package may support another group of events and signals for MF trunks. Operations are performed by applying Signals TO.g. and Events sent from the Gateway to the Call agent. are supported in many packages. A multipoint connection is an association among multiple endpoints for transmitting data among these endpoints. Example packages defined in the MGCP specification include: • • • • • Generic Media Package DTMF Package Trunk package Link package Handset package . These descriptions follow the conventions delineated in the Session Description Protocol (SDP) which is now an IETF proposed standard. Digits include numbers between 0 and 9. e. Packages are groupings of the events and signals supported by a particular type of endpoint. A point-to-point connection is an association between two endpoints for transmitting data between these endpoints. The control primitives for MGCP operations are Signals sent from the call Agent to the gateway. and detecting Events FROM endpoints. Signals and Events needed to support a specific telephony function or type of endpoint are grouped into Event/Signal Packages. one package may support a certain group of events and signals for analog access lines. Once this association is established for both endpoints. data transfer between these endpoints can take place. or letters. e. Connections can be established over several types of bearer networks: • • Transmission of audio using RTP and UDP over a TCP/IP network. Events and signals are grouped in packages. and a call agent may request certain signals to be applied to an endpoint. Transmission of audio over an ATM network. The use of SDP facilitates interoperability with the Session Initiation Protocol (SIP).

For example. Another CreateConnection request for the remote endpoint is necessary for creating an end-to-end connection with two endpoints. Notify. CreateConnection The call agent uses the CreateConnection command for binding an endpoint to a specific IP address and UDP port. continuity tone detected etc. This identifier is used for tying the NotificationRequest to the Notify message that will be sent by the gateway. The CreateConnection request also specifies the endpoint to be used for this connection and the parameters to be used for the connection. a notification may be requested for the event that a gateway detects that an endpoint is going off hook. DeleteConnection. A list of potential events includes: off hook transition. CreateConnection. The call agent can also request that the gateway collect the dialed digits. and . MF incoming seizure detected. The gateway includes in the Notify command a list of the events it observed. These parameters may include for example voice encoding. NotificationRequest The NotificationRequest command is used by the call agent for requesting from a gateway to be notified upon the occurrence of specified events in an endpoint.AT-RG 600 Residential Gateway – Software Reference Manual 393 • • RTP package Announcement server package MGCP Protocol Commands There are eight commands in the protocol: NotificationRequest. The Notify command includes the unique identifier that was sent by the call agent to the gateway in the NotificationRequest command. Notify Notifications are sent by the gateway via the Notify command in response to a NotificationRequest sent by the call agent to the gateway. More than one connection may actually share the same CallId. The CreateConnection request specifies a CallId that will be used for identifying the call or session to which this connection belongs. flash-hook. The NotificationRequest allows the call agent to download a specific dialing plan to the gateway to be used for collecting the digits. AuditConnection and RestartInProgress. on hook transition. ModifyConnection. AuditEndpoint. A call agent also includes a unique identifier in the NotificationRequest that will be included by the gateway in the gateway’s Notify message when the requested event actually occurs.

When the gateway acknowledges a DeleteConnection request. This improves the performance of the protocol. The mode may be "send. .394 Chapter 17 – VoIP MGCP compression parameters." continuity test. The remote connection description may be unspecified in some CreateConnection requests." send/receive. This occurs because the call agent needs to send two CreateConnection requests for creating an end-to-end connection. These parameters include: numbers of packets and octets sent." "receive. inter-arrival jitter and average transmission delay. ModifyConnection The Call Agent uses the ModifyConnection command for changing the parameters associated with a previously established connection." "inactive. A CreateConnection request may also include the parameters normally included in a NotificationRequest. number of packets and octets received. The parameters in the ModifyConnection command are the same as in a CreateConnection request. DeleteConnection The call agent can use the DeleteConnection command to delete an existing connection. The ModifyConnection can be used for: • • • Providing information about the other end of the connection through the remote connection descriptor Activating or deactivating a connection Changing the parameters of a connection. The call agent also specifies the mode of the connection." "conference. number of packets lost. The DeleteConnection command may also be sent by a gateway to the call agent for indicating that a connection can no longer be sustained. When the gateway acknowledges the CreateConnection request it also sends to the call agent a ConnectionId that uniquely identifies the connection with in an endpoint and local connection information about the IP address and UDP port it selected." "data. This information may be provided later via a ModifyConection request. it includes a list of parameters about the status of the connection in the response. The ConnectionId is provided by the call agent to the gateway in a ModifyConnection request." "network loopback" or "network continuity test. When the first CreateConnection request is sent the call agent doesn’t yet know the remote connection descriptor.e." The CreateConnection request from the call agent may include a description of the remote side of the connection on the IP network i. parameters of the connection like encoding." "loopback. The call agent can potentially select those but the gateway may be sharing those resources for other functions and it is preferable that the gateway does the selection. This allows the call agent to send a CreateConnection and a NotificationRequest combined in one CreateConnection message. but also IP address UDP port.

