Installation and Operation Manual DT2048 SHDSL/R 2W DT2048 SHDSL/R 4W

INSTALLATION AND OPERATION MANUAL
DT2048 SHDSL/R 2W
DT2048 SHDSL/R 4W
205.1671.50-2
2009 - DIGITEL S.A. INDÚSTRIA ELETRÔNICA
Rua Dr. João Inácio, 1165
Bairro: Navegantes
CEP 90230-181 Porto Alegre/RS Brasil
Tel.: 55 51 3337.1999
Fax: 55 51 3337.1923
http://www.digitel.com.br
E-mail: info@digitel.com.br
Instalation and Configuration
General Guidelines
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
• Before using the equipment, please read all general information and installation instructions in this manual.
○
○
• Disconnect the equipment before cleaning it. Do not use liquids, pastes, aerosols or abrasive products; use
○
○
a soft cloth, dry or slightly moistened. Never let any objects or substances fall inside the equipment through its
○
openings.
○
○
○
• Do not expose your equipment to rain or humidity levels and temperature variations beyond those specified
○
in this manual.
○
○
• Make sure that the connections of plugs, connectors, cables and accessories comply with the technical
○
○
specifications presented in this manual. Check whether these connections are correctly and firmly plugged.
○
Always turn off the equipment before making any connections and installing peripherals or accessories.
○
○
• You may insert some products manufactured by Digitel into cabinets or sub-racks without having to
○
○
disconnect them. To do so, follow the instructions on Product Installation.
○
○
• Do not overload the power feeding plugs. If you need to use an extension cord, make sure to use a cord and
○
○
a plug that are compatible with those used by the equipment.
○
○
• If you have to replace equipment parts or components, always use original parts. If you have questions and
○
doubts, contact our Technical Support Center.
○
○
• Take the necessary measures concerning antistatic and surge protection by grounding wires, using power
○
○
supply filters, voltage stabilizers and no-breaks.
○
○
• In case of cabinets, always mount them on a firm and flat surface. Cabinet slots and openings are meant to
○
○
avoid overheating. Therefore, these openings can not be blocked or covered. Make sure there are at least 3.5
○
cm of free space above the cabinet; never stack the equipment.
○
○
• Digitel has the right to change the specifications presented in this manual without prior notice.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
For information on warranty and technical support, see the section at the end of this manual.
○
○
3
• Table of Contents
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
• I n t r o d u c t i o n ...................................................................................................................................................................... 7
• Instalation and configuration.........................................................................................................9
MODEM INSTALATION AND CONFIGURATION ................................................................................................................................. 9
Straps configuration ............................................................................................................................................................................ 9
Interface Selection ............................................................................................................................................................................ 10
Impedance Selection for G.703 ...................................................................................................................................................... 10
G.703 Input Grounding ..................................................................................................................................................................... 11
Requirements for Initial Configuration ............................................................................................................................................ 11
Board Configuration .......................................................................................................................................................................... 12
Modem Configuration ....................................................................................................................................................................... 12
Interface G.703 Configuration ......................................................................................................................................................... 14
Interface V.35 Configuration ............................................................................................................................................................ 14
OPERATION MODE ................................................................................................................................................................................. 15
RDL Reception .................................................................................................................................................................................. 15
Automatic Rate .................................................................................................................................................................................. 15
Rate ..................................................................................................................................................................................................... 15
Transmission Clock ........................................................................................................................................................................... 16
Status I ................................................................................................................................................................................................ 17
Status II .............................................................................................................................................................................................. 18
Tests .................................................................................................................................................................................................... 19
CABINET INSTALATION ........................................................................................................................................................................ 20
DTSMP20-H and DTSMP20-HT Subrack Instalation .................................................................................................................. 20
• Router Configuration .................................................................................................................... 21
REQUIREMENTS FOR INSTALLATION AND INITIAL CONFIGURATION ...................................................................................... 21
IP ADDRESS RECONFIGURATION (OPTIONAL) ............................................................................................................................... 21
INITIAL CONFIGURATION VIA WEBCONFIG ..................................................................................................................................... 21
INITIAL CONFIGURATION VIA CLI ...................................................................................................................................................... 22
• P A N E L S / C O N N E C T O R S ............................................................................................................................................... 2 3
PANNELS/CONNECTIONS .................................................................................................................................................................... 23
LAN Indicator ..................................................................................................................................................................................... 23
Console port Connection ................................................................................................................................................................. 24
LAN Port Connection ........................................................................................................................................................................ 24
Rear Pannel ........................................................................................................................................................................................ 25
Power Supply ..................................................................................................................................................................................... 25
DTE Connector .................................................................................................................................................................................. 25
V.35 Interface ..................................................................................................................................................................................... 26
Line Connector .................................................................................................................................................................................. 26
• C a b l e s ............................................................................................................................................................................... 2 6
LAN CROSS CABLE (CB-LAN/X-NR) ................................................................................................................................................... 25
RJ CONSOLE CABLE (CB-CONS/AUX-NR) ........................................................................................................................................ 27
DB9 TERMINAL ADAPTER (AD-RJ/TERM/DB9-NR) .......................................................................................................................... 27
V.35 CABLE (ISO) .................................................................................................................................................................................... 28
G.703 INTERFACE .................................................................................................................................................................................. 29
• M O D E M O P E R A T I O N ................................................................................................................................................... 3 1
MODEM OPERATION ............................................................................................................................................................................. 31
NORMAL OPERATION ............................................................................................................................................................................ 31
OPERATION IN VG MODE ..................................................................................................................................................................... 31
TYPICAL APPLICATIONS ...................................................................................................................................................................... 31
OPERATION IN TEST ............................................................................................................................................................................. 34
• R O U T E R O P E R A T I O N .................................................................................................................................................. 3 7
ROUTER OPERATION ............................................................................................................................................................................ 37
BOOTING AND RESET ........................................................................................................................................................................... 37
DT2048 SHDSL/R BOOT AND OPERATION MODES ....................................................................................................................... 37
SAFE MODE ............................................................................................................................................................................................. 37
NORMAL OPERATION ............................................................................................................................................................................ 40
CONFIGURATION via webConfig ......................................................................................................................................................... 40
CONFIGURATION VIA CLI (TELNET/CONSOLE/SSH) ..................................................................................................................... 43
• CLI Guide - Command Line Interface ................................................................................................................... 4 5
INTRODUCTION TO CLI ........................................................................................................................................................................ 45
Accessing an equipment via CLI .................................................................................................................................................... 45
Commands ......................................................................................................................................................................................... 45
CHANGING USERNAME AND PASSWORD ....................................................................................................................................... 49
CHANGING THE HOSTNAME .............................................................................................................................................................. 49
EXPORTING AND IMPORTING CONFIGURATION FILES ................................................................................................................ 50
4
Table of Contents
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
SOFTWARE UPDATE ....................................................................................................................................................................... 50
○
○
Operating system update ................................................................................................................................................................. 51
○
BOOTLOADER and SOFTWARE update ....................................................................................................................................... 52
○
ADDING IP ADDRESS IN THE ETHERNET INTERFACES .................................................................................................................... 53
○
○
CONFIGURING ETHERNET VIRTUAL ADDRESS .................................................................................................................................. 54
○
CONFIGURING VLAN (802.1Q) ............................................................................................................................................................. 56
○
○
FRAME RELAY PROTOCOL ................................................................................................................................................................... 55
○
PPP PROTOCOL ..................................................................................................................................................................................... 56
○
HDLC PROTOCOL .................................................................................................................................................................................. 57
○
○
X25 PROTOCOL ...................................................................................................................................................................................... 57
○
Introduction ........................................................................................................................................................................................ 57
○
○
Commands List .................................................................................................................................................................................. 57
○
UNNUMBERED INTERFACE CONFIGURATION ............................................................................................................................... 60
○
ADDING STATIC ROUTES ..................................................................................................................................................................... 61
○
○
DYNAMIC ROUTING PROTOCOLS ...................................................................................................................................................... 63
○
RIP (Routing Information Protocol) ................................................................................................................................................. 63
○
○
OSPF (Open Shortest Path First) .................................................................................................................................................... 64
○
NAT (NETWORK ADDRESS TRANSLATOR) ....................................................................................................................................... 65
○
Introduction ........................................................................................................................................................................................ 65
○
○
Configuring the NAT MASQUERADE ............................................................................................................................................. 65
○
Configuring the NAT REDIRECT .................................................................................................................................................... 65
○
○
Configuring the NAT 1:1 ................................................................................................................................................................. 66
○
Configuring the NAT EXCLUSION .................................................................................................................................................. 66
○
Configuring the NAT POOL ............................................................................................................................................................. 67
○
○
ENABLING SNMP - SIMPLE NETWORK MANAGMENT PROTOCOL ............................................................................................ 67
○
IP TUNNELING ........................................................................................................................................................................................ 67
○
○
GRE (Generic Routing Encapsulation) ........................................................................................................................................... 68
○
PPTP (Point-to-Point Tunneling Protocol) ...................................................................................................................................... 69
○
L2TP (Layer 2 Transport Protocol) .................................................................................................................................................. 70
○
○
IPSEC - SECURE IP OVER THE INTERNET ....................................................................................................................................... 71
○
Introduction ........................................................................................................................................................................................ 71
○
○
IPSEC Protocols ................................................................................................................................................................................ 71
○
DHCP (DYNAMIC HOST CONFIGURATION PROTOCOL) ............................................................................................................... 75
○
○
DHCP Server ..................................................................................................................................................................................... 76
○
DHCP Reservation ............................................................................................................................................................................ 77
○
DHCP Relay ....................................................................................................................................................................................... 77
○
○
QUALITY OF SERVICE (QOS) ............................................................................................................................................................... 78
○
Traffic control ..................................................................................................................................................................................... 78
○
○
Service disciplines ............................................................................................................................................................................. 79
○
HTB (Hierarchy Token Bucket) ...................................................................................................................................79
○
TBF (Token Bucket Filter) ...........................................................................................................................................80
○
○
SFQ (Stochastic Fairness Queuing) ........................................................................................................................... 80
○
FIREWALL ................................................................................................................................................................................................. 82
Introduction ........................................................................................................................................................................................ 82 ○
○
○
Policies ................................................................................................................................................................................................ 82
○
Chains ................................................................................................................................................................................................. 82
○
○
Specifying inverted logic .................................................................................................................................................................. 83

○
Specifying fragments ........................................................................................................................................................................ 83

○
○
Configuration parameters ................................................................................................................................................................. 84

○
AUTHENTICATION SYSTEMS ........................................................................................................................................................ 86

○
Introduction ........................................................................................................................................................................................ 86
○
○
Radius ................................................................................................................................................................................................. 87
○
Tacacs ................................................................................................................................................................................................ 87
○
○
INTERFACE STATISTICS ....................................................................................................................................................................... 88

○
WAN (all protocolo - HDLC interface) ............................................................................................................................................ 88

○
WAN (HDLC protocol - Cisco) ......................................................................................................................................................... 89

○
○
WAN (FRAME RELAY protocol - HDLC interface) ........................................................................................................................ 89

○
WAN (FRAME RELAY protocol - PVC interface) ........................................................................................................................... 89

○
○
WAN (X25 protocol - HDLC interface) ............................................................................................................................................ 89

○
LAN (all protocols - ETH interface) ................................................................................................................................................. 90

○
SYSLOG .................................................................................................................................................................................................... 91
○
○
Facility ................................................................................................................................................................................................. 91
○
Priority (Level) .................................................................................................................................................................................... 92

○
○
○
○
5
Table of Contents
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
VRRP (VIRTUAL ROUTER REDUNDANCY PROTOCOL) ................................................................................................................... 92

Definitions ........................................................................................................................................................................................... 93
Configuration ..................................................................................................................................................................................... 93
• COMPLETE LIST OF COMMANDS ..................................................................................................................................... 9 4
System configuration - SYSTEM ..................................................................................................................................................... 95
MODEM Configuration ..................................................................................................................................................................... 96
Ethernet/LAN Configuration ............................................................................................................................................................. 96
WAN Interface Configuration ........................................................................................................................................................... 96
Configuration of static routes - ROUTES ....................................................................................................................................... 97
Backup line configuration - BACKUP ............................................................................................................................................. 98
Configuration of Dynamic Routing - RIP ........................................................................................................................................ 98
Configuration of Dynamic Routing - OSPF .................................................................................................................................... 98
NAT Configuration ........................................................................................................................................................................... 100
GRE tunnels configuration ............................................................................................................................................................. 100
VPN - PPTP Configuration ............................................................................................................................................................. 100
VPN - L2TP Configuration ............................................................................................................................................................. 101
VPN - IPSEC Configuration ........................................................................................................................................................... 101
DHCP Protocol Configuration ....................................................................................................................................................... 102
SNMP Protocol Configuration ....................................................................................................................................................... 103
IPX Protocol Configuration ............................................................................................................................................................. 103
BRIDGE Protocol Configuration .................................................................................................................................................... 104
Firewall Configuration ..................................................................................................................................................................... 104
IP - QOS Configuration .................................................................................................................................................................. 106
VRRP Protocol Configuration ......................................................................................................................................................... 107
PIM Configuration - Multicast ........................................................................................................................................................ 107
IPACCT Configuration - IP Accouting .......................................................................................................................................... 108
ARP Table Configuration ................................................................................................................................................................ 108
PPPoE Configuration (PPP over Ethernet) .................................................................................................................................. 108
LoopBack Interface Configuration ................................................................................................................................................ 109
XOT Configuration (X25 over TCP) ................................................................................................................................................ 109
• UPDATE ............................................................................................................................................................................... 1 1 0
SOFTWARE UPDATE ............................................................................................................................................................................ 110
• S P E C I F I C A T I O N S ....................................................................................................................................................... 1 1 2
• W arranty and Technical Support ......................................................................................................................... 117
Technical
6
• Introduction
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
DT2048 SHDSL/R, Digitel’s second generation of routers, is a family of high-performance access routers,
○
designed mainly to the corporate market, suitable to any type of company or network. With features, such as different
○
○
interfaces, protocols and services, these routers serve a large number of applications in various communications
○
networks that are available nowadays. The new models show how routers have been improved, and this results from
○
○
Digitel’s intention to have and maintain its own line of routers, which has been demonstrated by continuous investment
○
in the development and manufacture of IP products.
○
○
The DT2048 SHDSL/R family is composed of different models, attending the most varied combinations of V.35
○
○
or G.703 interfaces, VG or Ethernet-G.703, ISO or TELEBRAS connector, 2 or 4 wires.
○
○
The DT2048 SHDSL/R family presents, among other innovations, a hardware architecture of high performance
○
○
in the WAN and LAN port of up to 10Mbps. It supports the 3DES (168 bits key) or AES (256 bits key) cryptography
○
without the necessity of additional software packets.
○
○
With its own operating system, developed by Digitel and based on embedded Linux , these routers include the
○
○
most recent features and network protocols, such as Firewall, traffic control (QoS) and VPN/IP (IPSec/3DES/AES). The
○
use of an open operating system allows quick incorporation of technological developments that may be soon available
○
○
on the market.
○
○
The DT2048 SHDSL/R family is basically subdivided in two architectures containing two or four lines with ISO
○
or TELEBRAS connector. All models have a 10/100 Base-TX interface and V.35 and G.703 interfaces.
○
○
The configuration of the SHDSL/R is performed through the CLI (Command Line Interface) system, that uses
○
○
command lines and it makes possible the quick configuration of all features of the router and it allows the access to
○
the modem’s supervisor interface making possible the total access to the configurable characteristics of the equipment.
○
○
The CLI can be accessed via Console, TELNET or SSH interface.
○
○
The update of the router and modem’s firmware is performed independently, making possible the update of
○
○
only the router or of only the modem.
○
○
The modem characteristics of the equipment can be configured, controlled and monitored through the Digitel
○
Modems Management System, compatible with SNMP obtained through the management board of the TELEBRAS
○
○
standard sub-rack. Via SNMP it’s also possible to track the router’s functions activities obtaining the information
○
about MIB II.
○
○
Furthermore, it presents tests facilities, allowing the perform of local analog loops, local digital loops and
○
○
digital remote loops, offering a quick isolation of the problem in case of communication fails.
○
○
The DT2048 SHDSL/R family is composed of four models:
○
○
- DT2048 SHDSL/R/2W/E: modem router SHDSL 2 wires, with TELEBRAS standard connector;
○
○
○
- DT2048 SHDSL/R/2W/S: modem router SHDSL 2 wires, with ISO standard connector;
○
○
○
○
- DT2048 SHDSL/R/4W/E: modem router SHDSL 4 wires, with TELEBRAS standard connector;
○
○
○
- DT2048 SHDSL/R/4W/S: modem router SHDSL 4 wires, with ISO standard connector;
○
○
○
○
The DT2048 SHDSL/R leaves factory with a individualized MAC Address, with Digitel’s private Company
○
○
ID, registered in the IEE (Institute of Electrical and Electronics Engineers). The software is loaded at the factory,
○
but the user can perform updates when necessary (the Digitel’s website have the latest version).
○
○
The set of characteristics implemented in the DT2048 SHDSL/R family is adequate to support
○
○
from the basic to needs of intinternetworking with router modem of access to more complex applications,
○
always ensuring an excelent relation of cost benefit. Next, there are some of the main characteristics:
○
○
○
- Modem in modes Ethernet-G.703, V.35, G.703 or VG;

○
○
○
- Modem in automatic velocity (NTU);

○
○
- LTU or NTU operating modes;

○
○
- Line backup function;

○
○
- Frane Relay Protocol, in the modes ANSI, ITU or without LMI;

○
○
○
○
7
Introduction
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
- Dynamic and static routing (RIP, RIP2 or OSPF);
- Possibility to configure many IP addresses per LAN interface;
- Possibility of configuration of VLAN tagging (IEEE 802.1q) and prioritization (IEEE 802.1p);
- DHCP server for IP address and default gateway supply;
- DHCP Relay for applications with a centralized DHCP server;
- IP address sharing through NAT;
- Stateful inspection firewall with datagrama filters per IP address of origin or destination and
intervals of TCO (sockets) or UDP (of destination) ports and access list;
- PPTP, L2TP and GRE protocols for tunneling (VPN);
- IPSec for safe VPN nets, including the ones with 3DES cryptography (168 bits key) and AES (256
bits key);
- Support the priorization of packets, band limitation, charge balancing and congestion control,
through the QoS tools;
- Configuration via Console, Telnet and SSHv2;
- Support to SNMP management;
- Three user and authentication levels in external servers via TACACS, TACACS+ (AAA) and/or
RADIUS;
- Download/upload of routing configuration files;
- Software update via TFTP (router) or FTP (router or modem);
- Log of internal nets events or destinated to external elements of the net.
8
• Instalation and Configuration
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
MODEM INSTALATION AND CONFIGURATION
○
○
○
○
Before proceeding the installation of the DT2048 SHDSL/R, make sure that the equipment didn’t suffer
○
any mechanical damage during transportation, such as scratches, squashes, broken parts, etc. If any problem
○
○
is detected during de inspection, notify the transport company and the Digitel Technical Assistance Center,
○
wich will provide the substitution or the repair of the equipment.
○
○
The DT2048 SHDSL/R is presented in a printed circuit board, that can be used in cabinets or sub-racks.
○
○
1. Configure the straps of the modem board
○
○
○
2. Install the cabinet or sub-rack.
○
○
3. Insert the board in the cabinet or sub-rack.
○
○
4. Configure the operation terminal (when applicable).
○
○
○
○
○
○
STRAPS CONFIGURATION
○
○
○
○
Before the insertion of the board in the cabinet or sub-rack, it’s needed to configure the dip-switches and
○
○
straps. The pictures below show the straps’ localization.
○
○
S1: GND -G.703 grounded input
○
○
NC - ungrounded G.703 input
○
○
○
○
○
S4, S6:
○
1-2 - 75 ohms S2: GND -G.703 grounded output
○
NC - ungrounded G.703 output
○
2-3 - 120 ohms
○
○
○
○
○
S5: V.35/VG
○
○
○
S3: G.703
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
DT2048 SHDSL/R Board

○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
9
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
The programation parameters via straps are the following:
1. Interface selection:
- V.35
- G.703
- V.35 and G.703 simultaneously (needs habilitation via CLI)
2. Impedance selection for G.703
- 75 ohms
- 120 ohms
3. G.703 grounding
- G.703 grounded input
- G.703 grounded output
INTERFACE SELECTION
The selection of the interface is performed through the straps, according to the following table:
Interface S3(G.703) S5(V.35 or V

S5(V.35 .35/VG)
V.35/VG) CLI
G.703 S3 - -
V.35 - S5 V35FROM WAN*
V.35 and G.703 - S5 VGMODE ON
*factory configuration
IMPORTANT!
The definition of the origin of the V.35 (connector) or router is defined through the CLI
command:SET MODEM V35FROM<WAN/CONNECTOR>
In the V.35 operation mode the modem might transmit simultaneously the data present in the
V.35 and G.703. In this case it’s necessary to enable via CLI the VG mode through the command
SET MODEM VGMODEM ON, and the strap S3/S5 has to be in the position S5.
IMPEDANCE SELECTION FOR G.703
The impedance of the G.703 interface is selected through the straps, according to the following table:
Impedance S4 S6
75 ohms* 1-2
120 ohms 2-3
*Factory configuration
10
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
G.703 INPUT GROUNDING
○
○
○
○
○
○
○
○
Options S1
○
○
Grounded G.703 input GND
○
○
Ungrounded G.703 input NC
○
○
*Factory configuration
○
○
○
○
IMPORTANT!
○
○
The grounding in the G.703 interface must be selected only if the impedance is of 75 ohms.
○
○
○
○
○
○
○
○
○
REQUIREMENTS FOR THE INITIAL CONFIGURATION
○
○
○
○
It’s adequated to use a ASCII terminal with asynchronous serial interface, or a program of terminal
○
○
emulation instaled in a work station with asynchronous serial standard interface.
○
○
○
Supervisor
○
○
Through the CLI, SET MODEM SUPERVISOR, it’s possible to configure, monitore and perform tests in the
○
○
DT2048 SHDSL/R modems.
○
○
The main screen of the supervisor is composed for the options: Board Configuration, Modem
○
Configuration, Status I, Status II, Tests and Information.
○
○
○
○
DIGITEL S.A. Industria Eletronica
○
○
Supervisor DT SHDSL/R/s
○
○
○
[1] Board Configuration
○
[2] Modem Configuration
○
○
[3] Status I
○
[4] Status II
○
○
[5] Tests ○
○
[I] Informations
○
[X] Quit
○
○
Choose an Option:
○
○
○
○
○
○
○
○
○
○
○
○
○
IMPORTANT!
○
○
For further information about the operation via CLI, see section CLI Guide.
○
○
○
○
○
○
○
○
○
○
○
11
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
BOARD CONFIGURATION
In the option Board Configuration most of the parameters can not be modified through the supervisor.
These parameters provide information about the features of the modem model and enabled interfaces. The
option Load Default Configuration restores and saves the standard configurations, restarting the modem.
SHDSL: BOARD CONFIGURATION Modem: Local NTU
Parameter Current Configuration

———————————— ————————————
Configuration: EEPROM
Interface: V35
G703 Impedance (ohms): 120
DTE Connector: ISO
[1] Mode: Automatic Backup

[2] Main Line: 1
[F] Load Default Configuration
[R] Cancel Changes
[S] Save Configuration in EEPROM
[X] Quit
Choose an Option:
MODEM CONFIGURATION
In the option Modem Configuration it is possible to see and modify the programation parameters. The
configuration parameters from EEPROM can be modified by the supervisor.
The option Save Current Configuration allows the parameters: operational mode, speed, transmission
clock, remote digital loop reception, G.704 structure, timeslot16, timeslot16 in line and first timeslot. In this
menu, the Save Configuration in EEPROM option allows the user to permanently save the data.
Modem Configuration in VG mode

When the modem is set to operate simultaneously with V.35 and G.703 interfaces (VG mode), the Modem
Configuration opperation will allow the configuration of the following parameters: operation mode, LDR reception,
automatic speed, enable G.703 interfaces, G.703 interface configuration, enable V.35 interface and V.35 interface
configuration.
The Save Configuration in EEPROM option allows the user to save the configuration temporarily or
permanently.
12
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
○
○
SHDSL: MODEM CONFIGURATION Modem: Local NTU
○
○
○
○
———————————— ————————————
○
[M] Operation Mode: NTU
○
[L] RDL Reception: Enabled
○
○
[V] Automatic Rate: Disabled
○
○
VG Mode: Enabled
○
○
[H] Enabled Interfaces: G703 e V35
○
[1] V Configuration: 2048 kbps
○
[2] G703 Configuration: 1024 kbps
○
○
○
[R] Cancel Changes
○
○
○
[X] Quit
○
○
Choose an Option:
○
○
○
○
○
○
○
○
○
○
○
IMPORTANT!
○
For the modem operates in VG mode, it is necessary to enable via CLI +-(out of the superior mode),
○
and the interface strap must be in the S5 position.
○
○
○
○
○
○
○
○
○
○
○
○
○
Interface CONFIG-1 CONFIG-4
○
○
○
G.703 * OFF: UP OFF: UP
○
○
○
V.35 ON: DOWN OFF: UP
○
○
○
V.35 and G.703 DON’T CARE ON: DOWN
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
13
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
INTERFACE G.703 CONFIGURATION
If option 2 is selected (G.703 interface), it will be showed the screen for configuration of interface G.703,
that has the following parameters: rate, transmission clock, G.704 framework structure, timeslot 16, timeslot 16
in line, first timeslot and CRC4.

———————————— ————————————
[1] Rate: 1024 kbps
[2] Clock: Recovered
[3] G.704 Frame: Framed
[4] Timeslot 16 (data/signaling): Data
[5] Transmit Timeslot 16: —
[6] First Timeslot: 1
[7] Cascading: —
[8] CRC4: Disabled
[R] Cancel Changes

[X] Quit
Choose an Option:
The option Save Current Configuration allows saving the configuration permanently.
INTERFACE V.35 CONFIGURATION
If option 1 is selected (V.35 interface) , it will be showed the screen for configuration of interface V.35, that
allows setting communication rate, clock (when in single interface) and inversion of the transmission clock.

———————————— ————————————
[1] Communication Rate: 2048 kbps
[2] Clock: Recovered
[3] TX Clock Inverted: Disabled
[R] Cancel Changes

[X] Quit
Choose an Option:
The option Save Current Configuration allows saving the configuration permanently.
14
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
OPERATION MODE
○
○
○
○
For operation, one of the modems (central or remote) must be set as NTU (network terminal unit) and the
○
other as LTU (line terminal unit). The LTU option is normally used in the central unit of the network, and the NTU
○
○
option is used in the user unit.
○
○
○
○
RDL RECEPTION
○
○
○
Enables or disables the reception of a remote digital loop command through the line, defining if the local
○
○
modem will accept the command sent by the remote modem.
○
○
○
○
○
AUTOMATIC RATE
○
○
○
○
When the NTU modem (normally operating as user) is working with automatic rate, who determines the
○
operation rate is the LTU modem (normally operating as central).
○
○
○
○
○
○
○
○
———————————— ————————————
○
[M] Operation Mode: NTU
○
[L] RDL Reception: Enabled
○
○
[V] Automatic Rate: Disabled
○
VG Mode: Enabled
○
[H] Enabled Interfaces: G703 e V35
○
○
[1] V Configuration: 2048 kbps
○
[2] G703 Configuration: 1024 kbps
○
○
○
[R] Cancel Changes
○
○
[X] Quit
○
○
○
Choose an Option:
○
○
○
When the remote modem is set with automatic rate, the initial timeslot is always equal to 1.
○
○
○
○
IMPORTANT!
The automatic rate option is not available for VG mode and for line rate above 2.304 Kbps. ○
○
○
○
○
○
○
○
○
RATE
○
○
○
The modem transmits data in a rate between 64 and 2304 Kbps, according to the table below:
○
○
○
○
Digital Interface Lines Maximum Rate in V.35

V.35 Maximum Rate in G.703
○
○
Single interface backup mode 2304 Kbps 2048 Kbps

○
○
Single interface 4 wires mode 4608 Kbps 2048 Kbps

○
○
VG backup mode V.35 + G.703**

○
○
○
VG * 4 wires mode 2048 kbps 2048 Kbps

○
○
* There are restrictions only for VG mode operating with 2 wires

○
○
**V. 35+G.703 must be less than 2304 Kbps

○
○
○
15
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
When the user saves a rate value, the modem goes back to the previous value, in case the rate limit is
exceeded.
IMPORTANT!
There are restrictions only for the VG operating mode on 2 wires: the sum of the rate of V35 and G.703, operating
simultanemente on 2 wires, it has to be less than 3776Kps and the rate of the V.35 can not more than 3072Kbps.
TRANSMISSION CLOCK
Selects the synchronism clock source for the transmission of data from the DTE to the modem.
Clock selection:
Options Description
Internal Used when the modem supplies clock for the DTE.
External* Used when the DTE supplies clock for data.
Recovered Recovers from the line clock received from remote DTE to synchronize
data transmitted by local DTE ( data synchronism is made by the remote
side)
* Basic Configuration
IMPORTANT!
When the modem operates in VG mode the clock configuration is not available for V.35 interface.
In this case the interface operates with recovered clock of interface G.703.
For the G.703 interface, the usual configuratoin is selecting the external clock (for the system to synchronize
from the central end clock) and configure the remote side for recovered clock, according to the following figures.
a) DTE A supplies synchronicity (normal application with central office)
16
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
If the system with G.703 interface does not generate a clock, the modem can be configured as a source of
○
synchronicity, as shown in the folllowing scheme.
○
○
○
b) Modem A supplies synchronicity (usual application when the DTEs do not generate clock)
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
STATUS I
○
○
○
The G.SHDSL option indicates a series of parameters regarding the line (or lines). Such parameters are used
○
○
to inform what has happened in the link since the last time the modem was turned on, or since the last time the
○
counters were reset. In the 4-wire models, users can select the line using the L option. The following table presents
○
○
the parameters:
○
○
○
○
Monitoring Indicator Description
○
○
Line 1/2 Shows the line whose information are supplied
○
○
Number of line trainings N Informs the number of times the line has trai-
○
ned since the modem was turned on or since
○
the counters were reset
○
○
Line status Connected, training, or Informs the status of the SHDSL line
○
disconnected
○
Synchronicity Line is Synchronized Informs if the SHDSL is in sync or out of sync
○
○
or Out of Sync
○
Informs if the error rate is above the minimum
○
BIT Error rate > 10E-6 Yes/No value (10-6)
○
(ERR)
○
○
N (dB) Informs which is the current attenuation value of
Attenuation
○
the SHDSL line. The value is supplied in dB
○
○
NMR (Noise Margin N (dB) The Noise Margin on the Receiver is defined as
○
of the Receiver) the maximum tolerable increase in the power of
○
noise which permits an error rate smaller than ○
1.10-7
○
○
Line Time OK N (minutes) Informs how long the line has been in sync. The
○
value is supplied in minutes.

○
○
CRC errors N Informs the amount of CRC errrors since the mo-
○
ment was turned on, or since the last time the

○
counters were reset .

○
○
○
LOSW SHDSL N Informs how many times the modem lost the syn-
○
chronicity word since it was synchronized or sin-

○
ce the last time the counters were reset

○
○
Data flow in line 1/2 When running in backup mode, this indicates
○
which line has data flow

○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
17
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
The following figure presents an example of the G.SHDSL screen.
SHDSL: STATUS Modem: Local LTU

Parameter Current Status
_________ ____________
[L] Line: 1
Connection Attempts: 1
Line Status: Training
Synchronism: Out of Synchronism
Error Bit Rate > 10E-6 (ERR): Yes
Attenuation (dB): ---
NMR (dB): ---
Line OK (minutes): ---
CRC Errors: 0
LOSW SHDSL: 0
Data flow in line: 1
[A] Refresh Screen

[C] Clear Counters
[X] Quit
IMPORTANT!
The
. Clear Counters option clears the values which had been stored in the several counters regarding
modem status.
STATUS II
The option G.703 from the Status Menu offers four indicators regarding the modem G.703 interface. These
indicators display the interface status, with information on each of the options in the table below, whether enabled or
disabled.
The figure below presents an example of the G.703 Status screen.
SHDSL: G.703 STATUS Modem: Local LTU
Parameter Current Status

---------------- ----------------
G.703 Interface: Enabled
AIS (All ones): ---
LOS (Loss of Signal): Yes
FRLOSS (Frame Loss): ---
CRC4 Errors: 0
[C] Clear CRC4 Counter

[A] Refresh Screen
[X] Quit
STATUS II (item 4 of the main menu)

STA
Monitoring Indicator Description

AIS PCM YES/NO Local alarm. Informs if the input signal, in G.703, structured mode,
contains only the data in 1 (error situation)
LOS PCM YES/NO Informs if there is no data signal at the input of the modem G.703 interface
FRLOSS YES/NO Informs if there has been a loss of alignment in the G.704 frame interface
CRC4 Errors N Informs the amount of CRC errors of the G.703 since the modem was
turned on or since the last time the counters were reset
18
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
TESTS
○
○
○
Through this option from the Main Menu, users can activate the following tests: LAL, LDL, LDR, BERT, and
○
○
BERT+LDR. The following table describes all the parameters used in the Main Menu Tests option:
○
○
○
○
○
○
○
Parameter Description
Indicator
○
Test Type Indicates the test types which can be activated
LAL, LDL, LDR, BERT,
○
by the supervisor
BERT+LDR
○
○
Teste Activated Indicates if any test has been activated by the
YES/NO
○
supervisor or remote modem
○
○
Teste Activated by Supervisor YES/NO Indicates if any test has been activated by the
○
supervisor only
○
○
Inject CRC Error - Injects an error in the line. This error can be
○
checked by the remote modem
○
Number of CRC Errors N Informs the number of CRC errors
○
○
Standard 223-1, 215-1, 211-1, 29- Type of standard used for the test
○
1 and 26-1
○
○
Test Interval (bits) 231, 228, 225 or 221 Indicates the number of bits transmitted in each
○
test
○
○
Test Status Off, In progress, Stabili- Informs the test status
○
zing Link, Failed, Finished
○
○
○
BER N Indicates the BERT test error rate
○
Number of CRC Errors Informs the number of CRC errors
○
N
○
○
○
○
○
The figure below presents an example of the Test Configuration screen.
○
○
○
SHDSL: TESTS CONFIGURATION Modem: Local LTU
○
○
Parameter Current Status/Configuration
○
----------------------- ----------------------
○
[L] Line: 2
○
○
[1] Test Type: LDL
○
Test in Progress: No
○
[2] Test Activated by the Supervisor: No
○
○
[3] Inject CRC Error
○
CRC Errors: 0
○
○
○
[4] Pattern: ---
○
[5] Test Interval (bits): ---

○
Test Status: ---

○
○
BERT Errors: ------------------

○
BERT: ---
○
○
○
[A] Refresh Screen

○
[C] Clear Counters

○
○
[X] Quit
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
19
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
CABINET INSTALATION
IMPORTANT!
The connection of the signal ground to the protection ground is optional. In case it’s necessary to
make it, use the S100 strap, located at the motherboard, inside the cabinet, and connect the signal
ground (CT-102/AB) to the protection ground (CT-101/AA). To have access to the S100 strap, open
the cabinet, using the screws located in the rubber supports.
.
PROTECTION GROUND
Position Operation
1-2 Protection ground connected to the signal ground
2-3* Protection ground not connected to the signal ground
*FACTORY CONFIGURATION
WARNING!
Before installing the cabinet, perform a thorough visual inspection on the equipment to check for
.
damages. If any problem is found, please inform the hauler company and the closest Digitel repre-
sentative to arrange for the replacement or repair of the equipment.
Install the cabinet in a ventilated place and do not close the openings above and under the cabinet. The
place where the cabinet will be installed must allow the operation via panel and the access for maintenance.
DTSMP20-H AND DTSMP20-HT SUBRACK INSTALLATION
The DTSMP20-H and DTSMP20-HT are 19", 4 U high subracks (1 U = 1.75 inches = 44.45 mm) with slots to
install up to 20 modem modules, one slot for the supply module and one for the control and management module.
The DTSMP20-H and DTSMP20-HT subracks were designed to be fastened to racks through four front bolts
that depend on the type of rack being used.
The DTSMP20-HT allows for the operation of the DT2048 SHDSL/R modems.
ATTENTION!
Fastening of the subracks must be done without the modem and supply modules. These modules
must be inserted after installation of the subrack.
Notice that the ON/OFF key on the supply module must be off when it is inserted.
Note:
All the information about technical features, operation and detailed installation of the DTSMP20-H
and DTSMP20-HT subracks is found in the specific manual for the Digitel subracks.
20
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
REQUIREMENTS FOR INSTALLATION AND INITIAL CONFIGURATION
○
○
○
○
The use of an ASCII terminal with asynchronous serial interface is also recommended, or also a terminal
○
emulation program installed in a workstation with standard V.24 (RS-232) asynchronous serial interface.
○
○
○
○
○
○
IP ADDRESS RECONFIGURATION (OPTIONAL)
○
○
○
○
The DT2048 SHDSL/R is originally configured to enable Console and LAN0 ports only. The LAN0 port is
○
initially configured with a specific IP address (192.168.1.254, network mask 255.255.255.0). There is also a default
○
○
route for this interface, with gateway address 192.168.1.1.
○
○
If the initial IP address configuration is not appropriate for the connection to the network or workstation
○
where WebConfig is installed, it can be easily modified via the Console port. To do that, follow these
○
○
steps:
○
○
1. Connect the Console port of DT2048 SHDSL/R to a terminal or workstation using a terminal emulation
○
○
program.
○
○
2. Switch on DT2048 SHDSL/R and wait until the ST LED on the front panel changes from orange to green.
○
The terminal should display information about the boot and Linux operating system. Booting lasts for
○
○
about 20 seconds.
○
○
3. The DT2048 SHDSL/R Console application will prompt you to type a username and password. The
○
equipment is originally configured with nr2g and digitel as username and password, respectively.
○
○
○
4. After login, press ENTER or type HELP in the Console prompt to get some help, type SHOW LAN LAN0
○
ALL to view the LAN0 port configuration, or type SHOW ROUTES ALL to view the routing table (including
○
the default value).
○
○
○
○
○
○
○
INITIAL CONFIGURATION VIA WEBCONFIG
○
○
○
○
For initial configuration via WebConfig, follow these steps:
○
○
1. Make sure the PC used for DT2048 SHDSL/R configuration runs TCP/IP and is properly configured.
○
○
2. Make sure a properly installed browser is available.
○
○
3. Connect the LAN port of DT2048 SHDSL/R to the local network that allows access to the workstation where
○
○
the PC to be used for configuration is located.
○
○
4. Switch DT2048 SHDSL/R on and wait until the ST LED on the front panel changes its color from orange to
○
green.
○
○
5. On your browser, type: http://192.168.1.254.

○
○
○
6. On the login screen, type your username and password. The equipment is originally configured with nr2g
○
and digitel as username and password, respectively.

○
○
7. After that, click OK. You will be logged in and the Webconfig main screen will be displayed.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
21
Installation and Initial Configuration
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
8. Configure the equipment according to your application. The configuration must be created using the CLI
syntax, and written in the command box.
9. Click Execute to apply the configuration.
After that, DT2048 SHDSL/R will try to connect with the remote equipment, following the configurations made
in step 8.
To check the configuration, type DUMP ALL in the command box and click Execute. Another option is to
select DUMP and the desired configuration module in the module tree, located on the left-hand side of the screen.
To change this configuration, repeat steps 8 and 9.
ATTENTION!
The equipment is preconfigured for WebConfig access through http://192.168.1.254.
INITIAL CONFIGURATION VIA CLI
For initial configuration via CLI, follow these steps:

1. Make sure the PC used for DT2048 SHDSL/R configuration runs TCP/IP and is properly configured.
2. Connect the LAN port on the DT2048 SHDSL/R side to the local network that allows your access to the
workstation for access via Telnet, or connect the workstation directly to the Console port.
3. If necessary, connect the adapter cables.
4. If necessary, reconfigure the IP address of the LAN port, as described in IP Address Reconfiguration
5. Switch on DT2048 SHDSL/R and wait until the ST LED on the front panel changes from orange to green.
6. After the workstation has been properly connected to DT2048 SHDSL/R via Telnet, SSH or directly connected
to the Console port, you will be prompted to provide username and password. The equipment is originally
configured with nr2g and digitel as username and password, respectively..
7. After that, the advanced operation prompt box will be displayed.
8. Configure the equipment according to your application, using the CLI commands.
Refer to Operation and CLI Guide for further information.
22
• Panels/Connectors
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
PANELS/CONNECTIONS
○
○
○
The front panels on the modems contain their power supply status indicator leds and for the digital interface
○
○
circuits and test control keys.
○
○
○
○
○
○
○
○
○
POWER (yellow): internal power supply providing the correct voltages for modem operation.
○
TEST (green): indicates analog of digital loop conditions, locally or remotely activated
○
RL (red): indicates the modem is in a remotely activated digital loop
○
INT CK (red): indicates operation with internal clock
○
ERR (red): lights up when the error rate surpasses 10 - 6
○
FRLOSS (red): lights up when the modem loses board alignement from G.704
○
104/RX (red): lights up when the modem sends “space” (+V) to the DTE.
○
106/G.703 (red): lights up when the modem is clear (106) or when there is data in the interface (G.703)
○
103/TX (red): lights up when the modem receives “space” (+V) from the DTE.
○
○
SYNC (red): indicates the modem is receiving data from the line
○
ALARM (red): indicates alarm conditions
○
○
○
○
normal operation – Inward: local analog loop
Outward:normal
○
○
○
Outward: normal operation – Inward: local digital loop
○
○
normal operation – Inward: Remote digital loop
Outward:normal
○
○
○
○
LAN: RJ45 for ethernet port
○
○
○
○
Console: RJ45 for ethernet port
○
○
○
○
○
○
○
○
○
○
○
○
○
○
LAN Indicator
LAN is two-colored LED that briefly show the operation of LAN interface. ○
○
○
○
○
When no link is established at the LAN interface (e.g.: the cable is not connected), the corresponding LED will
○
○
remain off. When a link is established, the LED will turn green, showing that the interface is operating in half-duplex mode
○
or turns orange, indicating that the interface is operating in full-duplex mode.