dialing plan and connection identifiers. The parameters of the RestartInProgress message indicate the group of endpoints that the message applies to. RestartInProgress The RestartInProgress command is used by the gateway to signal that an endpoint. The response of the gateway includes all the requested information. The RestartInProgress method also includes a parameter that specifies the type of restart: o Graceful restart indicates that the endpoints will be taken out of service after a specified delay Forced restart indicates that the endpoints are taken immediately out of service Restart indicates that the service will be restored after the specified delay o o . The information that can be retrieved includes: call id. local and remote connection descriptors. local connection parameters and the mode of the connection. The information that can be audited by the Call Agent includes: requested events.AT-RG 600 Residential Gateway – Software Reference Manual 395 AuditEndpoint The AuditEndpoint command can be used by the call agent for getting details about the status of an endpoint or a list of endpoints. or a group of endpoints. is taken in or out of service. AuditConnection The AuditConnection can be used by the call agent for retrieving information related to a specific connection of an endpoint identified by a ConnectionId. The response of the gateway to the AuditConnection request includes all the requested information.

use the VOIP MGCP PROTOCOL ENABLE command. use the VOIP MGCP PROTOCOL RESTART command.e. AT-RG623 and AT-RG656 Residential Gateway to configure and manage the MGCP protocol module. from MGCP to SIP to H323. Example --> voip mgcp protocol disable . To enable the MGCP module.396 Chapter 17 – VoIP MGCP MGCP Command reference This section describes the commands available on the AT-RG613. It doesn't remove any resources defined for the protocol. MGCP commands The table below lists the mgcp commands provided by the CLI: Command VOIP MGCP PROTOCOL DISABLE VOIP MGCP PROTOCOL ENABLE VOIP MGCP PROTOCOL RESTART VOIP MGCP PROTOCOL SET DEFAULTPORT VOIP MGCP PROTOCOL SET MAXRETRANSMITIONTIME VOIP MGCP PROTOCOL SET NAT VOIP MGCP PROTOCOL SET NETINTERFACE VOIP MGCP PROTOCOL SET PIGGYBACK VOIP MGCP PROTOCOL SET PROFILE VOIP MGCP PROTOCOL SET ROUNDTRIPTIME VOIP MGCP PROTOCOL SHOW VOIP MGCP CALLAGENT CREATE VOIP MGCP CALLAGENT DELETE VOIP MGCP CALLAGENT LIST VOIP MGCP PROTOCOL DISABLE Syntax VOIP MGCP PROTOCOL DISABLE Description This command stops the VoIP MGCP signalling protocol and releases all the resources associated to it. i.: This command is typically used when it's necessary to change the VoIP signalling protocol. To simply restart the MGCP module.

AT-RG 600 Residential Gateway – Software Reference Manual 397 See also VOIP MGCP PROTOCOL RESTART VOIP MGCP PROTOCOL ENABLE. when the MGCP module is attached to an IP interface using theVOIP MGCP PROTOCOL SET NETINTERFACE command. Example --> voip mgcp protocol enable See also VOIP MGCP PROTOCOL SHOW VOIP MGCP PROTOCOL DISABLE VOIP MGCP PROTOCOL RESTART Syntax VOIP MGCP PROTOCOL RESTART Description This command restarts the VoIP MGCP signaling protocol module. Example --> voip mgcp protocol restart See also VOIP MGCP PROTOCOL ENABLE VOIP MGCP PROTOCOL SET DEFAULTPORT Syntax VOIP MGCP PROTOCOL SET DEFAULTPORT <ipport> Description This command sets the default listening/sending port used for MGCP signaling messages. This command doesn't release any resources previously created during module configuration. the following default value is used: • defaultport: 2427 . To bind the MGCP module to a specific IP interface use the VOIP MGCP PROTOCOL SET NETINTERFACE command. By default. VOIP MGCP PROTOCOL ENABLE Syntax VOIP MGCP PROTOCOL ENABLE Description This command turns on the MGCP signaling module. Binding the MGCP module to a specific IP interface defines the value of the source IP address for signallng and voice packets. Any pending and active calls are released.

Changing the NAT reference causes the MGCP module to restart.110 --> voip mgcp protocol set nat at-rg600. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description The address that must displayed in the MGCP messages.voip. Option Description UDP/TCP port number used for signalling messages. It can be expressed in hostname format or IPv4 format.90.atkk.398 Chapter 17 – VoIP MGCP Changing the signaling port causes the MGCP module to restart. Only even values can be accepted Default Value ipport 2427 Example --> voip mgcp protocol set defaultport 2427 See also VOIP MGCP PROTOCOL ENABLE VOIP MGCP PROTOCOL SET NAT Syntax VOIP MGCP PROTOCOL SET NAT {NONE | <host> } Description This command sets the NAT host reference. Any MGCP message with local reference is hidden by the NAT address value. Available values are from 1026 to 65534. A Hostname can be a maximum of 255 characters long.com See also VOIP MGCP PROTOCOL ENABLE VOIP MGCP PROTOCOL SET NETINTERFACE Syntax VOIP MGCP PROTOCOL SET NETINTERFACE <interface_name> Description This command sets the IP interface used to access the VoIP network. Default Value host None Example --> voip mgcp protocol set nat 10.17. .

Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). marconi. DTMF. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).AT-RG 600 Residential Gateway – Software Reference Manual 399 • Signaling and voice packets will use the Source IP address defined for the selected interface. Generic Media. use the IP LIST INTERFACES command. Example --> voip mgcp protocol show Gateway base protocol: MGCP --------------------------------------------------------Profile: sphere Supported packages: Basic. Option interface_name Description A name that identifies an existing IP interface. Line Piggy-Back: Enable . Possible values are: ags. Default Value none Example --> voip mgcp protocol set profile ags VOIP MGCP PROTOCOL SHOW Syntax VOIP MGCP PROTOCOL SHOW Description This command displays basic MGCP module configuration parameters set by the VOIP MGCP PROTOCOL ENABLE command. sphere and none. Default Value N/A Example --> voip MGCP protocol set netinterface ip0 See also VOIP MGCP PROTOCOL ENABLE VOIP MGCP PROTOCOL SET PROFILE Syntax VOIP MGCP PROTOCOL SET PROFILE <profile> Description This command sets specific customer MGCP call agent profile. Option profile Description The specific customer call-agent type. ncs. This command is used to fix interoperability constraints when the MGCP module has to work with call agent that could differer from a standard implementation. gb. To display interface names.

30 secs. The hostname or IPv4 address of the call agent. cannot start with a digit and cannot contain dots '. 0 % VOIP MGCP CALLAGENT CREATE Syntax VOIP MGCP CALLAGENT CREATE <name> CONTACT <host > Description This command set the call agent address. Default Value name N/A host N/A Example --> voip mgcp callagent create default contact 192. use the VOIP MGCP CALLAGENT LIST command.400 Chapter 17 – VoIP MGCP Network interface: Default port: NAT: Round-trip time: Maximum re-transmition time: Network loss rate: See also VOIP MGCP PROTOCOL ENABLE ip0 2427 None 10000 msecs.' or slash symbols '/'. Option Description An arbitrary name that identifies the call agent. Options The following table gives the range of values for each option which can be specified . The name can be a maximum of 16 characters long. More than one call agent can be defined to increas system robustness in case of server failure. Host can be a maximum of 256 chars long (when using hostname format).168. To show the list of existing CALLAGENT entries.3 See also VOIP MGCP CALLAGENT LIST VOIP MGCP CALLAGENT DELETE VOIP MGCP CALLAGENT DELETE Syntax VOIP MGCP CALLAGENT DELETE <name> Description This command deletes a previously defined call agent created using the VOIP MGCP CALLAGENT CREATE command. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). The name must not be present already.102.

the name is shown in a short format (only the initial part of the name is displayed). Default Value name N/A Example --> voip mgcp callagent delete default See also VOIP MGCP CALLAGENT CREATE VOIP MGCP CALLAGENT LIST VOIP MGCP CALLAGENT LIST Syntax VOIP MGCP CALLAGENT LIST Description This command lists information about CALLAGENT entries added using the VOIP MGCP CALLAGENT CREATE command. Option Description A name (or the ID value) that identifies an existing call agent.39.1. The following information is displayed: • Call agent ID numbers • Call agent names Note: If a call agent name is longer than 32 chars.201 --------------------------------------------------See also VOIP MGCP CALLAGENT CREATE VOIP MGCP CALLAGENT SHOW . Example --> voip sip fdb list Gateway call-agents: ID | Name | Master | Contact -----|------------|----------|--------------------1 | default | true * | 172.AT-RG 600 Residential Gateway – Software Reference Manual 401 with this command and a default value (if applicable). use the VOIP MGCP CALLAGENT LIST command. To display the existing calla agent entries.

6 bits in case of DSCP) and assigning different packet classification accordingly to the TOS or DSCP value. real time applications can suffer packet delay and latency due to overloading of network devices. This transportwasn’t originally designed to transport data for real time applications. The command VOIP QOS SET DSCP is used to set the DSCP value while the VOIP QOS SET TOS command is used to set the TOS value.402 Chapter 18 – VoIP Media and QoS Chapter 18 VoIP QoS and Media Introduction SIP and H323 VoIP signalling protocols typically make use of unreliable transport protocols like UDP to transfer media information as voice packets. AT-RG623 and AT-RG656 Residential Gateway it's possible to assign to the voice/video media packets a high Quality Of Service value in order to force routers and switches to forward these packets with higher priority compared to the other type of packets simultaneously passing through the same network devices. it's possible to specify the DSCP field value or TOS field value inside the UDP packets used to tranport voice streams and voice signalling. This candegrade the voice quality (and video) received from the end user. . QoS To assign a specific priority to the originated voice packets. In a multiapplication network environment were traffic typology can be very variable. DSCP and TOS are mutually esclusive because they refers to the same IP Header field using only a different number of bits (3 bits in case of TOS. On the AT-RG613.