○
○
Activity is indicated by the quick-flashing LED (off for 30ms), when the interface is operating at 100Mbits, and by
○
○
the slow-flashing LED (off for 100ms), when the interface is operating at 10Mbits.
○
○
- 10 Mbps link: in this case, the led will be turned on in green while there’s no line activity and it’ll change to orange,
○
○
per at least 100 ms, or while the line activity last. As the LAN traffic is ussually in gusts, the LED stays only momentarily in
○
orange.
○
- 100 Mbps link: in this case, the led will be turned on in orange while there’s no line activity and it’ll change to green,
○
○
per at least 100 ms, or while the line activity last. As the LAN traffic is ussually in gusts, the LED stays only momentarily in
○
green.
○
○
○
○
○
○
○
○
○
○
○
○
○
23
Panels/Connectors
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
CONSOLE PORT CONNECTION
The Console port of DT2048 SHDSL/R is an asynchronous serial port with standard DTE V.24 (RS-232) pinout.
This port allows monitoring the operation of the router through an asynchronous ASCII or VT100 terminal, or
through a program that emulates these terminals.
To use the Console port, connect it to one of the ends of the CONSOLE cable provided with the equipment.
Connect the other end to one of the adapters provided with DT2048 SHDSL/R, depending on the type of equipment
that will be used.
Finally, configure the asynchronous terminal or terminal emulation program on the workstation using the
following parameters:
Rate 57600 bps

Character width 8 bits
Stop bits 1 bit
Parity none
Flow control none
LAN PORT CONNECTION
The LAN port of DT2048 SHDSL/R is initially enabled and configured with a specific IP address
(ipaddr=192.168.1.254; netmask=255.255.255.0; gatewayip=192.168.1.1), allowing for communication with the
workstation where EasyConfig was installed or SSH via the local area network.
Connect the LAN port of DT2048 SHDSL/R to a LAN equipment (hub or switch) using a straight UTP cable
(no crossover).
Alternatively, the LAN port can be connected directly to a LAN port on the workstation using the CROSS
cable provided with the equipment (CB-LAN/X-NR). The pinout of the LAN CROSS cable, which implements the
crossover function, is as follows:
Function RJ45 pins RJ45 pins Function

TD+ 1 3 RD+
TD- 2 6 RD-
RD+ 3 1 TD+
RD- 6 2 TD-
24
Panels/Connectors
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
GB8000/AC/DC AND GB8000 HT/AC/DC REAR PANEL
○
○
○
○
○
○
Key DC On / Off / AC On
○
○
○
2A AC Fuse
○
○
DC Supply
○
Line connectors
Connector
○
○
○
DTE
○
connector
○
○
○
○
○
○
○
○
○
○
○
○
○
○
AC Supply Cable
○
Connector
○
DB9 for
○
management
○
○
2A DC
○
Fuse
○
○
○
○
Power Supply
○
○
○
The ON DC/ON AC key has three positions. The central position is neutral and deactivates modem power
○
supply. The ON DC position is used to activate DC power supply, and the ON AC positions to activate AC power
○
○
supply.
○
○
The cabients DO NOT have a 110/220V voltage selection key. Therefore, connect the alternate current power
○
○
supply cable directly to the local electrical network for voltages between 93.5 to 253 Vrms.
○
○
The direct current input power supply must be installed on pins -48 V, 0 V and ground, located in the rear panel.
○
Connect the power supply cable checking the -48 and 0 V polarity. The protection ground connector must be
○
○
grounded.
○
○
For supply, both AC and DC, the cabinets use 2A protection fuses located in the rear panel.
○
○
○
○
○
○
○
○
DTE connector
○
○
○
The DTE connector is a female, type D, 25-pin connector.

○
○
○
○
○
○
○
○
○
○
○
○
Connect the data terminal equipment cable to the DTE connector through the adapter cables described in
○
○
the following table.

○
○
○
○
○
○
○
○
○
25
Panels/Connectors
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Connecting to DTE
• To connect the DTE to the modem use an adapter cable that depends on the interface type.
• Always connect the male DB25 connector to the DTE connector located in the rear panel of the cabinet
or subrack.
• The modem may be connected to DTEs that have, V.35 or G.703 interfaces.
V.35 interface
When the V.35 interface is selected, data and clock signals are of balanced type and follow V.35 standard. The
control signals are non-balanced and compatible the V.28 recommendation.
Line connector
The line connector is used to connect the modems to the data transmission lines. It is an eight pin connector
that allows the connection of up to four lines. Connection of the line wires is done by connecting to the TX and RX
points.
CAUTION!
The RX, RXLP and TXLP must not be used.
LAN CROSS CABLE (CB-LAN/X-NR)
The pinout of the CB-LAN/X-NR cable and the

signals used are shown in the following table:
Function RJ45 RJ45 Function

TD+ 1 3 RD+
TD- 2 6 RD-
RD+ 3 1 TD+
RD- 6 2 TD-
The LAN crossover cable CB-LAN/X-NR (part number: 810.0343/690.1938) is used to connect the LAN/
Ethernet interface of a workstation directly to one of the LAN interface of DT2048 SHDSL/R. This cable allows
the crossover of TD +/- and RD +/- signals.
Note:
This cable is optional. To purchase it from Digitel, use part number 810.0343.
26
• Cables
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
RJ CONSOLE CABLE (CB-CONS/AUX-NR)
○
○
○
○
The pinout of the CB-CONS/AUX-NR cable and the
○
○
signals used:
○
○
Signal RJ45M RJ45M Signal
○
○
○
RTS 1 8 CTS
○
○
DTR 2 7 DSR
○
○
TD 3 6 RD
○
○
○
GND 4 5 GND
○
○
GND 5 4 GND
○
○
○
RD 6 3 TD
○
○
DSR 7 2 DTR
○
○
CTS 8 1 RTS
○
○
○
○
○
The rollover RJ45-RJ45 CB-CONS/AUX-NR cable (part number: 810.0344/690.4025) is used to connect
○
○
a terminal or modem to the Console port of DT2048 SHDSL/R. It should be used together with one of the
○
adapters described subsequently. One end of the cable should be connected to the RJ45 connector of the
○
○
Console port of the router and the other end should be connected to the female RJ45 connector of the adapter.
○
○
○
Note:
○
○
This cable is optional. To purchase it from Digitel, use part number 810.0344.
○
○
○
○
○
○
DB9 TERMINAL ADAPTER (AD-RJ/TERM/DB9-NR)
○
○
○
The pinout of the AD-RJ/TERM/DB9-NR adapter and the
○
○
signals used:
○
○
○
Signal RJ45F DB9F
○
○
RTS 1 7
DTR 2 4 ○
○
○
○
○
TD 3 3
○
○
GND 4 5
○
○
GND 5 5
○
○
○
RD 6 2
○
○
DSR 7 6
○
○
○
CTS 8 8
○
○
○
The female RJ45/female DB9 AD-RJ/TERM/DB9-NR adapter (part number: 810.0345/690.4022) is used
○
to connect the Console port of DT2048 SHDSL/R directly to an asynchronous serial port of a terminal or PC with
○
○
a male DB9 connector. It should be used together with the RJ Console cable (CB-CONS/AUX-NR).
○
○
○
○
Note:
○
○
This adapter is optional. To purchase it from Digitel, use part number 810.0345.
○
○
○
○
27
Cables
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
V.35 CABLE (ISO)
When the user interface follows the V.35 standard, the V35 adapter cable must be used according to the
DT2048 SHDSL/R model, according to the following table.
Model Adapter cable Description
DT2048 SHDSL/R/4W/E V35 ISO 2110 cable Adapter cable for ISO 2110 standard connector,
DT2048 SHDSL/R/2W/E (810.0231.00) that terminates in a female, 34-pin connectior
(M34)
DT2048 SHDSL/R/4W/E V35 Telebrás cable Adapter cable for Telebrás standard connector,
DT2048 SHDSL/R/2W/E (810.0172.0) that terminates in a female, 34-pin connector
(M34)
The following table shows the CB-V35 ISO 2110 cable pinout, used for DT2048 SHDSL/R.
M34 (V.35) DB25 ITU-T DESCRIPTION
A 1 101 Protection ground

P-S 2-14 103 Transmitted data / TD
R-T 3-16 104 Received data / RD
C* 4 105 Request to send / RTS
D* 5 106 Clear to send / CTS
E* 6 107 Data set ready / DSR
B 7 102 Signal ground/GND
F* 8 109 Data carrier detected / DCD
Y-AA/a 15-12 114 Internal transmission clock/TC
V-X 17-9 115 Receiving clock / RC
L* 18 141 Local analog loop/LAL
H* 20 108 Data terminal ready / DTR
N* 21 140 Remote digital loop/RDL
U-W 24-11 113 External transmission clock/REX
NN/n* 25 142 Test indicator / TI
NOTE:
The circuits marked with asterisk ( *) are unbalanced control signals, with level V.28. The pinout
in the DB25 connector follows the ISO 2110 standard.
Note:
These adapters are optional (not included with the product).
28
Cables
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
G.703 Interface
○
○
○
The G.703 interface follows the ITU-TSS G.703 recommendation for the speed of 2048 kbps.
○
○
The adapter cables that connect the G.703 interface to the modem have a male DB25 connector, two
○
○
connections for TX and two connections for RX. There are two types of G.703 interface: non-balanced interface, with
○
75-ohm impedance, and balanced interface, with 120-ohm impedance. Refer to the following table about the cables
○
○
that must be used with each modem model and impedance.
○
○
○
○
○
Impedance Cable Description
○
○
75 ohms G703/COAX Male DB 25 adapter cable that terminates
○
(810.0244.01) BNC connectors for coaxial cables
○
○
○
○
120 ohms G703/TWIST Male DB 25 adapter cable that terminates
○
(810.0245.00) pin connector for twisted pair
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Twisted pair G.703 adapter cable
○
Coaxial G.703 adapter cable
(DT2048 SHDSL SINGLE models)
○
(DT2048 SHDSL SINGLE models)
○
○
○
○
○
○
G.703 interface pins in DB25 connector for the DT2048 SHDSL/R models
○
○
G.703 DB25 Description
○
○
○
TX 2/15 Pins that refer to the G.703 interface transmission signal (DTE to
○
modem)
○
○
RX 4/17 Pins that refer to the G.703 interface reception signal (modem to
○
○
DTE)
○
○
○
○
○
○
○
○
VG Adapter
○
○
Adapter Description
○
○
○
AD-SHDSL/PT-VG DB25 male TELEBRAS adapter terminated in one female DB25

○
(V.35/V.36) and two BNC (G.703)

○
○
○
CB-SHDSL/PT-VG DB25 male TELEBRAS Y adapter cable terminated in one female

○
DB25 (V.35/V.36) and two BNC (G.703)

○
○
○
CB-SHDSL/M34-VG DB25 male TELEBRAS Y adapter cable terminated in one female

○
M34 (V.35/V.36) and two BNC (G.703)

○
○
○
○
○
○
29
Cables
Cables
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
The following table shows the pinout of the VG TELEBRAS adapter or cable, used for the DT2048 SHDSL/R
DB25 Function Description

1 101 Ground Protection
2-15 103 Transmitted Data /TD
4-17 104 Receveid Data /RD
5 105 Request to Send/RTS
7-20 106 Clear to Send/CTS
9 107 Data Set Ready/DSR
13 102 Ground Signal/GND
10-22 109 Data Carrier Detect/DCD
3-16 114 Transmission Clock/TC
6-19 115 Receive Clock/RC
8 141 Local analog loop / LAL
11-24 113 External transmission clock / REX
12 142 Test indicator / TI
14-21 TX G.703 interface transmission
18-25 RX G.703 interface reception
The following table shows the CB-V35 ISO 2110 cable pinout, used for DT2048 SHDSL/R.
DB25 Function DESCRIPTION
1 101 Protection ground

2-14 103 Transmitted data / TD
3-16 104 Received data / RD
4 105 Request to send / RTS
5 106 Clear to send / CTS
6 107 Data set ready / DSR
7 102 Signal ground/GND
8 109 Data carrier detected / DCD
15-12 114 Internal transmission clock/TC
17-9 115 Receiving clock / RC
20 108 Data terminal ready / DTR
24-11 113 External transmission clock/REX

19-21 113 G.703 interface transmission
18-25 142 G.703 interface reception
30
• Modem Operation
Cables
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
MODEM OPERATION
○
○
○
○
Before operating the modem, the user must know about all the controls and indicators and have a
○
perfect understanding of each one’s function.
○
○
○
○
○
○
○
NORMAL OPERATION
○
○
○
In normal operation of the modem, the user must connect the line through the TX or RX connectors and check
○
○
through the front panel leds if the modem(s) is(are) in perfect working order.
○
○
○
○
Operation with one interface
○
○
○
The following diagram represents normal operation.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
OPERATION IN VG MODE
○
○
○
○
The following diagram represents normal operation with two data interface simultaneously.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
TYPICAL APPLICATIONS
○
○
○
○
Below are presented six examples o typical applications. They are:

○
○
○
○
Example 1 Ö Loop at speed of 1024 kbps, with V.35 interface and modem generated clock.
○
○
○
Example 2 Ö Framed channel using eight time slots in G703 and 256 kbps transmited in V35 (VG mode)
○
○
Example 3 Ö Loop at speed of 256 kbps through extended connection, with G.703 network generated clock.
○
○
○
Example 4 Ö DTEs Connection with V.35 interface, at speed of 1024 kbps and clock generated internally by
○
modem A.
○
○
○
○
○
○
○
○
○
○
○
○
31
Cables
Modem Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Modem B is programmed for slave clock. DTE A and DTE B must be programmed for external clock.
MODEM A MODEM B
DTE A (Exchange) (User) DTE B
LINE
V.35 V.35
External Internal Recovered External

clock clock clock clock
Function Selected option

Interface V.35
LTU/NTU Central modem as LTU

User modem as NTU
Transmission clocks Central modem with internal clock
User modem with recovered clock
V.35 Speed 1024 kbps

VG Only one interface (except VG)
Example 2
2:: Transportation of the timeslots from 5 to 12 of the G.704 frame (G.703 interface with 120 ohms
impedance) and 256 kbps through the V.35 interface with recovered clock by DTE A. The DTE A must be
programed for internal clock and the DTEs B, C and D must be programed for external clock.
DTE A DTE B
G.703 MODEM A MODEM B G.703

Internal (Center) (User)
External
clock clock
DTE C V.35
G.704 G.704 V.35 DTE D
Timeslots 5 to 12 Timeslots 5 to 12
External clock Recovered clock
External
clock External
clock
32
Cables
Modem Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
○
○
Interface G0.703
○
75 ohms
○
○
G.703 input ungrounded
○
G.703 output ungrounded
○
○
○
LTU/NTU Central modem as LTU
○
User modem as NTU
○
○
Transmission clocks Central modem with internal clock
○
○
User modem with external clock
○
○
○
○
G.703 speed Timeslot from 5 to 12 (512 kbps)
○
○
V.35 speed 256 kbps
○
○
VG Two interfaces (VG mode)
○
○
○
○
○
○
○
Example 3: Data with speed of 256 kbps transmitted through extended 2048 links, with clock generated by
○
the network. Modems A and D are programmed for speed of 64 kbps and slave clock. Modems B and C are
○
○
programmed to operate with G.704 board structure, transporting data from/to timeslot 1 (speed of 256 kbps). DTE A
○
and DTE D must be programmed for external clock.
○
○
○
○
○
○
DTE A MODEM A MODEM B MODEM C MODEM D
○
2048 kbps DTE D
○
LINE network LINE
○
(clock source)
V.35 G.703 G.703 V.35
○
○
External
○
External Slave External External Recovered clock
○
clock clock clock clock clock
○
○
○
○
○
○
○
○
Interface Central modems in G.703
○
75 ohms
○
G.703 input ungrounded
○
○
G.703 output ungrounded
○
User modems in V.35 ○
○
○
LTU/NTU Central modems B and C as LTU

○
User modems A and D as NTU

○
○
Clocks for Central modems with external clock

○
transmission
○
○
User modems with recovered clock

○
○
○
G.703 speed Central modems transporting 4 timeslots

○
(center)
○
○
V.35 Users modems at 256 kbps

○
(user)
○
○
○
VG Only one interface (not VG)

○
○
○
○
○
○
○
○
○
○
○
33
Cables
Modem Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
OPERATION IN TEST
In order to make it easier to analyse and isolate possible faults, the modem allows for the execution of
some test loops. These tests can be activated through keys in the front panel of the modem, supervision
terminal or Digitel’s Modem Management System.
Operation in test of errors tax
DT2048 SHDSL/R also features a data standard generator in the transmitter and an error identifier at the
reception (BERT), that can be activated by the supervisor or manager. The modem in which the test has been
activated sends the test sequence and checks whether it receives the same sequence. The errors that occur in
the loop are recorded and forwarded to the manager or supervisor when requested.
BERT, when activated together with the RDL (following figure), tests the loop.
Test activation by the front panel
The following table shows how to activate the test loops for the modem through the keys located in the front
panel, as well as their functions in the DT2048 SHDSL/R models.
Outward: normal operation

Inward: local analog loop

Inward: local digital loop

Inward: Remote digital loop
34
Cables
Modem Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
Key functions
○
○
○
○
Key Function
○
○
LAL Active local analog loop Data from the local DTE go through
○
○
the interface, are encoded, forwarded to the receiver and
○
return to the local DTE without passing to the line, that is,
○
○
they put the local modem in an analog loop. The local
○
modem does not close a loop to the remote modem.
○
○
○
LDL Activates local digital loop, that is, returns to the DTE the
○
data it sends to the modem, without passing through the
○
○
transmitter and receiver. When the modem is in LDL, there
○
is a return of the data sent by the remote modem.
○
○
○
RDL Sends a signal to the remote modem putting it in a digital
○
loop, that is, having the data received sent back to the
○
○
modem that generated the test. The remote modem also
○
closes the digital loop to the remote DTE. The loop only
○
○
works once the modems are synchronized.
○
○
○
○
○
○
Operating in local digital loop
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
The local operator tests:
○
○
• Local DTE;
○
○
• local modem interface circuits.
○
○
The remote modem operator tests:
○
○
• local modem;
○
○
• line;
• remote modem; ○
○
○
• remote DTE;
○
• remote modem interface circuits.

○
○
○
○
○
Operating in LDL V and LDL G

○
○
○
When the modem is operating with two data interfaces simultaneously, it’s possible to set the digital loop
○
○
individually in each interface via supervisor. The LDL V loop makes the data to return to the V.35 or V.36 interfaces, and
○
the LDL G makes the data to return to the G.703 interface. In these two loops, the data, besides of returning to the DTE,
○
○
it follows to the analog interface along with the data of the digital interface that isn’t in loop.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
35
Cables Operation
Modem
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

• Local DTE of the choosen data interface;
Operation in local analog loop

• local modem;
• Local DTE;
Note:
The modem does not close a loop to the line.
Operation in Remote digital loop
The local modem operator tests:

• local modem;
• line;
• remote modem;
• Local DTE;
The remote operator tests:

• remote DTE;
• remote modem interface circuits.
36
• Router Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
ROUTER OPERATION
○
○
○
DT2048 SHDSL/R allows access to all configurable parameters via Console, Telnet or SSH, using the command
○
line interface - CLI.
○
○
In addition to previously available types of access, DT2048 SHDSL/R can be totally configured via WEB.
○
○
○
○
○
BOOTING AND RESET
○
○
○
When powered on, DT2048 SHDSL/R runs a hardware self-test. If any failure is repeatedly detected (ST
○
○
LED will be red), connect an asynchronous terminal or workstation with an equivalent program to the equipment’s
○
Console port (refer to Installation and initial configuration). Switch on the router again, observe and write down
○
○
the messages displayed on the screen and, with this information at hand, contact Digitel’s Technical Support
○
Center.
○
○
If no error is detected and the router is in automatic mode, then Linux operating system is booted (ST
○
○
LED is orange). Booting lasts for about 20 seconds, and after this period, the equipment should enter normal
○
operation (ST LED is green).
○
○
From then on, you can operate the equipment via different user interfaces: WebConfig or CLI (Telnet, SSH or
○
○
Console). Each of these interfaces has a command or option that allows resetting the operation. For instance,
○
using an asynchronous terminal connected to the Console port or a Telnet, type SET SYSTEM RESTART after
○
○
login.
○
○
○
○
DT2048 SHDSL/R BOOT AND OPERATION MODES
○
○
○
○
DT2048 SHDSL/R normal operation occurs when the equipment is booted to the automatic mode, that
○
is, when it is powered up or reset with all dip-switches on the rear panel in the UP position.
○
○
In normal operation, the equipment’s boot-up firmware (DT2048 SHDSL/R Boot) operates automatically,
○
○
immediately loading the Linux operating system and entering normal operation, using the latest configuration
○
that was saved in flash memory.
○
○
DT2048 SHDSL/R Boot allows placing the router in other modes of operation, which can be useful in
○
○
cases of configuration error correction, firmware update, or maintenance.
○
○
Configuration and firmware update errors are corrected by booting or resetting the equipment in the
○
○
safe mode (see this item further ahead).
○
○
Maintenance and test modes should be used by Digitel’s technicians or as instructed by Digitel. Operation
○
of these modes is not described in this manual.
○
○
○
○
○
SAFE MODE
○
○
○
This mode of operation should only be used when it is no longer possible to access the equipment in
○
○
automatic mode through any of the available user interfaces (WebConfig, Telnet, Console or SSH). This can
○
occur in one of the following situations:

○
○
• the equipment received, saved and tried to operate with an incorrect configuration;
○
○
○
• the saving of a new configuration was interrupted (power outage);

○
○
• the transfer of the new firmware version to the equipment was interrupted (power outage).
○
○
Before you set DT2048 SHDSL/R to operate in safe mode, connect an asynchronous terminal or workstation
○
with an equivalent program to the Console port on the rear panel.

○
○
○
To set the equipment to safe mode, switch the DT2048 SHDSL/R on or reset it.
○
○
The terminal screen should display a series of DT2048 SHDSL/R Boot messages, indicating the initial
○
status of the router hardware and results of the self-test. The following messages should appear on the last two
○
○
lines:
○
○
○
DT2048 SHDSL/R Security Mode

○
Press SPACE to stop autobooting in 5 seconds

○
37
Router Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
This indicates that DT2048 SHDSL/R booted to safe mode and that the automatic loading of Linux
operating system will start in 5 seconds, unless the space bar is pressed either in the terminal or on the
workstation connected to the Console port.
To enter the safe mode, type mode security.
In safe mode, Linux is loaded with the following configuration: only Console and LAN port is enabled,
and the latter is configured with a specific IP address (ipaddr=192.168.1.254, netmask=255.255.255.0 and
gatewayip=192.168.1.1 - default values).
If the error to be corrected is caused by a problem with router configuration and the current configurations
of the safe mode are appropriate for communication of WebConfig with the equipment via LAN0, you can allow
DT2048 SHDSL/R to boot automatically (see the subsequent item).
In any other case, interrupt the autobooting process by pressing the space bar in the terminal connected
to the Console port of DT2048 SHDSL/R. The DT2048 SHDSL/R command prompt should be displayed:
DT2048 SHDSL/R Boot>
If automatic loading is not interrupted in time, wait until Linux loads completely, log into the Console port
(see subsequent item) and type SET SYSTEM RESTART. In the next boot, make sure you do not miss the 5-
second window.
The following table shows the commands available in DT2048 SHDSL/R and their use:
Command Description
clear Configures the safe mode using default values and reboots the
equipment to the mode determined by the dips.
help Displays a brief description of DT2048 SHDSL/R Boot commands.
linux Starts loading Linux operating system.
restart Reboots the equipment to the mode determined by the dips.
setip Displays or changes the IP address of the safe mode.
setserv Displays or changes the TFTP server address used for firmware update.
update Displays or updates the firmware version.
version Displays the DT2048 SHDSL/R Boot version.
mode Changes the mode of operation of DT2048 SHDSL/R Boot.
The syntax of each of these commands is displayed on the terminal screen, when a command with no
parameter is typed, unless the command does not require any parameter. In this case, the command is
immediately executed.
The following items show how to use the safe mode to correct configuration or firmware update errors.
IMPORTANT!
After the problem that caused the equipment to enter safe mode has been corrected, reboot the
router.
Restoring the router’s configuration
If, after an alteration in the router’s configuration, it is not possible to operate the router via the WebConfig,
Telnet or Console port, the equipment probably wasn’t configured in the right way. In this case, the safe mode
allows the access again to the router’s configuration through any one of these interfaces, making possible the
analysis of the stored configuration and its correction or complete substitution.
38
Router Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
To restore the router’s configuration, execute the following procedures:
○
○
1. Set the equipment to safe mode and go to the DT2048 SHDSL/R Boot prompt.
○
○
○
2. Check the IP address configuration for the safe mode:
○
○
setip show
○
○
3. Change the IP address configuration if this is necessary for communication with the TFTP server via
○
LAN:
○
○
○
setip <new_ip_lan> <new_mask> <new_gateway>
○
○
4. Check the equipment’s state via Telnet and perform the necessary modifications, or, preferably, check
○
the equipment’s configuration via WebConfig and perform the necessary modifications.
○
○
○
○
○
○
Restoring the firmware version
○
○
○
If after an attempt to update the firmware, it is not possible to operate the router via the WebConfig, SSH,
○
○
Telnet or Console port, the equipment firmware is probably incomplete or incompatible with the hardware
○
version. In this case, the safe mode allows updating the firmware again from the correct file, placed in a TFTP
○
○
server that can be accessed via LAN.
○
○
To restore the firmware version, follow these steps:
○
○
1. Set the equipment to safe mode and go to the NR2GBoot prompt.
○
○
2. Check the IP address configuration for the safe mode:
○
○
○
setip show
○
○
3. Change the IP address configuration if this is necessary for communication with the TFTP server
○
via LAN:
○
○
○
setip <new_ip_lan> <new_mask> <new_gateway>
○
○
4. Check and change, if necessary, the TFTP server IP address:
○
○
setserv show
○
○
setserv <new_server_ip>
○
○
5. Check the firmware version:
○
○
update show
○
○
6. If necessary, save the most stable or most recent version of the router’s firmware to the TFTP server.
○
○
○
7. Update the equipment’s firmware version:
○
○
update <filename>
○
○
8. Pay attention to the messages displayed during the update. If necessary, go back to step 2 or to
○
a subsequent step.
○
○
○
9. Make sure that the following message is displayed after the update:
○
○
DT2048 SHDSL/R firmware correctly updated!

○
○
10. Reboot the equipment using the following command:

○
○
restart now
○
○
○
○
○
Clearing the router configuration

○
○
To clear DT2048 SHDSL/R configuration, follow these steps:

○
○
1. Reboot the equipment. If the router is powered up, type set system restart at the
○
○
configuration interface.
○
○
○
○
○
○
39
Router Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
2. The following message will be displayed:
DT2048 SHDSL/R Test Mode

Press the space bar before 5 seconds.
3. In the Bootloader prompt (NR2GBoot>), type run clconf.

4. To clear the Bootloader configuration, type restart now.

Press the space bar before 5 seconds.
3. In the Bootloader prompt (DT2048 SHDSL/R Boot>), type run clconf.

4. To clear the Bootloader configuration, type restart now.
NORMAL OPERATION
In normal operation, after DT2048 SHDSL/R has rebooted and Linux operating system has automatically
loaded, the equipment will be ready to be configured. DT2048 SHDSL/R offers two configuration options:
1. Configuration via web: using the WebConfig software;
2. Configuration via Console, Telnet or SSH: using the command line interface (CLI).
These configuration options will be described in detail on the following pages.
CONFIGURATION VIA WEBCONFIG
WebConfig is the management system used for configuration and diagnosis of DT2048 SHDSL/R series.
It allows an easy and quick configuration of all parameters available in the equipment.
WebConfig implements CLI (Command Line Interface) through its browser, not requiring the use of Telnet
or SSH.
Its major advantages include:
• access via web (from anywhere);
• same syntax as that of CLI;
• online help;
• total control over the configuration;
• internacionalization.
On the Webconfig main screen, you can choose the language to be used by the system. The available
options are Portuguese, English, and Spanish. The language can be changed at any time, from the login
screen to the configuration main window. The login screen is displayed on the next pages.
The main screen is divided into the following functional areas:
• Internacionalization: Located in the upper part of the screen.
• Global options: Located immediately below Internationalization. Includes help and the logoff button.
• Status bar: Contains the name and IP address of the connected equipment.
• Command tree: Divided into the following functional groups:
40
Router Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
• Modules: Contains the configuration information of each module. Allows obtaining the statistics
○
○
(e.g.:LAN statistics) and commands (CLI commands) of a given configuration. This feature
○
allows quick access to configuration without having to type any commands.
○
○
• Other tools: Contains the tools used for diagnosis and debugging. Provides shortcuts to ping,
○
○
traceroute, netstat and tcpdump commands. When clicking ping, for instance, the
○
command box displays a partially filled command, waiting for the user to complete it with the
○
○
desired options. Available options are shown in the Command Response box.
○
○
• Other configurations: Presents the options for loading and saving configurations. To use these
○
○
features automatically, it is necessary to configure the import/export configuration mechanism
○
(see further details in the CLI Guide, in Exporting and importing configuration files ).
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Configuration import/export mechanism (for more details, see section Importing and
○
○
exporting configuration files in the CLI Guide).
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
41
Router Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
• Command execution field: Consists of a command box (text area), where one or more commands
to be executed are inserted. Commands follow the CLI syntax (Refer to CLI Guide) and have control
buttons for their execution. The available buttons are: Execute, which executes the commands;
Execute and Save, which executes the commands and saves the configuration; and Clear,
which empties the command box (after executing a command, the command box is automatically
cleared).
• Command response: Displays each and every response to a command that has been executed.
When logging in, this field will not be available, since no command is initially executed. To make it
available, just execute a command, either from the command execution field or from the command
tree.
The following figures show all the items described above.
Commands tree
42
Router Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
For online help, click Help, located in the global options bar. Besides introducing Webconfig, this link
○
○
also provides a guide for CLI commands, showing how to configure several parameters using the CLI. This is
○
quite useful, since all configuration options (Console, Telnet, SSH and Web) use the same language.
○
○
To close Help and go back to the main screen, click Help, which, after opening online help, shows the
○
○
Close Help option. See the Help option in the figure below.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
CONFIGURATION VIA CLI (TELNET/CONSOLE/SSH)
○
○
○
○
After the Linux operating system has loaded, DT2048 SHDSL/R will present a command line interface
○
(CLI) that can be operated via the Console port, SSH or Telnet. The CLI supports the configuration, monitoring
○
○
of the firewall status, statistics and other services supported by the equipment.
○
○
To operate the equipment via the Console port (located on the rear panel), connect an asynchronous
○
terminal or an equivalent emulation program to the Console port. Refer to Console Port Connection in the
○
○
Installation and Initial Configuration section of this manual.
○
○
To operate the equipment via Telnet or SSH, run a client program (Telnet or SSH) on a workstation with
○
○
access to DT2048 SHDSL/R. For example, in a Linux terminal, type:
○
○
telnet <ip_address_netrouter2g>
○
○
After connecting the terminal, a message similar to this one should be displayed on the screen:
○
○
○
Linux 2.4.21 on Digitel NR2Ga
○
○
NR2G login:
○
○
○
Log in by typing a valid username and password. The equipment is originally configured with DT2048
○
SHDSL/R and digitel as username and password, respectively.

○
○
After the login, a welcome message and the command prompt are displayed:
○
○
○
------------------------------------
○
○
Welcome to DT2048 SHDSL/R from Digitel

○
------------------------------------
○
○
Digitel Configuration Shell - CORE version: 1.42.0.97

○
Loading modules: SNMP LAN NAT ZEBRA IPSEC FIREWALL ROUTES DHCP SYSTEM
○
○
○
Press ENTER to view a list of available commands.

○
○
○
○
○
○
○
○
○
43
Router Operation
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
For further information, see Command Line Interface Guide, which lists the commands and the respective
parameters supported by each command.
IMPORTANT!
We recommend that the password of user DT2048 SHDSL/R be changed during the first operation
of the equipment. To do that, use the SET SYSTEM USER1 command.
44
• CLI Guide - Command Line Interface
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
INTRODUCTION TO CLI
○
○
○
○
Digitel’s network equipment has a powerful configuration system known as CLI (Command Line Interface). The
○
CLI is a modular configuration system that allows configuring all the features of a certain equipment, viewing the
○
○
configurations and statistics, updating the software, in addition to offering several other options.
○
○
The CLI can be accessed via the console terminal or telnet by means of a previously registered username and
○
password. Each line of equipment leaves the factory with a default username and password for initial access.
○
○
○
The configuration is made through command lines that use a simple and objective syntax. The language is
○
hierarchical, and the available configuration options for the context are displayed at each level (subitem or parameter).
○
○
Other important resources of the CLI include:
○
○
○
○
• History of commands;
○
○
• Export and import of configuration;
○
○
○
• Levels of access.
○
○
○
○
Accessing an equipment via CLI
○
○
○
○
To log in, use a connection via console or TCP/IP network through port 23 (use a telnet client). When
○
communication with the equipment is established, a label with information about the equipment’s model and version
○
○
will be displayed, and the system will wait until you type an operator’s username and password, as shown next:
○
○
○
○
DT2048 SHDSL/R Linux version 2.4.21-rc2-p2_13 (56116c) #47 Sat Jan 31 00:07:16
○
BRST 2004
○
○
DT2048 SHDSL/R login:
○
○
○
○
○
After a valid username and password are entered, the CLI screen will be displayed:
○
○
○
------------------------------------
○
○
○
Welcome to DT2048 SHDSL/R from Digitel
○
○
------------------------------------
○
○
Digitel Configuration Shell - CORE version: 1.40.5.17
○
○
Loading modules: GRE IPX SNMP LAN NAT QOS WAN L2TP ZEBRA OSPFZ IPSEC BACKUP ○
○
BRIDGE FIREWALL ROUTES PPTP DHCP SYSTEM PROXYARP RIPZ
○
○
DT2048 SHDSL/R>
○
○
○
Commands
○
○
○
○
The CLI commands are categorized according to their actions. An action indicates to the CLI the type of
○
procedure the user wants to perform. As an example, suppose that the user wants to SHOW LAN configurations. To do
○
○
that, the user should use the SHOW command and, later, he/she should indicate that he/she wants to view LAN
○
configurations, more specifically, the LAN configurations. Thus, the command would be SHOW LAN LAN0 ALL.
○
○
This principle is followed for all categories. Available actions are:

○
○
• SET: inserts or changes the configuration of a given configuration item.

○
○
• SHOW: exhibits the configuration or statistics of a given configuration item.

○
○
• DUMP: tells the CLI to inform the commands (CLI commands) that represent the current configuration
○
○
of a given item.
○
○
• EXEC: executes one of the available programs.

○
○
○
○
45
CLI Guide - Command Line Interface
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
• CONFIG: saves or exports the equipment’s configuration. The configuration is exported as a text file,
whose content consists of a list of CLI commands that represent a given configuration.
• QUIT: exits the CLI. If the user changes the configuration and does not save it, the CLI will ask him/her to
confirm the changes in configuration before closing the session.
At each command level, press ENTER. to show the parameter options for that context. This is quite useful when
the syntax of the desired configuration is not known. This resource is shown next:
SET LAN <ENTER>

Output after ENTER:
SET LAN
LAN0
Or then:
SET LAN LAN0 <ENTER>
Output after ENTER:

IP <IP address>
MASK <Network mask>
BROADCAST <Broadcast address>
RESETCOUNTERS
UP
DOWN
PURGE
BROADCAST
STATS
Therefore, to configure the LAN interface, use the following command:
SET LAN LAN0 IP 192.168.1.99 MASK 255.255.255.0 UP <enter>
In addition to viewing the available options, we can also use the history resource so that we do not have to write
the command again (press the up-arrow key) and include/change the configuration.
To check the configuration created at the LAN, a SHOW action is used:
SHOW LAN LAN0 ALL <enter>
Ouput of command:
Applying to interface: LAN0
IP 192.168.1.99
MASK 255.255.255.0
BROADCAST 192.168.1.255
INTERFACE: eth0
ADMINSTATUS: UP
PACKETS SENT: 349
PACKETS RECEIVED: 81424
BYTES SENT: 26700
BYTES RECEIVED: 7666320
TX ERRORS: 0
RX ERRORS: 0
TX DROPPED: 0
RX DROPPED: 0
46
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
TX OVERRUN: 0
○
○
RX OVERRUN: 0
○
COLLISION: 0
○
○
CRC: 0
○
BROADCASTS RECEIVED: 80991
○
○
LAST RECEIVED PACKET TIME (s): 0.01
○
TRANSMIT QUEUE LENGHT: 0
○
○
TOTAL TRANSMIT QUEUE LENGHT: 100
○
LAST TRANSMITED PACKET TIME (s):0.01
○
○
LINK STATUS: UP
○
LAST LINK STATUS CHANGE TIME (s):65662.95
○
○
LAST ADMIN STATUS CHANGE TIME (s): 65662.95
○
○
○
To find out which commands represent a current configuration, use the DUMP command. Thus, it is possible to
○
check the command that generated the configuration of the LAN interfaces:
○
○
○
○
DUMP LAN ALL <enter>
○
○
○
Output of command:
○
○
○
○
SET LAN LAN0 PURGE
○
SET LAN LAN0 IP 192.168.1.99 MASK 255.255.255.0 BROADCAST 192.168.1.255 UP
○
○
○
There are applications that help to test and debug the equipment. These applications are activated by typing
○
○
EXEC. Available options are:
○
○
○
○
• NETSTAT: provides interface statistics, connection status (TCP, UDP, etc.), information about the routing
○
○
table, etc.
○
○
• PING: executes ping commands (ICMP ECHO_REQUEST).
○
○
• TCPDUMP: network traffic analyzer.
○
○
○
• TRACEROUTE: indicates the path (hops) until a certain host is reached.
○
○
• TELNET: runs a telnet client.
○
○
○
○
○
○
○
As an example, we can check the status of TCP connections. To do that, we will use the NETSTAT command
○
and the option “-t” (TCP connections), as shown next:
○
○
○
○
EXEC NETSTAT -t <enter>

○
○
○
Output of command:
○
○
○
○
Active Internet connections (w/o servers)

○
○
Proto Recv-Q Send-Q Local Address Foreign Address State

○
tcp 0 0 192.168.1.99:telnet 192.168.1.107:42053 ESTABLISHED

○
○
○
○
To check the connectivity of a link:

○
○
○
EXEC PING 192.168.1.247 -c 4 <enter>

○
○
○
○
○
○
○
○
○
47
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
To check the connectivity of a link:
64 bytes from 192.168.1.247: icmp_seq=3 ttl=64 time=0.805 ms

64 bytes from 192.168.1.247: icmp_seq=4 ttl=64 time=0.789 ms
--- 192.168.1.247 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3034 ms
rtt min/avg/max/mdev = 0.789/1.171/2.272/0.636 ms
Check packets being transmitted by the equipment:

EXEC TCPDUMP <enter>
Output of command:
Nov 6 06:45:05 NR2G-3200 kernel: eth0: Promiscuous mode enabled.
Nov 6 06:45:05 NR2G-3200 kernel: device eth0 entered Promiscuous mode tcpdump:
listening on eth0
06:45:05.828775 10.10.10.71.netbios-dgm > 10.10.10.255.netbios-dgm: NBT UDP PACKET
(138)
06:45:05.861125 10.10.10.71.netbios-dgm > 10.10.10.255.netbios-dgm: NBT UDP PACKET
(138)
06:45:06.294381 802.1d config 8000.00:01:00:f1:ea:48.8001 root 8000.00:01:00:f1:ea:48
pathcost 0 age 0 max 20
hello 2 fdelay 15
hello 2 fdelay 15
hello 2 fdelay 15
hello 2 fdelay 15
hello 2 fdelay 15
7 packets received by filter

0 packets dropped by kernel
Nov 6 06:45:14 DT2048 SHDSL/R-3200 kernel: device eth0 left promiscuos mode
As previously shown, the CONFIG action allows saving and reading the configuration, as well as exporting and
importing it. These options are represented by the following commands:
CONFIG <enter>
Output of command:
INPUT
EXTERN
LOAD
SAVE
PURGE
EXTERN: allows importing and exporting the configuration from/to an ftp server.
LOAD: reads the last configuration saved.
SAVE: saves the current configuration.
PURGE: clears the configuration.
IMPORTANT!
By the end of a configuration, the command CONFIG SAVE must be executed for the
configurations to be saved.
48
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
CHANGING USERNAME AND PASSWORD
○
○
○
○
DT2048 SHDSL/R is previously configured as the default user. There are some system users and it is possible
○
to add several other users. The following access levels are available.
○
○
○
OPERATOR Reads information on the equipment (SHOW command ).
○
○
MODERATOR Creates and modifies user permissions.
○
○
ADMINISTRATOR Manages the system. Allowed to perform any operation.
○
○
○
○
When using the SHOW SYSTEM ALL command, there are four users, two of whom are reserved (user2 and
○
○
user3):
○
○
○
○
USER0: ROOT user. Not accessed via Telnet and SSH, only via Console. Used by Digitel’s qualified personnel
○
○
for debugging only.
○
○
Applying to: USER0
○
TYPE ADMINISTRATOR
○
○
LOGIN root
○
○
○
USER1: Major user for system configuration.
○
○
Applying to: USER1
○
○
TYPE ADMINISTRATOR
○
LOGIN nr2g
○
○
○
To change username nr2g, do the following:
○
○
○
SET SYSTEM USER1 <enter>
○
Applying to: USER1
○
○
Valid SET options are:
○
TYPE Type of permission
○
○
LOGIN Username
○
PASS Password
○
○
PURGE Clears USER1 configurations
○
SET SYSTEM USER1 TYPE ADMINISTRATOR LOGIN username PASS password
○
○
○
○
To create a new user, type SET SYSTEM <enter>. Note that value x (USERx) will be incremented. Use the
○
last user to configure a new account:
SET SYSTEM USER4 TYPE OPERATOR LOGIN operator PASS operator 2003. ○
○
○
○
○
○
○
CHANGING THE HOSTNAME

○
○
○
In a large network topology, it is sometimes hard to locate a certain device. The easiest way to locate the
○
○
desired equipment in a network is by using a hostname. The configuration is as follows:

○
○
○
○
SET SYSTEM HOSTNAME digitel

○
digitel >
○
○
○
The name of the router was changed to “digitel”.