set the starting port number and the port range using VOIP MEDIA SET PORTRANGE command. The ports specified by this command are the RTP ports used as Source Port for outgoing packets and also they are the ports where incoming RTP packets are expected to be received. the other end-point was abruptly disconnected or network has critical problems) forcing the call release if no RTP packet flow has been detected for the current call for a time longer than the specified observation period. AT-RG623 and AT-RG656 can be configured to use a specific pool of ports for media transport.AT-RG 600 Residential Gateway – Software Reference Manual 403 Media AT-RG613. RTCP is also supported as a configurable parameter used to control RTP session. making it possible to open the correct firewall ports when media packets must cross security interfaces. It's also possible set the Residential Gateway to detect if an incoming RTP flow is still present or not (e. . In this way it is always well known which ports are being used by the system.g. To configure the RTP pool ports.

remove any previous configuration perfomed on DSCP field on signalling and speech packes) use the VOIP QOS SET NONE command.e. To disable DSCP support (i. Option dscp-code Description The value of dscp field. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).404 Chapter 18 – VoIP Media and QoS VoIP QoS Command Reference This section describes the commands available on the AT-RG613. Acceptable value are from 0 to 63 Default Value none Example --> voip qos set dscp 24 See also VOIP QOS SET TOS VOIP QOS SET TOS Syntax VOIP QOS SET {TOS <tos-code> | NONE} Description This command sets the value of the tos field in the IP header of RTP voice packets. . AT-RG 623 and AT-RG656 Residential Gateway to configure and manage the VoIP QoS module. VoIP QoS CLI commands The table below lists the VOIP QOS commands provided by the CLI: Command VOIP QOS SET DSCP VOIP QOS SET TOS VOIP QOS SHOW VOIP QOS SET DSCP Syntax VOIP QOS SET {DSCP <dscp-code> | NONE} Description This command sets the value of the dscp field in the IP header of RTP voice packets.

Option tos Description The value of tos field. remove any previous configuration perfomed on TOS field on signalling and speech packes) use the VOIP QOS SET NONE command. Example --> voip qos show Gateway Quality of Service: ------------------------------------QOS (DSCP): 24 (TOS): none See also VOIP QOS SET DSCP VOIP QOS SET TOS .e.AT-RG 600 Residential Gateway – Software Reference Manual 405 To disable TOS support (i. Acceptable value are from 0 to 7 Default Value none Example --> voip qos set tos 4 See also VOIP QOS SET DSCP VOIP QOS SHOW Syntax VOIP QOS SHOW Description This command shows the value of DSCP and TOS fields used in the IP header of RTP voice packets. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable).

. The range is 2 to 32 . the odd-numbered port is reserved for RTCP.. The value specified must be an even number.406 Chapter 18 – VoIP Media and QoS VoIP Media Command Reference This section describes the commands available on the AT-RG613. VoIP Media CLI commands The table below lists the VOIP MEDIA commands provided by the CLI: Command VOIP MEDIA SET PORTRANGE VOIP MEDIA SET RTCP VOIP MEDIA SET SESSIONTIMEOUT VOIP MEDIA SHOW VOIP MEDIA SET PORTRANGE Syntax VOIP MEDIA SET PORTRANGE {ANY | <ipport/n-ports> } Description This command sets the port pool available for media transport. If the port pool is sold out. AT-RG 623 and AT-RG656 Residential Gateway to configure and manage the VoIP Media module. The value specified has to be an even number. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). n-ports are the number of ports. The range is 1026 to 65534. Ports are dynamically allocated in pairs to support new connections. 50600 Default Value n-ports 32 Example --> voip media set portrange 50500/12 See also VOIP MEDIA SET RTCP VOIP MEDIA SET RTCP Syntax VOIP MEDIA SET RTCP {OFF | ON } . Option any ipport Description any sets the default port range ipport is theUDP/TCP port number being set. new sessions will be refused for lack of available resource.

Enable the RTCP support. Default Value min 0 Example --> voip media set sessiontimeout 1 See also VOIP MEDIA SHOW VOIP MEDIA SHOW Syntax VOIP MEDIA SHOW Description This command shows the media values defined by the VOIP MEDIA SET PORTRANGE or VOIP MEDIA SET RTCP commands.AT-RG 600 Residential Gateway – Software Reference Manual 407 Description This command enables RTCP. Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Options The following table gives the range of values for each option which can be specified with this command and a default value (if applicable). Option Description The SESSIONTIMEOUT value expressed in minutes. 0 mins is equivalent to disable the SessionTimeOut feature. If no RTP packet is received on the UDP port used by the active call for a time longer than the SESSIONTIMEOUT value. Option off on Description Turn off the RTCP support. Default Value off Example --> voip media set rtcp on See also VOIP MEDIA SET DSCP VOIP MEDIA SET SESSIONTIMEOUT Syntax VOIP MEDIA SET SESSIONTIMEOUT <mins> Description This command sets the maximum timeout interval used to detect a fail in the incoming RTP speech packets. Example --> voip media show Gateway Media: ---------------------------------------------Port range: 50600/32 RTCP enable: on . Available values are form 0 mins to 1440 mins (24 hours). the other endpoint is considered disconnected and the active call is released.

408 Chapter 18 – VoIP Media and QoS RTP session time-out: See also VOIP MEDIA SET PORTRANGE VOIP MEDIA SET RTCP VOIP MEDIA SET SESSIONTIMEOUT 1 Mins. .