○
○
○
○
○
○
○
○
○
○
○
○
○
49
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
EXPORTING AND IMPORTING CONFIGURATION FILES
DT2048 SHDSL/R routers allow exporting or importing the configurations available in the equipment. This is
done using the FTP (File Transfer Protocol). The configuration parameters are described below:
CONFIG EXTERN <enter>

SERVER Configures the FTP server IP address
USER Configures the user defined by the FTP server
PASS Configures the FTP user password
REMOTEFILE Name of the file to be imported or exported
IMPORT Imports a configuration
EXPORT Exports a configuration
SHOW Shows EXTERN configurations
PURGE Clears EXTERN configurations
To export a configuration, use:
CONFIG EXTERN SERVER 10.10.10.63 USER digitel PASS digitel REMOTEFILE

config.dat EXPORT
To import a configuration, use:
CONFIG EXTERN SERVER 10.10.10.63 USER digitel PASS digitel REMOTEFILE

config.dat IMPORT
SOFTWARE UPDATE
DT2048 SHDSL/R can be updated either via TFTP or FTP. Next, we describe these two update options, and
further ahead, we also describe the BootLoader update, in case it is recommended by Digitel.
To obtain the software version and operational system file or boot, follow the steps below:
1. Access the Digitel’s FTP server //ftp.digitel.com.br/Produtos /ROTEADORES.
2. Next step, access the folder corresponding to the model and hardware version of the Router modem to be
used.
3. The model ad hardware version of the equipment (identified by the number 800.XXXX.XX-X, Digitel code)
can be verified on the router’s label, which is on the bottom of the router. See the tables that indetify the hardware
version of your equipment.
• The following hardware options are available for the models in the DT2048 SHDSL/R series:
800.1173.00-1 DT2048 SHDSL/R/2W/S
800.1190.00-3 DT2048 SHDSL/R/2W/E
800.1172.00-5 DT2048 SHDSL/R/4W/S
800.1189.00-5 DT2048 SHDSL/R/4W/E
50
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
Download the correct file, considering the model and hardware used, where:
○
○
• the DWN extension indicates operating system file for local update via TFTP;
○
○
○
• the IMx extension (x ranging from 0 to 5) indicates files of a single version of the operating system
○
software for remote update via FTP;
○
○
○
• the BOOT extension indicates the BootLoader file for local update via TFTP (this file should only be updated
○
when indicated by Digitel).
○
○
○
Operating system update
○
○
○
○
To update the operating system version, it is necessary to have a TFTP or FTP server installed in a host that can
○
be accessed by the router, containing the file that should be downloaded from the same directory of the (DWN for
○
○
TFTP and IMx for FTP).
○
○
At the Console used to access the DT2048 SHDSL/R that is going to be updated, which can be a PC with a
○
Windows hyperterminal (refer to configuration for Console port connection in the Installation and Initial Configuration
○
○
section), type the following command:
○
○
○
○
SET SYSTEM UPDATE <enter>
○
Valid SET options for UPDATE are:
○
○
TYPE Type of update (FTP/TFTP)
○
FILE Name of the update file (FTP - *.imx | TFTP - *.dwn)
○
TFTP and/or FTP server IP address
○
SERVER
○
USER* In case of update via FTP, type username
○
In case of update via FTP, type password
○
PASS*
○
EXECUTE Starts router update
○
○
*Only when TYPE=FTP
○
○
○
○
Local update via TFTP
○
○
○
The command for the update via TFTP is:
○
○
SET SYSTEM UPDATE TYPE TFTP FILE 66101R0.dwn SERVER 10.10.10.63 EXECUTE
○
○
○
In this example, 66101R0.dwn is the update file.
○
○
○
○
○
○
IMPORTANT!
○
Update via TFTP should be used only for local load via LAN.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
51
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Local or remote update via FTP
The FTP can be used for local update of the operating system via LAN, or for remote update via the WAN port.
The command for the update via FTP is:
SET SYSTEM UPDATE TYPE FTP FILE 66101R0 SERVER 10.10.10.7 USER ftpuser PASS
digitel EXECUTE
In this example, 66101R0 is the version that should be updated. Update via FTP allows the use of another file
type, the IMx, where x indicates the sequential number of the file. The following files should be available in the FTP
server directory:
66101R0.im0
66101R0.im1
66101R0.im2
66101R0.im3
BOOTLOADER and SOFTWARE update
In special cases, Digitel provides the BOOT file to be updated in DT2048 SHDSL/R. The update is made using
the "DT2048 SHDSL/R" prompt of the router.
Follow these steps:
1. Reboot the equipment.
2. With an active Console, which can be a PC with a Windows hyperterminal (Refer to Configuration for
Console port Connection in the Installation and Initial Configuration section), switch DT2048 SHDSL/R on by
pressing the space bar several times.
3. The router will show the maintenance prompt (DT2048 SHDSL/R boot). Type the following commands after
accessing the BOOT file from any host of the local network, using the same directory of the TFTP server:
setip "Router IP address" "Network mask" "Gateway IP"
setserv "TFTP server IP"
upboot "file.boot"
Example:
setip 10.10.10.1 255.255.255.0 10.10.10.2
setserv 10.10.10.2
upboot 66101R0.boot
4. If the boot file update is successful, the following message will be displayed:
DT2048 SHDSL/R boot correctly update!
5. After that, type clear now and press <enter> so that the default values of the new BootLoader
can be used.
6. Type restart now and press <enter> to validate the load of the new BootLoader in DT2048 SHDSL/R.
DT2048 SHDSL/R Maintenance Mode
52
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
Press space bar before 5 seconds.
○
○
8. The router will show the maintenance prompt (DT2048 SHDSL/R boot>) again. Type run clconf and
○
○
press <enter>.
○
○
○
IMPORTANT!
○
○
When updating BootLoader, it is necessary to update the operating system software as well, using
○
the DT2048 SHDSL/R boot prompt, as specified in the subsequent steps.
○
○
○
○
○
○
○
9. For update of the operating system via the maintenance prompt (DT2048 SHDSL/R boot>), transfer the
○
○
DWN file to any host in the local network, to the same directory of the TFTP server, and type the following commands:
○
○
setip "Router IP address" "Network mask" "Gateway IP"
○
setserv "TFTP server IP"
○
○
update "file.dwn"
○
○
○
Example:
○
○
setip 10.10.10.1 255.255.255.0 10.10.10.2
○
setserv 10.10.10.2
○
○
update 66101R0.dwn
○
○
○
10. After that, type run clconf and press <enter>.
○
○
○
○
○
○
○
ADDING IP ADDRESS IN THE ETHERNET INTERFACES
○
○
○
○
SET LAN <enter>
○
LAN0
○
○
LAN1
○
To create new virtual interfaces use:
○
○
<Valid real interface name>:<New virtual interface number>
○
Examples:
○
○
LAN0:1
○
LAN1:1
○
○
LAN1:2
Note that, after adding the SET LAN command and pressing ENTER, it is possible to view the syntax of the ○
○
○
○
command and the information about each interface to be configured.

○
○
The following command will be used to configure the LAN interface.

○
○
○
○
SET LAN LAN0 IP 192.168.1.1 MASK 255.255.255.0 UP

○
○
○
To check whether the information was properly applied, use the SHOW command.
○
○
○
○
SHOW LAN LAN0 <enter>

○
○
Valid options for this command are:

○
IP
○
○
MASK
○
BROADCAST
○
○
STATS
○
ALL
○
○
○
○
○
○
○
53
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
You can view the pieces of information individually, or all at once by using ALL.
SHOW LAN LAN0 ALL

Applying to interface: LAN0
IP 192.168.1.1
MASK 255.255.255.0
BROADCAST 192.168.1.255
INTERFACE: eth0
ADMINSTATUS: UP
PACKETS SENT: 0
PACKETS RECEIVED: 5530
BYTES SENT: 0
BYTES RECEIVED: 544494
TX ERRORS: 0
RX ERRORS: 0
TX DROPPED: 0
RX DROPPED: 0
TX OVERRUN: 0
RX OVERRUN: 0
COLLISION: 0
CRC: 0
LAST TRANSMITED PACKET TIME (s): 3334.62
LINK STATUS: UP
LAST LINK STATUS CHANGE TIME (s): 414.63
CONFIGURING ETHERNET VIRTUAL ADDRESS
The creation of a virtual IP address, that is, a virtual interface, is a very interesting feature of NetRouter 2G
routers. Note that, when typing SET LAN <enter>, the output of command will be:
SET LAN <enter>

LAN0
LAN1
To create new virtual interfaces use:
<Valid real interface name>:<New virtual interface number>
Examples:
LAN0:1
LAN1:1
LAN1:2
To create a virtual interface, use the nomenclature recommended above. A small example of a virtual interface
is shown below:
SET LAN LAN0:1 <enter>

IP <IP address>
MASK <Network mask>
BROADCAST <Broadcast address>
RESETCOUNTERS
UP
DOWN
PURGE
The parameters for creation of the interface are the same ones used for the physical interface. For other
interfaces, just follow a logical sequence of values, as in the example above.
54
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
FRAME RELAY PROTOCOL
○
○
○
Frame Relay is currently the most widely used encapsulation protocol, since its installation and maintenance
○
○
costs are lower. Digitel has two types of specifications for the LMI protocol, ANSI and CCITT, but NONE could also be
○
used.
○
○
The following parameters can be used to configure a Frame Relay link:
○
○
○
SET WAN WAN0 <enter>
○
○
Valid options for command SET are:
○
PROTO {NONE,HDLC,FRAMERELAY,PPPS,PPPA,DIALIN,X25}
○
○
Any other parameters depends on protocol defined to each interface
○
You must specify a protocol
○
○
Note that the protocol to be used should be defined at this point.
○
○
○
○
SET WAN WAN0 PROTO FRAMERELAY
○
○
○
○
○
○
Any other parameters depends on protocol defined to each interface
○
○
Valid SET options for protocol FRAMERELAY:
○
PROTOCOL Configures the protocol (ANSI, CCITT, NONE)
○
○
DCE Configures the mode (DCE/DTE)
○
CLOCK Configures the clock (internal/external)
○
○
SPEED Configures the internal clock speed
○
TXINV Inverts clock
○
○
TRAFFIC-SHAPE Enables traffic shape
○
BANDWIDTH* Configures bandwidth
○
○
T391 Frame Relay Timer
○
T392 Frame Relay Timer
○
○
N391 Frame Relay Timer
○
○
○
○
RESETCOUNTERS Resets statistics counters
○
UP Enables the protocol
○
○
DOWN Disables the protocol
○
PURGE Clears configuratiosn
○
○
PVC0 Sets the configuration of the PVC0 interface
○
*Only when TRAFFIC-SHAPE=TRUE
○
○
SET WAN WAN0 PROTOCOL ANSI
SET WAN WAN0 PVC0 <enter> ○
○
○
Applying to interface: WAN0

○
Valid SET options for PVCs of FRAMERELAY protocol are:

○
○
DLCI Configures the DLCI

○
MTU Configures the MTU

○
○
IP Configures the PVC0 interface IP address

○
MASK Configures the PVC0 interface network mask

○
○
PEER Indicates the remote PVC IP address

○
PEAK Configures the peak traffic

○
○
INVERSE-ARP Configures the inverse arp

○
RESETCOUNTERS Resets counters

○
○
PURGE Clears the PVC0 module configurations

○
SET WAN WAN0 PVC0 DLCI 16 MTU 1500 IP 10.10.10.1 MASK 255.255.255.252
○
○
PEER 10.10.10.2 <enter>

○
SET WAN WAN0 UP

○
○
○
○
○
○
○
○
○
○
55
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
PPP PROTOCOL
The following parameters are available for synchronous PPP configuration:

SET WAN WAN0 PROTO PPPS
Valid SET options for PPP (Synchronous)
DEBUG Enables clearance messages (TRUE / FALSE)
VJ Van Jacobson comprehension (TRUE / FALSE)
PPPDEFROUTE Enables default route for the connection (TRUE / FALSE)
MRU Configures MRU
MTU Configures MTU
AUTH** Defines the authentication type
USER** User for authentication
PASS** Password for authentication
CHAP** CHAP configuration case, configures CHAP
PAP** PAP configuration case, configures PAP
IPCP IPCP Configuration (Local and Remote)
LCP LCP parameters configuration
HOLDOFF Break between reconnection trials
SPEED* Connection velocity
TXINV Reverses clock board (TRUE / FALSE)
RESETCOUNTERS Cleans the statistics counters of the interface
UP Puts up the interface
DOWN Takes down the interface
PURGE Cleans up the WANX module configurations
*Only when CLOCK=INTERNAL
*Only when AUTH is CHAP or RAP
To exemplify the synchronous PPP configuration, there is the following example:

SET WAN WAN0 IPCP LOCALIP ENABLED TRUE ADDRESS <IP WAN CLIENTE> MASK
<MARCARÁ WAN>
SET WAN WAN0 IPCP REMOTEIP ENABLED TRUE ADDRESS <IP WAN OPERADORA>
SET WAN WAN0 PPPDEFROUTE TRUE
SET WAN WAN0 UP
To check whether the protocol is active, type the following command:
SHOW WAN WAN0 PVC0 STATS

Applying to PVC: PVC0
INTERFACE: pvc0
ADMINSTATUS: UP
PACKETS SENT: 0
PACKETS RECEIVED: 0
BYTES SENT: 0
BYTES RECEIVED: 0
TX ERRORS: 0
RX ERRORS: 0
TX DROPPED: 0
RX DROPPED: 0
TX OVERRUN: 0
RX OVERRUN: 0
CRC ERRORS: 0
COLLISION: 0
LAST TRANSMITED PACKET TIME (s): 0.00
56
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
LINK STATUS: DOWN
○
○
LAST LINK STATUS CHANGE TIME (s): 0.00
○
○
CHANNEL STATUS
○
○
FECN IN: 0
○
FECN OUT: 0
○
BECN IN: 0
○
○
BECN OUT: 0
○
DE IN: 0
○
○
DE OUT: 0
○
○
Note that the link status should remain UP while the link is active.
○
○
○
○
HDLC PROTOCOL
○
○
○
The following parameters are available for HDLC configuration:
○
○
SET WAN WAN PROTO HDLC
○
○
SET WAN WAN <enter>
○
○
○
○
Any other parameters depend on protocol defined to each interface
○
○
Valid options for HDLC:
○
IP Configures the WAN IP address
○
○
MASK Configures the WAN network mask
○
PEER Indicates the remote WAN IP address
○
○
MTU Configures the MTU
○
INTERVAL Keep alive interval
○
○
TIMEOUT Keep alive timeout
○
CLOCK Configures the clock (internal/external)
○
○
SPEED* Configures the internal clock speed
○
TXINV Inverts the clock
○
○
RESETCOUNTERS Resets the statistics counters
○
UP Enables the interface
○
○
DOWN Disables the interface
○
PURGE Clears the WAN0 module configurations
○
○
*Only when CLOCK=INTERNAL
○
SET WAN WAN0 IP 10.10.10.1 MASK 255.255.255.252 PEER 10.10.10.2
○
○
SET WAN WAN0 UP
○
○
○
○
○
○
X25 PROTOCOL
○
○
○
Introduction
○
○
○
X.25 is a protocol for communications in WAN nets, which defines how the connections between devices will
○
○
be stabilized and maintained. It was created to operate with efficiency independently from the system type connected
○
the net. It’s typically used in PSNs (Packet-Switched Networks) of telephony companies. Its usage has decreased -
○
○
because of its unnecessary overhead - in favor of the Frame Relay protocol.

○
○
○
Commands List
○
○
○
Here there’s a list of all the XOT module commands for the DT2048 SHDSL/R. All commands must start with
○
○
the expression SET WAN WANn or SHOW WAN WANn (where it’s appropriated to use them, as the table shows).
○
○
○
○
○
○
○
○
○
○
57
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Command Options Description
SET WAN WAN<number> PROTO X25 Enables interface with X.25 protocol
SET WAN WAN<number> This expression must initiate all
commands below
CLOCK INTERNAL, EXTERNAL Defines if the clock is internally
generated or by an external modem
SPEED 64, 128, 192, 256, Defines the transmission velocity
512, 768, 1024, 1536, / comunication with modem
2048, 3072, 4096,
4915.2
TXINV TRUE, FALSE Indicates if it’s necessary to invert
clock’s polarity
MODE DTE, DCE Defines if the equipment must behave
as a terminal (subscriber side -
DTE) or X.25 circuit terminatornador
(DCE)
HTC <number> Configures the highest transmission
channel
LAPB Configures LAPB level
EXTENDEDMODE TRUE, FALSE If enabled, the extended window size
alterates the maximum boards number
(level 2) for acknowledgment, from
8 to 128
WINDOWSIZE <number>
Frames quantity for acknowledgment
EXTENDED TRUE, FALSE
If enabled, the extended window
size chages the maximum number of
packets (level 3) to
acknowledgment, from 8 to 128
NEGOTIATE (Dis)Enables the negociation of:
WINDOWSIZE TRUE, FALSE - window size
PACKETSIZE TRUE, FALSE - packet size
REVERSECHARGING TRUE, FALSE - collect calls
ROUTES Adds/Erases X.25 Routes
ADD <address X121> Adds a X.25 normal or default route
with way out through the interface.
There’s the possibility of
changing the call’s recipient and/
or originator address (as the
commands below).
ADD <address X121> SUBST_SOURCE <address X121>
ADD <address X121> SUBST_DEST <address X121>
ADD DEFAULT
ADD DEFAULT SUBST_DEST <address X121>
DELETE <address X121> Removes a rote
SVC <number> Configurations of a virtual circuit
PROTOCOL IP, IPX Defines the SVC’s protocol
WINSIZEIN <number> Reception window’s size
WINSIZEOUT <number> Transmission window’s size
PACSIZEIN 16, 32, 64, 128, 256, Reception packet’s maximum size
512, 1024, 2048, 4096
PACSIZEOUT 16, 32, 64, 128, 256, Transmission packet’s maximum size
512, 1024, 2048, 4096
REVCHARG TRUE, FALSE Defines if collect calls will be
accepted
58
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
X121BIND <address X121> Defines X121 local address
○
WAITCONNECTION Remains in listening/stand by mode
○
○
X121TO <address X121> Defines the peer’s X121 address to be
○
called
○
○
IP <address IP> Defines the tunnel’s IP local address
○
○
on the SVC
○
MASK <address IP> Defines the net mask for this address
○
○
PEER <address IP> Defines the IP address of the tunnel’s
○
remote side
○
○
MTU <number> Defines the maximum size of the
○
○
tunnel’s IP packet on the SVC
○
NET <IPX net’s number> Defines the IPX net address
○
○
NODE <IPX node’s address> Defines the IPX node’s address
○
RESETCOUNTERS Reset counters
○
○
COMMENT Inserts a comment
○
○
UP Initiates the interface option
○
DOWN Finishes the interface operation
○
○
PURGE Returns the factory configuration
○
SHOW WAN WAN<number> This expression must initiate all
○
○
commands
○
○
○
The command SHOW has an equivalent to almost every SET commands mentioned above.
○
○
The new commands are mentioned below:
○
○
○
STATS Interface’s actual state
○
○
VC Shows state information of the active
○
○
virtual circuits
○
CONNECTIONS Shows connection information between
○
○
the X.25 peers
○
ALL To show all the information available
○
○
○
○
○
The command’s content may vary according to the configuration and the firmware version used.
○
○
○
○
○
○
○
○
○
Example of X25 configuration between DT2048 SHDSL/R and CISCO routers ○
○
○
DT2048 SHDSL/R configuration:

○
○
○
○
SET WAN WAN0 PROTO X25 CLOCK EXTERNAL TXINV FALSE MODE DTE LAPB EXTENDEDMODE
○
○
FALSE WINDOWSIZE 7
○
○
SET WAN WAN0 EXTENDED FALSE NEGOTIATE WINDOWSIZE FALSE PACKETSIZE FALSE
○
REVERSECHARGING FALSE
○
○
SET WAN WAN0 ROUTES ADD 724691111111

○
○
SET WAN WAN0 SVC0 PROTOCOL IP WINSIZEIN 7 WINSIZEOUT 7 PACSIZEIN 512 PACSIZEOUT
○
512 REVCHARG FALSE X121BIND 724601099069 X121TO 724691111111 IP 172.16.1.1 PEER

○
○
172.16.1.2 MASK 255.255.255.252 MTU 128

○
○
SET WAN WAN0 UP

○
○
○
○
○
○
○
○
○
59
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
CISCO configuration:
Serial0 interface
description Example Configuration CISCO X25
ip address 172.16.1.2 255.255.255.252
encapsulation x25
no ip mroute-cache
x25 address 724691111111
x25 htc 64
x25 win 7
x25 wout 7
x25 ips 512
x25 ops 512
x25 map ip 172.16.1.1 724601099069 broadcast
UNNUMBERED INTERFACE CONFIGURATION
An interface is called UNNUMBERED when it has no IP address directly configured to it.

To configure it, the serial interface and mask addresses must be configured as 0.0.0.0.
Frame Relay
SET WAN WAN0 PVC0 IP 0.0.0.0 MASK 0.0.0.0

IP Address for pvc0 is unnumbered dlci 16
Synchronous PPP
SET LAN LAN0 PURGE

SET WAN WAN0 PURGE
SET WAN WAN0 MTU 1520 MRU 1520 HOLDOFF 15 PPPDEFROUTE FALSE AUTH NONE
SET WAN WAN0 IPCP ENABLED TRUE
SET WAN WAN0 CLOCK INTERNAL SPEED 64 TXINV FALSE UP
central
SET LAN LAN0 PURGE
SET WAN WAN0 PURGE
SET WAN WAN0 MTU 1520 MRU 1520 HOLDOFF 15 PPPDEFROUTE FALSE AUTH NONE
SET WAN WAN0 IPCP ENABLED TRUE
SET WAN WAN0 IPCP LOCALIP ENABLED TRUE ADDRESS 192.168.1.161
MASK 255.255.255.255
SET WAN WAN0 IPCP REMOTEIP ENABLED TRUE ADDRESS 10.99.0.10
SET WAN WAN0 CLOCK INTERNAL SPEED 64 TXINV FALSE UP
HDLC
SET WAN WAN0 IP 0.0.0.0 MASK 0.0.0.0 UP

Ip Address for hdlc0 is unnumbered
60
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
ADDING STATIC ROUTES
○
○
○
A route is configured when we want to reach a certain network. The following parameters are available for the
○
○
configuration of a static route:
○
○
○
SET ROUTES <enter>
○
○
DEFAULT Configures a default route
○
ROUTE0 Configures a numbered route
○
○
PURGE Clears the routes module configurations
○
○
○
To configure a default route, that is, a route that can reach any network (often used to route Internet traffic), use
○
the following commands:
○
○
○
○
SET ROUTES <enter>
○
Valid options for SET are:
○
○
GW1 Configures the IP address for the remote serial interface
○
COST1 Defines a route cost
○
○
GW2 Configures the IP address for the remote serial interface
○
(parameter used to configure two default routes)
○
○
COST2** Defines a route cost (parameter used to configure two default routes)
○
used to configurate two default rotes)
○
○
POLL Configures a timer for the verification of the first default
○
route
○
○
EQUALIZE (Dis)Enables equalization for multipath rotes
○
PURGE Clears DEFAULT module configurations
○
○
○
Example: SET ROUTES DEFAULT GW1 10.10.10.2
○
○
○
To verify if the conditions were applied correctly, use the command SHOW:
○
○
DT2048 SHDSL/Rt>
○
○
SHOW ROUTES <enter>
○
Valid SHOW options are:
○
○
STATS Checks static routes
○
DYNAMIC Checks dynamic routes
○
○
DEFAULT Checks the default route
○
ALL Shows all configurations
○
○
○
SHOW ROUTES ALL
○
○
Destination Gateway Mask Cost Device
○
10.10.10.0 * 255.255.255.252 0 hdlc0 ○
○
10.10.10.0 * 255.255.255.0 0 eth0
○
default 10.10.10.2 0.0.0.0 0 hdlc0

○
○
DEFAULT GW1 10.10.10.2

○
DEFAULT COST1 0
○
○
DEFAULT GW2 PURGE

○
DEFAULT COST2 0
○
○
DEFAULT POLL 6
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
61
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
By using the same configuration, but indicating a specific network to be reached, we have the following:
SET ROUTES ROUTE0 <enter>

Valid options for SET are:
DEVICE Output interface
NET Network to be reached
MASK Network mask
GATEWAY Remote serial interface IP address
COST Route cost
PURGE Clears ROUTE0 module configurations
Exemple: SET ROUTES ROUTE0 DEVICE WAN0 NET 172.16.1.0 MASK 255.255.255.0
GATEWAY 10.10.10.2
Note that, in case of a Frame Relay link, the interface nomenclature would be WAN0-PVC0.
To check whether the configuration was properly applied, use the SHOW command:
Destination Gateway Mask Cost Device

10.10.10.0 * 255.255.255.252 0 hdlc0
172.16.1.0 10.10.10.2 255.255.255.0 0 hdlc0
10.10.10.0 * 255.255.255.0 0 eth0
Applying to route:
DEVICE WAN0
NET 172.16.1.0
MASK 255.255.255.0
GATEWAY 10.10.10.2
COST 0
DEFAULT GW1 PURGE DEFAULT COST1 0
DEFAULT GW2 PURGE DEFAULT COST2 0
DEFAULT POLL 6
62
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
DYNAMIC ROUTING PROTOCOLS
○
○
○
○
Dynamic routing protocols are used to minimize the configuration of routing tables in large backbones.
○
○
In most large corporations, the network topology has to be constantly changed, which involves several
○
modifications to the routing tables. The protocols used for dynamic routing allow this task to be easily and quickly
○
○
performed, by dynamically updating the routing tables of the equipment connected to a certain topology.
○
○
DT2048 SHDSL/R offers the following options for implementation:
○
○
• RIP V1 and V2
○
○
• OSPF
○
○
○
Routing Information Protocol - RIP
○
○
○
○
The RIP is a distance vector routing protocol based on Bellman-Ford algorithm. This protocol regularly sends
○
routing informations to its neighbors, allowing the other network devices to know the topology.
○
○
The RIP configuration parameters are:
○
○
○
○
SET RIP <enter>
○
○
○
DEFAULTMETRIC Changes the default metric value for route redistribution
○
○
VERSION Configures the RIP version (1/2/default)
○
REDIST-STATIC Redistributes static route information
○
○
REDIST-CONNECTED Redistributes the connected routes to an RIP table
○
REDIST-OSPF Redistributes the routes from an OSPF table to an
○
○
RIP table
○
UP Starts the RIP module
○
○
DOWN Quits the RIP module
○
PURGE Clears RIP configurations
○
LAN0 Configures LAN0 to use RIP
○
○
WAN0 Configures WAN0 to use RIP
○
LIST0 Creates an access list for networks in the RIP module
○
○
○
Interfaces will only be enabled when they are activated. The configuration parameters are:
○
○
○
○
SET RIP LAN0 <enter>
○
○
○
○
ENABLED Enables RIP at the current interface (True/False)
○
○
TYPE Informs the type of interface (Active/Passive) ○
○
RECEIVEVERSION Enables the interface to receive a certain RIP version

○
○
SENDVERSION Enables the interface to send a certain RIP version

○
AUTH Enables authentication for RIP (NONE/Simple/MD5)

○
○
IN0 Enables a certain list of input access

○
○
OUT0 Enables a certain list of output access

○
○
○
○
Here is an example of a configuration where LAN and WAN interfaces are enabled:
○
○
SET RIP VERSION 2 REDIST-STATIC TRUE REDIST-CONNECTED TRUE

○
○
SET RIP LAN0 ENABLED TRUE TYPE ACTIVE

○
○
SET RIP WAN0 ENABLED TRUE TYPE ACTIVE

○
○
SET RIP UP
○
○
CONFIG SAVE
○
○
○
○
○
○
○
63
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
The configuration above enables the LAN and WAN interfaces to allow exchange of RIP information between
several routers over the network using version (2). Finally, the SET RIP UP command is used to enable the RIP service.
Open Shortest Path First - OSPF
OSPF is a link status protocol that requests link status advertisements (LSAs) to all routers in the same hierarchical area.
OSPF, a link status routing protocol, is different from RIP, which is a distance vector routing protocol.
OSPF is widely used for Internet backbones and large corporate networks..
The OSPF configuration parameters are:
SET OSPF <enter>

ROUTERID Configures the ROUTERID
NOROUTERID Disables the ROUTERID
RFC1583 Avoids loops in routing
REDIST-CONNECTED Redistributes the connected routes to an OSPF table
REDIST-STATIC Redistributes static route information
REDIST-RIP Redistributes the routes from an RIP table to an OSPF
table
DEBUG Debugs OSPF messages
LOG OSPF message log
UP Enables the OSPF
DOWN Disables the OSPF
PURGE Clears OSPF configurations
LAN0 Activates the LAN0 interface to spread and receiveOSPF
LIST0 Creates an access list for networks in the OSPFmodule
NETWORK0 Specifies the interface to enable OSPF
Here is an example of a configuration where LAN and WAN are enabled:
DT2048 SHDSL/R>
SET OSPF NETWORK0 ADDRESS 10.10.10.0 MASK 255.255.255.0 AREA 0.0.0.0
SET OSPF UP
CONFIG SAVE
In the configuration above, we enable the networks configured to LAN and WAN interfaces. Note that there
was a third network, whose remote WAN (listen)interface address had a 32-bit mask. This is due to the fact that the
interface is point-to-point, which requires the inclusion of this route so that the neighbors can share their routes among
themselves. . Finally, the SET OSPF UP command is used to enable the OSPF service.
The following parameters are used to improve the interfaces:
SET OSPF WAN0 <enter>

PASS Creates a simple password for authentication of OSPF
packets
NOPASS Removes the authentication password
PRIORITY Configures a whole value to define priority
COST Configures a cost for the current interface
HELLOINTERVAL Configures the number of seconds for HELLOINTERVAL
DEADINTERVAL Configures the number of seconds for DEADINTERVAL
DELAY Configures the number of seconds for DELAY
RETRANSMISSION Configures the number of seconds for RETRANSMISSION
DIGEST0 Configures the OSPF authentication key for an ecrypted
password (algorithm used: MD5)
PURGE Clears INTERFACE (WAN0)configurations
64
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
NETWORK ADDRESS TRANSLATOR - NAT
○
○
○
○
Introduction
○
○
○
DT2048 SHDSL/R routers offer five types of NAT/PAT.
○
○
• MASQUERADE
○
○
• REDIRECT
○
○
○
• NAT 1:1
○
○
• EXCLUSION
○
○
• NATPOOL
○
○
○
○
○
Configuring the NAT MASQUERADE
○
○
○
○
It is quite common to use the MASQUERADE in NAT configuration to allow a network to use an address that is
○
configured to a given interface. A common example is the Internet link, when all PCs on a certain network have to
○
○
access the Internet.
○
○
The following parameters are available:
○
○
SET NAT MASQUERADE0 <enter>
○
○
Applying to: MASQUERADE0
○
○
○
INTERFACE Interface for NAT application
○
ADDRESS Network address
○
○
MASK Network mask
○
PURGE Clears MASQUERADE0 configurations
○
○
SET NAT MASQUERADE0 INTERFACE WAN0 ADDRESS 192.168.1.0 MASK 255.255.255.0
○
SET NAT UP
○
○
○
Note that, in case of a Frame Relay link, the interface nomenclature would be WAN0-PVC0.
○
○
○
○
Configuring the NAT REDIRECT
○
○
○
○
To reroute a certain traffic to an IP address, we may use REDIRECT. REDIRECT is based on a source IP address,
○
an interface and a TCP port that is specific to a type of service.
The following parameters are available: ○
○
○
○
SET NAT REDIRECT0 <enter>

○
○
Applying to: REDIRECT0

○

○
○
FROMINTERFACE Source interface

○
FROMADDRESS Source interface IP address

○
○
FROMPORT Source TCP port

○
TOADDRESS Destination address

○
○
TOPORT Destination TCP port

○
PURGE Clears REDIRECT0 configurations

○
○
○
○
In the following example, when the router receives a telnet request at 200.238.60.1, it is configured to redirect
○
the traffic to 192.168.1.1.

○
○
SET NAT REDIRECT0 FROMINTERFACE WAN0 FROMADDRESS 200.238.60.1 FROMPORT

○
○
23 TOADDRESS 192.168.1.1 TOPORT 23

○
SET NAT UP
○
○
○
○
○
○
○
65
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Configuring NAT 1:1
To turn a source IP address into a destination IP address, we use NAT 1:1.

The following parameters are available:
SET NAT NAT0 <enter>
Applying to: NAT0
FROMADDRESS Source address
FROMMASK Source mask
TOADDRESS Destination address
TOMASK Destination mask
PURGE Clears NAT0 configurations
SET NAT NAT0 FROMMASK 255.255.255.255 FROMADDRESS 192.168.1.1 TOMASK
255.255.255.255 TOADDRESS 200.238.60.1
SET NAT UP
SHOW LAN LAN0 IP
Applying to interface: LAN
IP 192.168.1.1
EXEC TCPDUMP -i eth0 &
EXEC PING 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
22:38:53.598309 200.238.60.1 > 192.168.1.2: icmp: echo request (DF)
SET NAT NAT0 FROMMASK 255.255.255.255 FROMADDRESS 192.168.1.1 TOMASK
255.255.255.255 TOADDRESS 200.238.60.1
SET NAT UP
SHOW LAN LAN0 IP
Applying to interface: LAN
IP 192.168.1.1
EXEC TCPDUMP -i eth0 &
EXEC PING 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
Note that, when the TCPDUMP command (interface debugging) is run at the LAN0 interface, the address in
charge of the ICMP request is 200.238.60.1, and the IP configured at the interface is 192.168.1.1. As observed, the
LAN IP address is being changed.
Configuring the NAT EXCLUSION
An interesting NAT/PAT feature is that it allows the exclusion of a given host, or even of a group of IP addresses
within the range of addresses that use a masquerade. In this case, we use EXCLUSION.
The following example shows two rules: the first one indicates which range of IP addresses will be used by
MASQUERADE; the second one excludes a given IP address.
SET NAT MASQUERADE0 INTERFACE WAN0-PVC0 MASK 255.255.255.0 ADDRESS 192.168.1.0

SET NAT EXCLUSION0 MASK 255.255.255.255 ADDRESS 192.168.1.120
SET NAT UP
Operation starts when the router receives the request. The NAT rules identify the origin of the packet. When the
router perceives that the source address is 192.168.1.120/32, it routes the packet using the source address,
disregarding the NAT MASQUERADE rules.
66
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
Configuring the NATPOOL
○
○
○
○
NATPOOL transfers the IP range to a predefined pool of IP addresses. This allocation is dynamic. In the
○
following example, network 192.168.1.0/24 will have its pool 200.239.60.1-200.239.60.5 changed.
○
○
○
SET NAT NATPOOL0 TOINTERFACE WAN0-PVC0 FROMMASK 255.255.255.0 FROMADDRESS
○
192.168.1.0 ADDRESS0 200.239.60.1 ADDRESS1 200.239.60.5
○
○
SET NAT UP
○
○
○
○
○
○
ENABLING THE SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)
○
○
○
SNMP is a protocol used to manage several network devices, sending messages to an NMS (Network
○
○
Management Station). NMS is the device where all messages (TRAPS) are stored.
○
○
The following configuration parameters are available:
○
○
SET SNMP <enter>
○
○
Valid SET options for SNMP are:
○
UP Establishes the SNMP service
○
○
DOWN Quits the SNMP service
○
PURGE Clears SNMP configurations
○
○
LOCATION Configures the device location
○
CONTACT Configures the contact
○
○
TRAPAUTHFAILURE Enables/disables the transmission of TRAPS
○
TRAP0 Configures the NMS address
○
○
ROCOMMUNITY0 Read community string
○
RWCOMMUNITY0 Read/write community string
○
○
○
SET SNMP LOCATION digitel CONTACT Suporte TRAPAUTHFAILURE TRUE
○
○
SET SNMP ROCOMMUNITY0 <enter>
○
○
NAME Name of the read community string
○
○
PURGE Clears RWCOMMUNITY0 configurations
○
MANAGER0 Configures the NMS IP address
○
○
SET SNMP ROCOMMUNITY0 NAME public MANAGER0 ADDRESS 192.168.1.2
○
○
○
SET SNMP RWCOMMUNITY0 <enter>
○
○
○
NAME Name of the read/write community string
PURGE Clears RWCOMMUNITY0 configurations ○
○
○
MANAGER0 Configures the NMS IP address

○
SET SNMP RWCOMMUNITY0 NAME private MANAGER0 ADDRESS 192.168.1.2

○
○
SET SNMP TRAP0 <enter>

○

○
○
ADDRESS NMS address

○
PURGE Clears TRAP0 configurations

○
○
SET SNMP TRAP0 ADDRESS 192.168.1.1

○
SET SNMP UP
○
○
○
○
IP TUNNELING
○
○
○
This item describes IP Tunneling technologies for DT2048 SHDSL/R models. The following protocols are
○
○
supported:
○
○
GRE (Generic Routing Encapsulation)

○
○
PPTP (Point to Point Tunneling Protocol)

○
L2TP (Layer 2 Tunneling Protocol)

○
○
○
○
○
67
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Generic Routing Encapsulation - GRE
The GRE protocol is used to create tunnels between subnetworks. This is the simplest tunnel implementation
between routers, without any security features or data encryption.
The following GRE configuration parameters are available:
SET GRE <enter>
Valid SET options for GRE are:
UP Enables GRE tunnel
DOWN Disables GRE tunnel
PURGE Clears GRE module configurations
GRE1 Tunnel configuration
SET GRE GRE1 <enter>
INTERFACE Tunnel source interface
REMOTE Remote tunnel valid IP address
TUNNELLOCAL Local IP address for the tunnel
TUNNELREMOTE Remote IP address for the tunnel
UP Enables tunnel
DOWN Disables tunnel
PURGE Clears tunnel module configurations
ATTENTION!
In TUNNELLOCAL and TUNNELREMOTE configurations, the IP addresses should be defined at the
time of configuration. This address will be used to connect both networks.
To clarify all this information, we give an example of GRE configuration for the connection of two subnetworks.
In this example, the topology consists of two networks that will be connected with each other using a GRE tunnel. The
network address on side A (LOCAL) is 192.168.10.0, with 172.16.1.1/30 as the serial interface address . On side B
(REMOTE), the network address is 192.168.11.0/24, with 172.16.1.2/30 as the serial interface address. The
configurations are shown below:
LOCAL:

SET WAN WAN0 PROTO FRAMERELAY PROTOCOL ANSI
SET WAN WAN0 PVC0 DLCI 16 IP 172.16.1.1 MASK 255.255.255.252 PEER 172.16.1.2
SET WAN WAN0 UP
SET GRE GRE1 INTERFACE WAN0-PVC0 REMOTE 172.16.1.2 TUNNELLOCAL 7.7.7.7
TUNNELREMOTE 7.7.7.6 UP
GRE1 interface configuration. Note that addresses 7.7.7.7 and 7.7.7.6 are added for local and remote
configurations, respectively, as fictitious addresses, only for the sake of tunnel identification.
SET ROUTES ROUTE0 DEVICE GRE1 NET 192.168.11.0 MASK 255.255.255.0 GATEWAY
7.7.7.6
It is necessary to create a route for the specific network using the GRE1 interface.
REMOTE:

SET WAN WAN0 PVC0 DLCI 16 MTU 1500 IP 172.16.1.2 MASK 255.255.255.252 PEER
172.16.1.1
SET WAN WAN0 UP
SET GRE GRE1 INTERFACE WAN0-PVC0 REMOTE 172.16.1.1 TUNNELLOCAL 7.7.7.6
TUNNELREMOTE 7.7.7.7 UP
SET ROUTES ROUTE0 DEVICE GRE1 NET 192.168.10.0 MASK 255.255.255.0 GATEWAY
7.7.7.7
In remote configuration, we only have the inversion of IP addresses.