AT-RG 600 Residential Gateway – Software Reference Manual 409 .

which consists of different logical blocks that can be distributed on independent runtime environments or machines (see Figure 23). switches. network administrator operations can be very expensive and in-field configuration takes a lot of time. As a result.410 Chapter 19 . routers.ZTC Chapter 19 ZTC Introduction Wide Area Networks consist of a lot of components (hubs. The number of components can be very high and often the configuration of these devices to get them up and running requires a lot of work for network administrators. The Zero Touch Configurator (ZTC) is a tool designed to enable a network administrator to configure and manage network devices remotely and automatically without end-user intervention. residential gateways. Functional blocks The ZTC is a component-based application. set top boxes. so administrators can avoid having to connect to each device separately and repeat the same sequence of actions for each of them. The Zero Touch Configuration is able to update image software and unit configuration on multiple devices simultaneously. . PCs) that need to be configured.

ZTC network architecture. It’s possible to access the ZTC-Server from the ZTC-Shell. all the main operations can be performed (read. the devices connect to ZTC Server to perform the following operations: • Communicate their actual configuration to ZTC Server • Download. • The ZTC Embedded Client. Through this interface they can view or update existing configurations. This client is installed on the devices to communicate with the ZTC Server. or add new ones. Typically.AT-RG 600 Residential Gateway – Software Reference Manual 411 RMI ZTC Shell HTTP ZTC Web Interface RMI ZTC Server LDAP LDAP Server WEB Browser RMI TFTP plugin TFTP file system TFTP Server ZTC Client Figure 23. if existing. • The ZTC Server. write. new configurations from ZTC Server • The ZTC Shell can be created for testing. in a three-tiered architecture fashion. user management). and they can run on different machines and platforms. This application lest users interact with the ZTC Server. not for operational use. that contains all the application logic for: • User authentication and authorisation • • • • • Data consistency and syntax checking when requesting to add a new device configuration Application logic for creating new configuration scripts Application logic to execute commands on the device Data Access Object layer to access the data tier Several protocols for supporting different kind of clients • The ZTC WEB Interface. Through the ZTC-Shell. The components of ZTC are independent. ZTC Network Architecture The ZTC Network Architecture consists of the following parts: • An LDAP directory service in which data is stored. .

It manages the dialogue with the directory service backend and performs all operations on data. the unit identifier and retrieves the new configuration if necessary. used to interact with the ZTC Server. shortly.This phase is executed every time the ztcclient polling timeout expires. . The ZTC Client module as ZTC Server IP address uses the value returned by the DHCP server for option 67.412 Chapter 19 . is the module running on the Residential Gateway in charge to communicate with the ZTC server. • Scheduled-pull. • When a static configuration is used. . or. In this way the ZTC client module uses the facilities offered by the dhcpclient module to force the IP interface to ask to an external DHCP server the ZTC Server address. ZTC server has the responsibility to allow the download only of the correct configuration file depending on the unit identifier (the unit MAC address) and on the configuration rules defined inside the ZTC Server. ZTC client works accordingly to the so-called "Configuration PULL" method. the ZTC client module is bind to an existing IP interface using the ztcclient enable dynamic listeninterface command. the ZTC Client. This command set the server IP address that will be used by all the next queries and also turns on the ztcclient module forcing the module to query the server to retrieve the unit configuration file. ZTC client can be enabled dynamically only if the IP interface where it is bind. ZTC Client The ZTC Embedded Client. The following three ZTC Client – ZTC Server communication phases are possible: • Pull-at-startup – This phase is executed when the unit startup. is decoupled from the ZTC server.ZTC The core of the application is the ZTC Server. the ZTC Server IPv4 address is defined explicitly using the ztcclient enable static ztcserveraddr command. it's a dynamic IP interface. ZTC Client and ZTC Server communicate through TFTP protocol. ZTC Client is in charge to contact the ZTC server passing the current configuration. Similarly to the static configuration. and can run on different machines. Attempting to enable ZTC client module dynamically on a static IP interface results is an error. • When a dynamic configuration is used. When the ZTC client needs to know the ZTC Server address. The ZTC WEB Interface. The ZTC server IP address con be configured in the ZTC client module in two ways: statically or dynamically. ztcclient enable dynamic listeninterface command turns on the ztcclient module forcing the module to query the server to retrieve the unit configuration file. a DHCP request is generated by the IP interface requesting a value for option 67 "bootfilename".