To create the other tunnels, just indicate the next one (GRE1, GRE2, GRE3) and so on and so forth.
68
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
Point-to-Point Tunneling Protocol - PPTP
○
○
○
○
PPTP stems from PPP, widely used for the connection between virtual private networks (VPNs). PPTP traditionally
○
encapsulates PPP packets into GRE packets. In addition to the IP, it also tunnels protocols such as the IPX.
○
○
For security reasons, PPTP uses some data encryption by using CHAP and PAP algorithms. It also uses MPPE
○
○
(Microsoft Point-To-Point Encryption Protocol) for data encryption in PPTP tunnels. Originally, MPPE supports session
○
keys between 40 and 128 bits.
○
○
○
○
○
The following parameters are necessary for configuration:
○
○
○
○
SET PPTP <enter>
○
○
○
○
SERVER Defines PPTP server configurations
○
PURGE Clears PPTP module configurations
○
○
CHAP0 Configures CHAP authentication
○
CLIENT0 Defines PPTP client configurations
○
○
○
○
Two modes are used for PPTP configuration: client and server.
○
○
○
SET PPTP SERVER <enter>
○
○
Applying to: SERVER
○
Valid SET options for SERVER are:
○
○
○
LISTEN Tunnel source interface
○
○
UP Enables server
○
DOWN Disables server
○
○
PURGE Clears SERVER module configurations
○
LOCALIP0 Configures IP addresses for local tunnel
○
○
REMOTEIP0 Configures IP addresses for remote tunnel
○
SET PPTP CLIENT0 <enter>
○
○
Applying to: CLIENT0
○
○
○
○
DOMAIN Configures authentication in a CHAP domain
○
○
SERVER Configures valid IP address for remote tunnel
○
UP Establishes connection with PPTP server
○
○
DOWN Quits connection with PPTP server
○
PURGE Clears CLIENT0 module configurations ○
○
○
○
The following parameters are necessary for CHAP configuration:

○
○
○
○
SET PPTP CHAP0 <enter>

○
Applying to domain: CHAP0

○
○

○
○
○
DOMAIN CHAP domain name (also used for user authentication)

○
USER Username for authentication

○
○
PASS User password

○
PURGE Clears CHAP0 configurations

○
○
○
Next, we give an example of configuration using the PPTP in a point-to-point application over a Frame Relay link.
○
○
○
○
○
○
○
○
○
69
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
SERVER:
SET WAN WAN0 PVC0 DLCI 16 MTU 1500 IP 172.16.1.1 MASK 255.255.255.252 PEER 172.16.1.2
SET WAN WAN0 UP
SET PPTP SERVER LISTEN WAN0-PVC0
SET PPTP SERVER LOCALIP0 BEGIN 10.10.50.1 END 10.10.50.50
SET PPTP SERVER REMOTEIP0 BEGIN 10.10.200.1 END 10.10.200.50
SET PPTP CHAP0 DOMAIN digitel
SET PPTP CHAP0 USER digitel
SET PPTP CHAP0 PASS digitel
SET PPTP SERVER UP
CLIENT:
SET WAN WAN0 UP
SET PPTP CHAP0 DOMAIN digitel
SET PPTP CHAP0 USER digitel
SET PPTP CHAP0 PASS digitel
SET PPTP CLIENT0 DOMAIN CHAP0
SET PPTP CLIENT0 SERVER 172.16.1.1 UP
L2TP (Layer 2 Transport Protocol)

L2TP is also used for the tunneling of IP networks. Like PPTP, it also stems from PPP, but the difference is that it
can be implemented over a large number of protocols.
Since it does not use encryption, L2TP is combined with other protocols that provide secure authentication,
usually with IPSec.
L2TP is based on PPTP and L2F.
L2TP includes LNS and LAC, which correspond to the beginning and end of the tunnel, respectively. The
following parameters are necessary:
SET L2TP <enter>
Valid SET options for L2TP are:
LNS L2TP Network Server
AUTH Configures authentication method (CHAP/PAP/NONE)
UP Enables L2TP tunnel
DOWN Disables L2TP tunnel
LAC0 L2TP Access Concentrator
USER0 Configures a user to authenticate the tunnel
SET L2TP <enter> Valid SET options for LNS are:
LOCALIP0 Configures IP addresses for local tunnel
UP Starts LNS
IPPOOL0 Defines IP address pool for the clients utilization
LACRANGE0 Identifies the IDs allowed for connection
SET L2TP LAC0<enter> Valid SET options are:
ID Connection ID
LNS IP address of the remote LNS
REDIAL Enables redial (true-false)
70
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
Next, we give na example of configuration using L2TP in a point-to-point application over a Frame Relay link.
○
○
LNS:
○
○
○
○
○
○
○
○
SET WAN WAN0 UP
○
SET L2TP AUTH PAP
○
○
SET L2TP USER0 USERNAME digitel
○
SET L2TP USER0 PASSWORD digitel
○
○
SET L2TP LNS LOCALIP 100.100.100.1
○
SET L2TP LNS IPPOOL0 BEGIN 100.100.100.2 END 100.100.100.254
○
○
SET L2TP LNS UP
○
SET L2TP UP
○
○
LAC:
○
○
○
○
○
○
○
SET WAN WAN0 UP
○
SET L2TP AUTH PAP
○
○
SET L2TP USER0 USERNAME digitel
○
SET L2TP USER0 PASSWORD digitel
○
○
SET L2TP LAC0 ID 1 LNS 172.16.1.1 REDIAL TRUE
○
SET L2TP UP
○
○
○
○
IPSec also allows for IP Tunneling. It is described in detail in the subsequent item.
○
○
○
○
IPSEC - SECURE IP OVER THE INTERNET
○
○
○
Introduction
○
○
○
○
IPSec is an Internet security protocol initially developed for Ipv6 and modified for Ipv4 implementation.
○
Provision of end-to-end security of packet traffic, using encryption, is its major feature.
○
○
○
One of the most widely known IPSec implementations, FreeS/WAN, which belongs to the Linux kernel, is also
○
used in DT2048 SHDSL/R. IPSec differs from other VPN protocols because it operates at layer 3 of the OSI model, thus
○
○
being able to provide security to any Internet protocol (TCP, UDP, ICMP, etc).
○
○
IPSec also implements several security features, such as authentication, data integrity, confidentiality and
○
several other security capabilities.

○
○
○
○
○
○
IPSec protocols
○
○
○
These are some of the protocols used by IPSec for information exchange:
○
○
• AH (Authentication Header)
○
○
• ESP (Encapsulation Security Payload)

○
○
• ISAKMP (Internet Security Association Key Management Protocol)

○
○
• IKE (Internet Key Exchange)

○
○
○
○
○
○
○
○
○
○
○
71
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
AH is intended to guarantee connectionless integrity and data origin authentication. ESP also includes some
features offered by AH, but it also provides confidentiality and limited protection against traffic flow analysis. ISAKMP
framework is used as the basis for key encryption for both AH and ESP by the IKE protocol. The IKE protocol is used
for authentication, negotiation and key exchange.
It is important to define the type of operation to be used for AH and ESP tunnels. In tunnel mode, all packets are
encapsulated, and a new IP header is created; however, the quality of service of the original packet is preserved.
The IPSec configuration parameters are:
SET IPSEC <enter>
Valid SET options for IPSEC are:
FRAGICMP Informs the necessity for packet fragmentation
NOEROUTEPASS Action valid for packets arriving at KLIPS (Kernel Level
IP Security)
HIDETOS Copies value from the TOS field and applies it to the IPSec
packet
UNIQUEIDS Replaces all IDs of old connections by a new ID
DOWN Disable an IPSec tunnel
PURGE Clears IPSEC configurations
CHANNEL0 Configures an IPSEC channel
IPSEC0 Selects the IPSec interface
*IPSECx are only available when TYPE = INTERFACE
SET IPSEC CHANNEL0 <enter>

NAME Defines channel name
LEFT Configures the network on the local side
RIGHT Configures the network on the remote side
KEY Configures key exchange
PURGE Clears CHANNEL0 configurations
SET IPSEC IPSEC0 <enter>
INTERFACE Enables tunnel source interface
PURGE Clears IPSEC0 configurations
SET IPSEC CHANNEL0 LEFT <enter>

Applying to: CHANNEL0
Valid SET options for LEFT are:
ADDRESSTYPE [INTERFACE****]
ADDRESS* IP address of the origin interface
SUBNET Enables subnet configuration
NET** Net address
MASK** Mask address
USEGATEWAY Enables gateway utilization
GATEWAY*** Configures gateway
SOURCEIP IP address to use during transmission
*Only when ADDRESSTYPE=USER

**Only when SUBNET=TRUE
***Only when USEGATEWAY=TRUE
****Only when setting ADDRESSTYPE to BINDED
72
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
Here is the configuration of the same parameters for the RIGHT configuration.
○
○
SET IPSEC CHANNEL0 RIGHT
○
○
Valid SET options for RIGHT are:
○
○
ADDRESSTYPE [INTERFACE****]
○
ADDRESS* Source interface IP address*
○
○
SUBNET Enables subnetwork configuration
○
NET** Network address
○
○
MASK** Mask address
○
USEGATEWAY Enables gateway use
○
○
ID Defines an identification string
○
GATEWAY*** Configures the gateway
○
○
○
*Only when ADDRESSTYPE=USER
○
**Only when SUBNET=TRUE
○
○
***Only when USEGATEWAY=TRUE
○
○
○
○
○
SET IPSEC CHANNEL0 KEY
○
○
○
Valid SET options for KEY are:
○
AUTH Type of authentication (ESP/AH)
○
○
AUTHBY Authentication method (SECRET/RSA)
○
PASS* Password (SECRET)
○
○
BITS** Number of BITS for the key (RSA)
○
PEERPUBLICKEY** Remote public key
○
○
GENERATEKEY** Public key generation
○
NEGRESTART Restarts timers(TIME/MARGIN)
○
○
LOCALSIDE** Defines left or right side for the tunnel
○
KEYLIFE Key lifetime
○
○
ISAKMP Validity of authenticated channel
○
RETRIES Number of authentication attempts
○
PERFECTFORWARD Enables or disables the PFS protocol
○
○
*Only when AUTHBY=SECRET
○
**Only when AUTHBY=RSA
○
○
○
Example of configuration between DT2048 SHDSL/Rs using a 512-bit RSA authentication key
○
○
○
○
ROUTER A:
○
○
○
SET LAN LAN0 PURGE ○

○
○
SET WAN WAN0 PROTO FRAMERELAY PROTOCOL ANSI DCE TRUE

○
○
○
SET WAN WAN0 UP

○
SET SYSTEM HOSTNAME routerA

○
○
SET IPSEC PURGE

○
SET IPSEC IPSEC0 INTERFACE WAN0-PVC0

○
○
SET IPSEC CHANNEL0 NAME canal LEFT ADDRESSTYPE BINDED IPSEC0 SUBNET TRUE NET
○
192.168.10.0 MASK 255.255.255.0

○
○
SET IPSEC CHANNEL0 RIGHT ADDRESSTYPE USER ADDRESS 172.16.1.2 SUBNET TRUE NET
○
192.168.11.0 MASK 255.255.255.0

○
○
SET IPSEC CHANNEL0 KEY AUTH ESP AUTHBY RSA

○
SET IPSEC CHANNEL0 KEY BITS 512

○
○
○
○
○
○
○
○
○
○
○
73
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
SET IPSEC CHANNEL0 KEY PERFECTFORWARD TRUE

SET IPSEC CHANNEL0 KEY GENERATEKEY
SET IPSEC CHANNEL0 KEY PEERPUBLICKEY
0:>0sAQN37vkUyKVgSx9foqZ95JcPlzZR6ua7+eVl50IqFDCIacNfwQIJFJzSqMhTb86RgWIyABcSp
4VXqpbD4wH0Kmcx
| Copy and paste the password created by the remote equipment.|
1:> Press <CTRL-D> to quit password editing.
ROUTER B:
SET LAN LAN0 PURGE

SET WAN WAN0 UP
SET SYSTEM HOSTNAME routerB
SET IPSEC PURGE
SET IPSEC IPSEC0 INTERFACE WAN0-PVC0
192.168.11.0 MASK 255.255.255.0
SET IPSEC CHANNEL0 RIGHT ADDRESSTYPE USER ADDRESS 172.16.1.1 SUBNET TRUE NET
192.168.10.0 MASK 255.255.255.0
SET IPSEC CHANNEL0 KEY AUTH ESP AUTHBY RSA
SET IPSEC CHANNEL0 KEY BITS 512
SET IPSEC CHANNEL0 KEY PERFECTFORWARD TRUE
SET IPSEC CHANNEL0 KEY LOCALPUBLICKEY GENERATEKEY
SET IPSEC CHANNEL0 KEY PEERPUBLICKEY
0:>0sAQOH8fKU8M+eAniJmdlZhV8OihNXg9ItG7Tc8JoidlhXWMv8TmC9DZsCqX6BwS2ywevYh0xLoL
dsHFtcmKpvJWFP
| Copy and paste the password created by the remote equipment.|
1:> Press <CTRL-D> to quit password editing.
To check the status of IPSec connection in the routers, type SHOW SYSTEM LOG MESSAGES in both pieces
of equipment. Example:
Apr 17 18:13:10 DT2048 SHDSL/Rt ipsec__plutorun: 004 "canal" #1:

STATE_MAIN_I4: ISAKMP
SA established
Apr 17 18:13:10 DT2048 SHDSL/Rt ipsec__plutorun: 004 "canal" #2: STATE_QUICK_I2:
sent QI2, IPsec SA established
Note that two levels (ISAKMP and Ipsec) are indicated as established. This means that the connection has
been correctly established with the remote router.
Example of configuration between DT2048 SHDSL/R and Cisco routers
CISCO CONFIGURATION:
crypto isakmp policy 1

encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key digitel address 200.198.105.45
!
!
crypto ipsec transform-set teste esp-3des esp-md5-hmac
74
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
!
○
○
!
○
crypto map test 1 ipsec-isakmp
○
○
set peer 200.198.105.45
○
set transform-set teste
○
○
set pfs group2
○
match address 101
○
○
!
○
!
○
○
!
○
!
○
○
interface Ethernet0
○
ip address 10.0.3.200 255.255.0.0
○
○
hold-queue 100 out
○
!
○
○
interface Ethernet1
○
ip address 200.218.187.66 255.255.255.252
○
○
crypto map test
○
!
○
○
ip classless
route 0.0.0.0 0.0.0.0 200.218.187.65
○
!
○
○
!
○
access-list 101 permit ip 10.0.0.0 0.0.255.255 192.168.10.0 0.0.0.255
○
○
○
DT2048 SHDSL/R CONFIGURATION:
○
○
○
SET LAN LAN0 PURGE
○
○
○
SET LAN LAN1 PURGE
○
○
○
SET ROUTES DEFAULT GW1 200.198.105.33 COST1 0
○
○
SET IPSEC PURGE
○
SET IPSEC FRAGICMP FALSE NOEROUTEPASS FALSE HIDETOS FALSE UNIQUEIDS FALSE
○
○
SET IPSEC IPSEC0 INTERFACE LAN1
○
○
○
192.168.10.0 MASK 255.255.255.0 USEGATEWAY TRUE GATEWAY 200.198.105.33
○
SET IPSEC CHANNEL0 RIGHT ADDRESSTYPE USER ADDRESS 200.218.187.66 SUBNET TRUE
○
○
NET 10.0.0.0 MASK 255.255.0.0 USEGATEWAY TRUE GATEWAY 200.218.187.65
○
SET IPSEC CHANNEL0 KEY AUTH ESP AUTHBY SECRET PASS digitel
○
○
SET IPSEC CHANNEL0 KEY NEGRESTART TIME 9 MARGIN 100
○
SET IPSEC CHANNEL0 KEY ISAKMP 1H RETRIES 0 PERFECTFORWARD TRUE KEYLIFE 8H ○
SET IPSEC UP
○
○
○
○
○
DHCP (DYNAMIC HOST CONFIGURATION PROTOCOL)

○
○
○
Digitel includes three DHCP features in its routers: DHCP Server, DHCP Relay and IP reservation. DHCP Server
○
○
dynamically allows TCP/IP configuration of hosts in a subnetwork . Each host (PCs, servers, printers, etc.) receives several
○
pieces of information, including IP address, mask, gateway, etc., in a totally dynamic fashion, provided that the host allows
○
○
the use of the DHCP Client feature.

○
○
DHCP Relay allows a subnetwork to obtain information from a remote DHCP server. However, it is necessary to
○
enable the interfaces so that the DHCP server can route the information through the subnetworks. The RESERVATION
○
○
feature allows the allocation of an IP address to a given host using the MAC ADDRESS of its network board.
○
○
The DHCP configuration parameters are:

○
○
○
○
SET DHCP <enter>

○
○
Valid SET options for DHCP are:

○
○
○
○
75
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
TYPE Type (NORMAL/RELAY)

UNKNOWNCLIENTS Address allocation to unknown clients
SHAREDNETWORK Groups subnetworks from the same network
SERVERNAME DHCP server hostname
SUBNET0 Defines common parameters for a given subnetwork
HOST0 Reserves specific configuration for a given host
UP Enables the DHCP service
DOWN Disables the DHCP service
PURGE Clears DHCP configurations
SET DHCP TYPE <enter>
You must provide one of these:
NORMAL Operation in DHCP server mode
RELAY Operation in DHCP Relay mode
Initially, it is necessary to define the type of DHCP operation: NORMAL (server) or RELAY.
DHCP Server
The following parameters are available for DHCP server configuration:
SET DHCP SUBNET0 <enter>

ADDRESS Defines the subnetwork
MASK Defines the mask
RANGEIP Enables IP range
RANGEBEGIN* Defines the beginning of IP range
RANGEEND* Defines the end of IP range
LEASE Defines maximum IP address lease time, even if
a lease time has been requested by the client. Note:
time in seconds.
AUTHORITATIVE Enables the network’s official DHCP as server
DNSDOMAIN Configures a Domain Name for the DHCP server
*Only when RANGEIP=TRUE
DNS0 Configures a DNS address for the hosts
ROUTER0 Configures a gateway address for the hosts
WINS0 Configures a WINS address for the hosts
PURGE Clears SUBNET0 configurations
For clarification of DHCP Server configurations, we present a script with comments:
SET DHCP PURGE

Clears configuration module
SET DHCP TYPE NORMAL
Configures DHCP NORMAL operation
SET DHCP UNKNOWNCLIENTS TRUE SHAREDNETWORK TRUE SERVERNAME Digitel
SET DHCP SUBNET0 ADDRESS 192.168.1.0 MASK 255.255.255.0 RANGEIP TRUE
Specifies subnetwork addresses and enables IP ranges
SET DHCP SUBNET0 RANGEBEGIN 192.168.1.5 RANGEEND 192.168.1.254 LEASE 0
AUTHORITATIVE TRUE
Configures the beginning and end of an IP range
SET DHCP SUBNET0 DNSDOMAIN Digitel.com.br
Configures the Domain Name
SET DHCP SUBNET0 ROUTER0 ADDRESS 192.168.1.1
Configures the network gateway IP
76
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
SET DHCP SUBNET0 DNS0 ADDRESS 192.168.1.2
○
○
Configures the DNS address for the hosts
○
○
○
SET DHCP SUBNET0 WINS0 ADDRESS 192.168.1.3
○
Configures the Wins address for the hosts
○
○
○
SET DHCP UP
○
○
Initiates service of DHCP Server
○
○
○
DHCP Reservation
○
○
○
As previously described, the RESERVATION feature allows allocating specific IP addresses to a given host
○
○
(addresses not in the range of the DHCP Server). This is important when we want to make a distinction between a
○
network device (e.g.: printer server) and other components, thus organizing the addresses in the DHCP Server table.
○
○
○
○
○
SET DHCP HOST0 <enter>
○
○
○
NAME Defines a hostname for a network device
○
MAC Defines the MAC ADDRESS for the Ethernet device
○
○
ADDRESS Defines the IP address that should be reserved
○
DNSDOMAIN Configures a Domain Name for the host
○
○
DNS0 Configures a DNS address for the host
○
ROUTER0 Configures a gateway address for the host
○
○
WINS0 Configures a WINS address for the host
○
PURGE Clears HOST0 configurations
○
○
○
○
For clarification of how the RESERVATION feature works, we present a script with the configurations above:
○
○
○
○
SET DHCP HOST0 MAC 00:00:00:00:00:00 NAME impressora1 ADDRESS 192.168.1.250
○
DNSDOMAIN digitel.com.br
○
○
Replace “00:00:00:00:00” by the MAC address of network board of the device.
○
SET DHCP HOST0 DNS0 ADDRESS 192.168.1.2
○
○
SET DHCP HOST0 ROUTER0 ADDRESS 192.168.1.1
○
SET DHCP HOST0 WINS0 ADDRESS 192.168.1.3
○
○
SET DHCP UP
○
○
○
○
DHCP Relay
○
○
○
○
The configuration parameters are the following:

○
○
○
○
SET DHCP <enter>

○
Valid SET options for DHCP are:

○
○
TYPE Type (NORMAL/RELAY)

○
SERVER Defines the DHCP server IP address

○
○
ALLINTERFACES Enables all interfaces

○
LISTEN0 Selects the interface

○
○
UP Enables the DHCP service

○
DOWN Disables the DHCP service

○
○
PURGE Clears DHCP Relay configurations

○
○
Note that before applying RELAY configurations, it is necessary to first define the operation type as Relay in the
○
○
TYPE parameter.
○
○
○
○
○
○
○
○
77
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
For clarification of RELAY configurations, we present the following script:
SET DHCP PURGE

SET DHCP TYPE RELAY
SET DHCP ALLINTERFACES TRUE
Enables all interfaces, allowing them to be listed
SET DHCP SERVER 10.50.30.1
Remote DHCP server IP address
SET DHCP UP
QUALITY OF SERVICE (QOS)
Traffic control
Traffic control in DT2048 SHDSL/R is based on three key elements: queuing discipline, class and filter. Control
is quite flexible, allowing an array of combinations, due to its recursive architecture. Next, we describe the key
elements.
Class Service Discipline