at boostrap. When ZTC client is enabled. the application filename and a value derived from the current running configuration (that. These information define the current device status. The timeout defines the polling period before ZTC Server will be contacted. • The dynamic IP interface receives the new network configuration and the ZTC server address in the "bootfile-name" DHCP option. • Considering a scenario where ZTC Client is bind to a dynamic IP interface. • The device executes the configuration file and starts the ZTC client timeout. If the unit restarts. Unlocking the CLI stops the ZTC client module. • When the timeout expires the Scheduled-pull phase is executed. the system configuration save command) could change the bootstrap configuration file and therefore the resulting configuration when ZTC Client runs could be unpredictable. When ZTC Client is enabled. Pull-at-startup Figure 24 shows the Pull-at-startup phase executed by the ZTC client module when the Residential Gateway boostraps. passing in the parameters list the Residential Gateway's MAC address.g. the current running configuration is the result of the bootstrap configuration plus the unit configuration downloaded from ZTC server. To unlock it. Any action that save permanently the configuration (e. during the bootstrap process. . • The ZTC Client contacts the ZTC server. press the "+" key. • As soon the network is configured. it returns the configuration file to the device. • The ZTC server checks if there is a configuration for the Residential Gateway looking for the device MAC address into the LDAP server. the ZTC Client runs. This solution prevents memory flash failure when too many write requests are executed. the CLI is locked. the Residential Gateway uses the facilities provided by the DHCP client module to setup the IP interface configuration. and if necessary. it is null).AT-RG 600 Residential Gateway – Software Reference Manual 413 Storing Unit Configuration The configuration file downloaded from ZTC server is never stored permanently into the unit flash file system. This behavior allows network administrator to control the unit configuration based only on the configuration file defined by the ZTC server framework. it loses the previous downloaded configuration and starts from the bootstrap configuration.

.ZTC Residential Gateway DHCP server ZTC Server LDAP Database NULL Unit Bootstrap Setup Dyn Interface DHCP Request DHCP Ack (ZTC Server address) Start ZTCClient TFTP Read Request Software Release: <application filename> Unit Identifier: <unit mac address> Current Unit Config: null Retrieve Configuration File TFTP Data Packets (unit configuration commands list) Configuration File Run new conf. Scheduled-pull Figure 25 shows the Scheduled-pull phase executed by the ZTC client module when the ztcclient polling timeout expires. passing in the parameters list the Residential gateway MAC address. • When the device receives the new configuration.414 Chapter 19 . • The ZTC server checks if there is a configuration for the Residential Gateway looking for the device MAC address into the LDAP server. it reboots in order to execute the new configuration starting from a "well known" status: the boostrap configuration. • The ZTC Client contacts the ZTC server. it returns the configuration file to the device. Start ZTC timeout ZTC idle Figure 24. and if necessary. These information define the actual state of the device. Pull-at-Startup ZTC phase. the application filename and the hash key derived from the current running configuration.

. Residential Gateway ZTC Server LDAP Database ZTC idle ZTC Timeout expires Start ZTCClient TFTP Read Request Software Release: <application filename> Unit Identifier: <unit mac address> Client Config: current config Retrieve Configuration File Configuration File compare Client config with LDAP config Yes ABORT TFTP Is it the same? No TFTP Data Packets (unit configuration commands list) Unit restart TFTP Read Request Software Release: <application filename> Unit Identifier: <unit mac address> Client Config: null Retrieve Configuration File Start ZTCClient TFTP Data Packets (unit configuration commands list) Configuration File Run new conf. Start ZTC timeout ZTC idle Figure 25. the ZTC client contacts again the ZTC server and execute exactly the same procedure defined in the Pull-at-startup phase. Scheduled-pull ZTC phase.AT-RG 600 Residential Gateway – Software Reference Manual 415 • Because the Residential Gateway never stores the configuration downloaded from ZTC server.

ZtcClient commands The table below lists the ztcclient commands provided by the CLI: Command ZTCCLIENT ENABLE DYNAMIC ZTCCLIENT ENABLE STATIC ZTCCLIENT DISABLE ZTCCLIENT SHOW ZTCCLIENT SET ZTCCLIENT UPDATE ZTCCLIENT ENABLE DYNAMIC Syntax ZTCCLIENT ENABLE DYNAMIC LISTENINTERFACE <ipinterface> Description This command enables the ztcclient and bind it on an existing dynamic IP interface. This command requests that <ipinterface> is defined as dynamic interface. Default Value N/A Example --> ztcclient enable dynamic listeninterface ip0 See also ZTCCLIENT DISABLE . AT-RG623 and AT-RG656 Residential Gateway to configure and manage the ZTC Client module. Option ipinterface Description The name of an existing IP interface. To see the list of existing interfaces. To apply changes to the ZTC client module and turn on it. This command automatically creates a specific configuration rule that applies to the IP interface in order to force the dhcpclient module to request the ZTC server address inside the option list of the DHCP discover request sent to the external DHCP server.ZTC ZTC Command reference This section describes the commands available on the AT-RG613. use the IP LIST INTERFACE command.416 Chapter 19 . Options The following table gives the range of values for each option. which can be specified with this command. thus it must have the DHCP flag enabled. use the ztcclient update command. and a default value (if applicable).

3) Default Value ztcserveraddr N/A Example --> ztcclient enable static ztcserveraddr 192.168. and a default value (if applicable). and set the ZTC Server IP address. 192.102. Options The following table gives the range of values for each option which can be specified with this command.10 .DYNAMIC CONFIGURATION 60 seconds 192. use the ztcclient update command. Option Description The IP address of the interface used to connect to the ZTC Server.GENERAL PARAMETERS enabled: false dynamic: true configuration timeout: server address in use: . Example The following example shows the ZTC client parameters when a dynamic configuration is set.AT-RG 600 Residential Gateway – Software Reference Manual 417 ZTCCLIENT ENABLE STATIC Syntax ZTCCLIENT ENABLE STATIC ZTCSERVERADDR <ztcserveraddr> Description This command enables the ztcclient.1. ZTC CLIENT CONFIGURATION . The IP address must be specified in IPv4 format (e.168.g. Example --> ztcclient disable See also ZTCCLIENT ENABLE ZTCCLIENT SHOW Syntax ZTCCLIENT SHOW Description This command shows the ZTC client configuration parameters.168.102.3 See also ZTCCLIENT DISABLE ZTCCLIENT DISABLE Syntax ZTCCLIENT DISABLE Description This command disables the ztcclient module. To apply changes to the ZTC client module and turn on it.

0. and a default value (if applicable). which is the polling time interval before the ZTC client contacts the ZTC Server to check if a new configuration is available. Example --> ztcclient update .0.STATIC CONFIGURATION server address for static configuration: 0.418 Chapter 19 . Option Description The time that the ztcclient module stays in standby before checking the system configuration against the ztc server configuration. Options The following table gives the range of values for each option which can be specified with this command. Acceptable values are from 20 to 65535 secs Default Value configtimeout 60 Example --> ztcclient set configtimeout 30 ZTCCLIENT UPDATE Syntax ZTCCLIENT UPDATE Description This command saves the changes made with ZTCCLIENT SET CONFIGTIMEOUT and ZTCCLIENT ENABLE DYNAMIC or ZTCCLIENT ENABLE DYNAMIC commands and turn on the polling timeout.0 ZTCCLIENT SET Syntax ZTCCLIENT SET CONFIGTIMEOUT <configtimeout> Description This command changes the value of the configtimeout.ZTC interface: ip0 .

the flashfs file system is never access directly. During normal operation mode. running into RAM. To save permanently the contents of the isfs file system into flashfs file system. use the system configuration save command. To upgrade the AT-RG600 software. If the unit is powered off. Programs that access (read or write) files stored into flashfs file system.AT-RG 600 Residential Gateway – Software Reference Manual 419 Chapter 20 Software Update Introduction AT-RG600 Residential Gateway software consists of the system application file (named image) plus additional support files. all the changes made into the isfs file system are lost. upload a new file or download an existing file. to prevent file system corruption. All these files are stored permanently into the system flashfs file system and loaded during the unit bootstrap. named isfs (see chapter 1). it's possible use one of the following solutions depending on the type of upgrade requested: • • • • using FTP using TFTP using the Windows™ based Loader application using the SwUpdate client module . use a copy of the flashfs file system.

. Differently for FTP. TFTP connection is used typically to download or retrieve configuration and support files.420 Chapter 20 – Software Update FTP server AT-RG600 Residential Gateway implements an internal FTP server that provides access to the isfs file system. but only packets acknowledge and packet retransmission. There is no connection control. To retrieve or download a file from/to the Residential gateway it's necessary unlock the TFTP server sending (TFTP write request command) a special command file having filename "tftplock. Each TFTP connection is protected against uncontrolled access. To connect the FTP module. This file is a simple ASCII file that includes the TFTP password without any encryption. it doesn't result in a system restart when the connection is closed. using the same name defined for SNMP community write. FTP connection is used typically to download into the Residential Gateway a new image file but can be used also to retrieve or to download configuration and support files too. TFTP is a file transfer protocol that is based on UDP transport protocol and therefore it less reliable than ftp. it's possible browse the isfs file system with the ftp LIST command. the content of isfs is copied back into flashfs and the unit is forced to reboot in order to restart from the new application code (or with the new configuration files). When the ftp connection is closed. simply use a FTP client application and login with the same username and password used for telnet access. AT-RG600 Residential Gateway support also an internal TFTP server that provide access both to flashfs and isfs file system. Then. it's possible request or sends the configuration file. TFTP server Similarly to FTP. when a file is loaded into the Residential Gateway using the tftp facility. When connected.key".

The loader can be used to upgrade an existing software version or can be used to download a new complete software release if the Residential Gateway is running in recovery mode.AT-RG 600 Residential Gateway – Software Reference Manual 421 TFTP Client TFTP Write Request: tftplock. .key TFTP Write Request: filename TFTP Data or TFTP Read Request: filename TFTP Data Figure 26. the IP address of the residential Gateway must be selected and the SNMP community write name is requested as session password (see Figure 27). The loader uses the TFTP services provided by the Residential Gateway to download on the unit the application file plus all the other support files avoiding the user to download each file separately. all the existing configuration files are kept. Windows™ Loader To upgrade the AT-RG600 Residential Gateway a special Windows™ based application has been developed: the Loader. Access to the Residential Gateway TFTP server. To download files larger than 8kbyte use the FTP service. When using the Loader. When the Loader is used to upgrade the Residential Gateway from a previous software release. The maximum file size that can be downloaded into the Residential Gateway is 8kbyte.

the Residential Gateway will consider only DHCP Offers that include the option 60 (dhcp-class-identifier) with one of the following possible values depending on the product code: "RG603" . SwUpdate module is a basic FTP client module running on the Residential Gateway that contacts periodically a TFTP server and retrieves from it the required software or support files. In order to distinguish the correct DHCP Offer (in case more than one DHCP server is present in the network). It then uses the path passed as filename string to navigate into the TFTP server. In order to maintain backward compatibility with existing upgrade solutions.422 Chapter 20 – Software Update Figure 27. SwUpdate is able to manage software upgrades similarly to the DHCPCONF feature available on AT-RG200 Residential Gateway family. SwUpdate retrieves the TFTP Server address from a specific option (option 66 tftpserver-name) passed by the external DHCP server to the Residential Gateway IP interface. TFTP and Windows™ Loader are three upgrade solutions based on external client applications that typically require user manual operation or the development of dedicated script files. The Windows™ Loader SwUpdate module FTP.

AT-RG 600 Residential Gateway – Software Reference Manual 423 "RG613TX" "RG613TXJ" "RG613SH" "RG613LH" "RG613BD" "RG623TX" "RG623SH" "RG623LH" "RG623BD" "RG656TX" "RG656BD" "RG656LH" "RG656SH" SwUpdate is designed to download only the files that differ or are not present into the Residential Gateway file-system.conf. . ... DHCPCONF like SwUpdate operation mode. im. Unit restart Figure 28. derivedata. a special file named MD5SUM must be created on the TFTP server. In order to inform the SwUpdate module about which files it must download from the TFTP server. Residential Gateway NULL Unit Bootstrap DHCP Server TFTP Server DHCP Request: option 66 tftp-server-name option 60 dhcp-class-identifier DHCP Offer: filename: <tftp path> option 66: <tftp server address> option 60: dhcp-class-identifier = "rg6xx" Retrieve TFTP list file: MD5SUM TFTP files: image.dat.

tab version xgate_initbun .rg613 initbun.rg613txj initbun. it retrieves immediately this file and then it download each file reported by this list. the SwUpdate skip this download. the following command must be used to generate the MD5SUM file: root# md5sum * > MD5SUM the MD5SUM file will list the following informations: 96643c6e3af928990ed42a42dda2c554 7cf32ce7ba89ab67f977a71ae5b205cd 6d3dabc798da4ec9267615f12d1d2a43 810fd9bbababa67844e75e6846805e65 fb32c37e1457fcc1304d9cf74cd19bad 444aa423a8d8a2d74640953ff6537948 6400dc3f72433a674f99c5b98aa5dae3 026238c689022c21468df407a5daaef6 b87817d7b9a6c81cc8570deb9e270f34 24ae0c8518b7a98a5aa1c34563032c42 1d0c14e81301cb630912790d077b79c0 08d016fe02cc6bde27110dc453e2b7b5 4634050e6bf5e91d5a5872c3eb08d56a 1b5498efa91b0d901a1235347b15e407 fd1fb4825195c080206104ac0443427f 147e3239ce2f712340fa786f0a55a088 d55d9bd33ae47f4ea3acb39ae950a952 5ed6d58a9482d7aa0b44ff28a1e8ca7e 6927f315890f4209b8a406a1ee75595a 0a48b795c03a4a012d1ba77dd647c307 47abd829e3ccf727f9e8b29cbf52ed1e f9ae2f9ec26a5af37418be160fe67339 5318c5d07deb1c00dd42628b0d6f7af6 ea8fd2f8c81724291d1b0bcdb8e93df6 cleanup cliconsole consoleinit derived_data. otherwise it will download it.descriptions initbun initbun.conf im.eg1004 initbun.rg656 NPimage services snmpd.cnf snmpinit translate. The MD5SUM file is a list of filename where each file name has associated the MD5 value.rg603 initbun.conf.rg623 initbun.424 Chapter 20 – Software Update When the SwUpdate module connects to the TFTP server. To create the MD5SUM file it's possible use the md5sum command available under standard Linux platforms (free md5sum applications are available also under Windows™ Operating System).ztc_enabled_dynamic im.conf. Example: Assuming the all the files included in the current directory must be downloaded into the Residential Gateway.dat dnsrelaylandb image im. If a file reported into the MD5SUM list is already present into the Residential Gateway file-system with the same MD5 value.factory im.

It identifies the relative path respect the login home directory where the SwUpdate module expects to found the files. The working directory can be specified defining in the SwUpdate module a parameter named path. SwUpdate will change the remote directory on the TFTP server accordingly to the filename option passed in the DHCP Offer message. SwUpdate module sets the server address to the address specified by the tftp-file-name option and will uses the TFTP protocol to retrieve the MD5SUM file instead of the FTP protocol.AT-RG 600 Residential Gateway – Software Reference Manual 425 Plug-and-play If the Residential Gateway is set with dynamic IP interface and the DHCP server sends the option 66 tftp-file-name togheter with option 60 (dhcp-class-identifier) equal to same product code of the Residential Gateway. For example if the home directory is: /home/manager and the Residential Gateway path address is set to: at-rg600-software-xxx the working directory will be: /home/manager/at-rg600-software-xxx . TFTP working directory SwUpdate is able to navigate into the FTP/TFTP server directory.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->