Filters and
Policing Class Service Discipline
Class Service Discipline
Service Discipline
Queueing discipline is a way to manage data traffic, and may include algorithms (e.g.: HTB, TBF, SFQ), which
actually occurs in most cases. More complex queuing disciplines contain filters and classes. Each discipline has an
identifier, known as handle, and a variable, which indicates where the queuing discipline is installed within a hierarchical
order of classes. This variable is called classid.
Class is a node in the traffic control hierarchy. A class is not responsible for queue management. Therefore, it
requires a queuing discipline, which allows a large number of combinations. Thus, it is possible to establish a
hierarchy where a different queuing discipline is installed in each leaf node. These nodes are responsible for traffic
control.
This flexibility is more frequently noticed when HTB is used, which allows the creation of several classes, unlike
other disciplines such as TBF and SFQ.
Filter is the mechanism whereby a packet is allocated to a class. A filter is required when a packet goes through
the unit (forward) or is generated in the unit (output). Each discipline or class has a list of filters, whose differences are
concerned with the protocol (IP, ICMP, etc.) they apply to and also with their priority. The classification system of
Digitel’s equipment uses all the power of packet selection implemented by the firewall mechanism. As occurs with
queuing disciplines, filters also have a handle and classid, with the same meanings.
78
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
Service disciplines
○
○
○
○
HTB (Hierarchy Token Bucket)
○
○
HTB is an intuitive, quick and flexible discipline, usually outperforming the CBQ features. HTB is also based on
○
○
classes, which can be subdivided into subclasses, forming a hierarchy of classes.
○
○
○
○
○
○
○
Main
○
○
Link
○
○
○
○
○
○
○
○
B
○
A/WWW
○
A/SMTP
○
○
○
○
○
○
○
○
○
Unlike CBQ, HTB uses a bandwidth control mechanism (shapes traffic based) based on the Token Bucket Filter,
○
which does not depend on the physical characteristics of the link. It does not require information about the behavior
○
○
of the output bandwidth.
○
○
It allows simulating slower links and determining which traffic class will use this slow path, thus changing the
○
○
order and priority of the current flow.
○
○
○
○
○
○
Parameter Function
○
○
Priority Defines class priority in the queuing mechanism. The round-robin algorithm, with
○
○
priorities, is used.
○
○
Rate Indicates maximum class rate. The rate sum of the children of a given class is the
○
same as that of the father
○
○
○
Ceil Maximum number of data allowed to be sent. ○
○
Burst Number of bytes allowed to be sent within a given time, respecting the speed provided
○
○
by the ceil.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
79
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
TBF (Token Bucket Filter)
This queuing discipline uses two token buckets, one for mean rate control and one for peak rate control The
token bucket for peak rate control allows some traffic burst, controlled by the peak rate parameter, to be sent during
a traffic-free period. The token bucket for mean rate control specifies the current flow of the class. If the peak rate
parameter is not used, the second token bucket will not be activated, and no limit will be specified. Thus, the burst is
based on the number of existing tokens. This algorithm delays the packets that exceed the limit, but does not drop
them.
Parâmetro Função
Limit Number of bytes that can be queued in the main token bucket.
Latency Maximum amount of time a packet sits in the TBF.
Rate Specifies the class bandwidth.
Burst Indicates the depth of the main token bucket.
Mtu Used to calculate packet size, for the mean rate table, or for the peak rate table.
Peakrate Enables the token bucket for peak rate control and specifies its mean value.
(optional)
Mpu Indicates minimum packet size.
The limit value should be greater than or equal to that of the interface mtu, otherwise, packets with greater
values might be dropped. If the latency parameter is used, queue size will be calculated based on the formula: limit
= rate * latency + burst. If the mtu value is greater than 2040, it must be specified. Its value should include the header
of the logical link layer. If the second token bucket is activated through the peakrate parameter, the mtu will also
indicate the depth of this token bucket.
SFQ (Stochastic Fairness Queuing)
It’s an FQ variant, in which a queue is kept for the time during which packets would be dropped if the BR (bit-
by-bit Round Robin) algorithm was used. BR sends traffic in a Round Robin fashion, and its transmission unit is only 1
bit. The packet is only sent when the whole packet is “read.” Thus, smaller packets are sent first.
Since it is difficult to keep a queue organized, SFQ allocates a pretty large number of queues, using the hash
table to send traffic to one of them. A drawback of this method is that as the number of active flows gets closer to the
number of queues, there is an increased probability of collision at the hash table.
The queues with packets to be sent are serviced in a round-robin fashion. A given amount of data (quantum) is
sent in every turn.
Parameter Function
Perturb Regular perturbation calculated by the hashing algorithm for the prevention of
collisions. SECS defines the interval within which the perturbation shoud occur.
Quantum Amount of data in bytes that should be sent in each round-robin session.
Next, we present two example configurations. In the first example, we will limit the bandwidth to 5 kbps for the
FTP. In the second example, we will follow a similar procedure, but we will work with link sharing, where priorities are
established for each queue, and where the lowest priority receives bandwidth from the father class. The topology is
shown next:
80
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Note that we formed two queues (1:1 and 1:2) over root class 1:, and that we limited class 1:1 to 5 kbps. Also
○
note that QoS rules should be applied based on the output traffic of the interface.
○
○
○
○
○
SET FIREWALL QOS RULE0 PROTOCOL tcp MARK 1
○
SET FIREWALL QOS RULE0 SOURCE ADDRESS 192.168.1.0 MASK 255.255.255.0
○
○
SET FIREWALL QOS RULE0 DESTINATION ADDRESS 192.168.2.0 MASK 255.255.255.0
○
SET FIREWALL QOS RULE0 TCP DPORT 20-21
○
SET FIREWALL UP
○
○
SET QOS WAN0-PVC0 ROOT-HTB HANDLE 1:
○
SET QOS WAN0-PVC0 HTB1: DEFAULT 2
○
○
SET QOS WAN0-PVC0 HTB1: NEW-HTB HANDLE 1:1
○
SET QOS WAN0-PVC0 HTB1:1 RATE 5KBIT BURST 5KBIT CEIL 5KBIT PRIORITY 1
○
○
○
○
○
SET QOS WAN0-PVC0 HTB1: NEW-FILTER HANDLE 1 PRIORITY 0 PROTOCOL IP CLASSID 1:1
○
SET QOS UP
○
○
○
○
In the second example, queues 1:10 and 1:20 were formed over a father class, which will allocate the bandwidth
○
according to the specified priority (the lowest the priority value, the highest the priority). Note that while we are using
○
○
only the FTP, 128 kbps will be allocated to it, but when Telnet is initiated, the link will be shared:
○
○
SET FIREWALL PURGE
○
○
SET FIREWALL QOS RULE0 PROTOCOL TCP MARK 1
○
SET FIREWALL QOS RULE0 DESTINATION ADDRESS 192.168.11.0 MASK 255.255.255.0 ○
○
○
SET FIREWALL QOS RULE0 TCP DPORT 20-21

○
○
SET FIREWALL QOS RULE1 PROTOCOL TCP MARK 2

○

○
○
SET FIREWALL UP
○
SET QOS PURGE

○
SET QOS WAN0-PVC0 ROOT-HTB HANDLE 1:

○
○

○
SET QOS WAN0-PVC0 HTB1:1 RATE 128KBIT BURST 15KBIT CEIL 128KBIT NO-PRIORITY
○
○
SET QOS WAN0-PVC0 HTB1:1 NEW-HTB HANDLE 1:10

○
○
○
SET QOS WAN0-PVC0 HTB1:1 NEW-HTB HANDLE 1:20

○
○
○
SET QOS WAN0-PVC0 HTB1:1 NEW-FILTER HANDLE 1 PRIORITY 1 PROTOCOL IP CLASSID 1:10
○
SET QOS WAN0-PVC0 HTB1:1 NEW-FILTER HANDLE 2 PRIORITY 0 PROTOCOL IP CLASSID 1:20
○
○
SET QOS UP
○
○
○
○
○
○
○
○
81
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
FIREWALL
Introduction
DT2048 SHDSL/R routers implement several Firewall features. Here, we are going to describe some of these
features, and we are going to provide some example configurations as well.
There are two levels of security in DT2048 SHDSL/R: one is determined by policies, and the other one, by rules.
Policies
Chain policies define packet destination. A policy is used when a packet reaches the end of a chain and does
not fit into any rules. In this case, the kernel checks the chain policy to decide what to do with the packet.
The decision can be to ACCEPT or DROP the packet. By default, INPUT/OUTPUT/FORWARD chains have their
policies configured as ACCEPT at startup.
Chains
A chain is a list of rules. Each rule tells the packet header what should be done with the packet. If the current rule
is not associated with the packet, then the next rule in the chain will be used. When there are no more rules to use, the
operating system will analyze the chain policy and decide what to do.
• INPUT: all traffic from a host (either local or remote) to the router.
• OUTPUT: all traffic from the router with any destination.
•FORWARD: all traffic from any host (either local or remote) bound to any host that can be reached through the router.
82
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
Packets going through the INPUT chain do not have an output interface, and packets going through the
○
○
OUTPUT chain do not have an input interface. In case of FORWARD, both can or should be specified for the
○
establishment of rules.
○
○
With the rules, we can create different ways to deal with the traffic. The main parameters are subsequently
○
○
listed.
○
○
○
○
• Action - An action determines what will happen when a packet fits into a given rule.
○
○
Possible actions include ACCEPT, DROP and REJECT.
○
○
- ACCEPT: accepts the packet being filtered;
○
○
- DROP: drops the packet being filtered;
○
○
○
- REJECT: has the same effect as DROP, except if the sender has sent an ICMP port unreachable
○
message. The ICMP message will not be sent if any of any of the following situations occurs (refer to RFC 1122):
○
○
- The packet being filtered is an ICMP error message in the beginning, or an unknown
○
○
type of ICMP;
○
○
- The packet being filtered is a fragment without a header;
○
○
- Many ICMP error messages have been sent to the same addressee.
○
○
• Protocol - The options are TCP, UDP and ICMP.
○
○
• Source and Destination - For the definition of addressing parameters and ports.
○
○
• IP addresses - Network or host IP addresses to be defined.
○
○
○
• Port - UDP/TCP port ranges.
○
○
○
○
In addition to these parameters, we can create different management options, using TCP flags, rules with
○
inverted logic, etc.
○
○
○
○
○
Specifying inverted logic
○
○
○
Several configuration options can be preceded by '!' (pronounced "no"), which means inverting the logic for a
○
○
given rule. For instance, if we define a rule that only allows transmission of a packet to a given interface and then we
○
apply the '!' option to the destination interface, the rule is inverted. Therefore, the packets will be sent to all interfaces,
○
○
except to the specified interface. We are going to see some more examples further ahead.
Specifying fragments ○
○
○
○
○
○
○
Sometimes a packet is too large to be sent all at once. If this happens, the packet is fragmented and sent as
○
○
multiple packets. On arrival, the packet is rebuilt by putting the fragments back together. The problem with
○
fragmentation is that the initial fragment contains complete header fields (IP + TCP, UDP and ICMP) to analyze, but
○
○
the subsequent packets only have the IP header (without the fields of other protocols). Then, analyzing the subsequent
○
fragments in search of headers of other protocols (such as TCP, UDP and ICMP extensions) is impossible.
○
○
If you are following up connections or NAT, all fragments will be reassembled before they reach the packet filter
○
○
code (then you do not have to worry about the fragments ). On the other hand, it is important to understand how
○
fragments are treated by filtering rules. Any rule that requests nonexistent information is not valid. This means that the
○
○
first fragment will be treated as any packet, whereas the second and the subsequent fragments will not. Then a rule
○
with the fragment (other packets) option enabled will analyze the packets of a data flow, except the first packet. It is
○
○
important to specify a rule that enables the fragment (first packet) option, but that does not apply this rule to the
○
second and subsequent fragments.

○
○
○
Usually, it is safer to allow transmission of the second and subsequent fragments, as the first fragment will be
○
filtered; this will prevent the whole packet from being defragmented in the destination equipment.
○
○
○
○
○
○
○
83
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Configuration parameters
The following parameters are necessary for firewall configuration:
SET FIREWALL <enter>

Valid options are:
INPUT Defines POLICY or RULE forINPUT
OUTPUT Defines POLICY or RULE for OUTPUT
FORWARD Defines POLICY or RULE for FORWARD
QOS QoS Configuration
CHAIN0 Defines NAME and RULE
UP Enables the FIREWALL
DOWN Disables the FIREWALL
PURGE Clears FIREWALL configurations
SET FIREWALL INPUT/OUTPUT/FORWARD <enter>

Valid options are:
POLICY Configures access policies (DROP/ACCEPT)
RULE0 Configures access rules
SET FIREWALL INPUT/OUTPUT/FORWARD RULE0

Valid options are:
Valid options are:
PROTOCOL Protocol (TCP/UDP/ICMP/ALL)
PROTOCOLINVERTED Inverted protocol logic
ACTION (Only when not in QOS chain) Action (DROP/REJECT/ACCEPT)
FRAGMENT Analysis of fragments from the second
and subsequent packets
SOURCE Rules for packet source
DESTINATION Rules for packet destination
UDP (Only when PROTOCOL = UDP) Rules for UDP
TCP (Only when PROTOCOL = TCP) Rules for TCP
ICMP (Only when PROTOCOL = ICMP) Rules for ICMP
PURGE Clears RULE0 configurations
SET FIREWALL INPUT RULE0 SOURCE/DESTINATION <enter>
Valid options are:
INTERFACE Source/destination interface
INTERFACEINVERTED* Inverts logic for the INTERFACE field
ADDRESS Network/host address
MASK Network mask
ADDRESSINVERTED Inverts logic for the ADDRESS field
*Only when INTERFACE != NONE
For clarification of these rules, we will show an example where we disable the traffic from any network to the
router (INPUT) and enable Telnet only from a specific host.
84
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
Note that, in the example below, we take for granted that the host (PC) address is 10.10.10.63 and that the
○
○
router address is 10.10.10.66. To check whether it is working properly, just apply a continuous ping to the destination
○
address; after the firewall is enabled, the ping should respond with TIME OUT, and it will be possible to establish a
○
○
Telnet connection with address 10.10.10.66 in the equipment 10.10.10.63.
○
○
SET FIREWALL PURGE
○
○
SET FIREWALL INPUT POLICY DROP
○
SET FIREWALL INPUT RULE0 PROTOCOL TCP ACTION ACCEPT
○
○
SET FIREWALL INPUT RULE0 SOURCE INTERFACE LAN0 ADDRESS 10.10.10.63 MASK
○
255.255.255.255
○
SET FIREWALL INPUT RULE0 TCP DPORT 23-23
○
○
SET FIREWALL UP
○
CONFIG SAVE
○
○
○
○
In the following example, we will use inverted logic. When we enable the ADDRESSINVERTED option in this
○
rule, any address can establish a Telnet connection with router 10.10.10.66, except with 10.10.10.63. The rule is the
○
○
same; we only added the ADDRESSINVERTED parameter as TRUE.
○
○
○
○
SET FIREWALL PURGE
○
SET FIREWALL INPUT POLICY DROP
○
○
SET FIREWALL INPUT RULE0 PROTOCOL TCP ACTION ACCEPT
○
SET FIREWALL INPUT RULE0 SOURCE INTERFACE LAN0 ADDRESSINVERTED TRUE ADDRESS
○
○
10.10.10.63 MASK 255.255.255.255
○
SET FIREWALL INPUT RULE0 TCP DPORT 23-23
○
○
SET FIREWALL UP
○
CONFIG SAVE
○
○
○
○
For test purposes, establish a Telnet between equipment 10.10.10.63 and router 10.10.10.66 and, after that, try
○
to make this Telnet connection from any other PC. You will find out that access from the host 10.10.10.63 is not
○
○
possible, since there is an inverted logic that specifies that any PC can access this equipment, except address
○
10.10.10.63/32.
○
○
In the next example, a network makes an ICMP request to a remote network without accessing the internal
○
○
network. In this case, the address of the local network is 10.10.10.0/24, and for the remote network, it is 192.168.11.0/
○
24. Note that the ECHO-REQUEST messages are sent, but, for a reply (ECHO-REPLY) to exist, it is necessary to create
○
○
a special rule, which does not involve only the protocol, but also the type of ICMP message. The rules are the following.
○
○
SET FIREWALL PURGE
○
SET FIREWALL INPUT POLICY ACCEPT
○
○
SET FIREWALL OUTPUT POLICY ACCEPT
○
SET FIREWALL FORWARD POLICY ACCEPT
○
○
SET FIREWALL FORWARD RULE0 PROTOCOL ICMP ACTION ACCEPT ○
SET FIREWALL FORWARD RULE0 SOURCE INTERFACE LAN0 ADDRESS 10.10.10.0 MASK
○
○
255.255.255.0
○
SET FIREWALL FORWARD RULE0 DESTINATION INTERFACE WAN0-PVC0 ADDRESS 192.168.11.0

○
○
MASK 255.255.255.0
○
SET FIREWALL FORWARD RULE1 PROTOCOL ICMP ACTION DROP

○
○
SET FIREWALL FORWARD RULE1 SOURCE INTERFACE WAN0-PVC0 ADDRESS 0.0.0.0 MASK
○
0.0.0.0
○
○
SET FIREWALL FORWARD RULE1 DESTINATION INTERFACE LAN0 ADDRESS 0.0.0.0 MASK
○
0.0.0.0
○
○
SET FIREWALL FORWARD RULE1 ICMP ENABLED TRUE INVERTED TRUE TYPE ECHO-REPLY
○
SET FIREWALL UP
○
○
○
The created command uses an inverted logic for the type of message that should be filtered. This is created
○
○
in rule 1 of the FORWARD chain.

○
○
SET FIREWALL FORWARD RULE1 ICMP ENABLED TRUE INVERTED TRUE TYPE ECHO-REPLY
○
○
To view the statistics of the created rule, use the SHOW FIREWALL STATS command.
○
○
○
○
○
85
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
AUTHENTICATION SYSTEMS
Introduction
The authentication system of DT2048 SHDSL/R routers supports different authentication protocols and types.
Authentication can be carried out using the SHADOW, TACACS and RADIUS commands.
SHADOW is an authentication system based on MD5 encryption, offered by the equipment.
TACACS (Terminal Access Controller Access Control System) is an authentication protocol for remote users.
Originally developed by CISCO, today it has been by several manufacturers. TACACS allows autthenticating a user in
a base provided by the client’s TACACS server.
RADIUS (Remote Authentication Dial User Service) is one the most widely used remote authentication protocols.
It also allows authentication of users in a remote base provided by the client. It is defined in RFC 2058.
To configure the authentication system, do the following:
1. Define the type of authentication.
2. In case of more than one type of authentication, specify an order for them.
3. Configure the authentication method.
The authentication configuration is available in the SYSTEM module.

SET SYSTEM <enter>
Valid SET options for SYSTEM are:
DATE*
TIME*
TIMETYPE
LOG
UPDATE
AAA
HOSTNAME
PURGEUSERS
PURGEDNS
RESTART
*Only when TimeType = local OS
USER0
USER1
USER2
USER3
USER4
DNS0
It is worth mentioning that if no authentication method has been configured, the CLI will select SHADOW as the
standard authentication method.
The order of authentication is defined by using the following command:
SET SYSTEM AAA AUTHENTICATION ORDER <enter>
You must provide order for UP auth types. Combination possibilities are:
TACACS SHADOW
SHADOW TACACS
RADIUS SHADOW
SHADOW RADIUS
86
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
RADIUS
○
○
○
○
To define RADIUS as the only authentication method, enable the RADIUS authentication and disable the
○
SHADOW authentication.
○
○
○
SET SYSTEM AAA AUTHENTICATION RADIUS UP
○
SET SYSTEM AAA AUTHENTICATION SHADOW PURGE
○
○
○
○
The following options are available for configuration:
○
○
SET SYSTEM AAA AUTHENTICATION RADIUS <enter>
○
Valid SET options for RADIUS are:
○
○
DEBUG Allows viewing events via Syslog
○
SERVER Configures the RADIUS server IP address
○
○
SECRET Password used for negotiation between the equipment’s RADIUS
○
and the server.
○
○
TIMEOUT Timeout for remote authentication
○
ONERROR** Defines what should be done when RADIUS is the first
○
○
authentication method(the order is RADIUS SHADOW)
○
UP Enables the RADIUS
○
○
PURGE Clears RADIUS configurations
○
○
○
As an example, we have the following configuration:
○
○
○
SET SYSTEM AAA AUTHENTICATION RADIUS UP
○
SET SYSTEM AAA AUTHENTICATION RADIUS SERVER 20.20.20.20
○
SET SYSTEM AAA AUTHENTICATION RADIUS SECRET digitel
○
○
SET SYSTEM AAA AUTHENTICATION RADIUS ONERROR
○
○
○
ONERROR defines what should be done when RADIUS is the first authentication method (the order is
○
○
RADIUS SHADOW). Valid options are FAIL or CONTINUE. FAIL specifies that when the first authentication method
○
fails, login should be denied; CONTINUE specifies that authentication should be attempted by using the next
○
○
method.
○
○
○
○
TACACS
○
○
○
○
To define TACACS as the only authentication method, enable TACACS authentication and disable SHADOW
○
authentication.
○
○
○
SET SYSTEM AAA AUTHENTICATION TACACS UP
○
SET SYSTEM AAA AUTHENTICATION SHADOW PURGE ○
○
○
○
The following parameters are available for TACACS configuration:

○
○
○
○
SET SYSTEM AAA AUTHENTICATION TACACS <enter>

○
○
Valid SET options for TACACS are:

○
ENCRYPT Enables encrypted key for SECRET

○
○
DEBUG Allows showing events via Syslog

○
SERVER Configures the TACACS server IP address

○
○
SECRET* Password used for negotiation between the equipment’s TACACS

○
and the server.

○
○
ONERROR** Defines what should be done when RADIUS is the first

○
authentication method (the order is RADIUS SHADOW)

○
UP Enables the TACACS

○
○
PURGE Clears TACACS configuration

○
*Only when ENCRYPT=TRUE

○
○
**Only when SHADOW is UP and ORDER is TACACS SHADOW

○
○
○
○
87
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
As an example, we have the following configuration:

SET SYSTEM AAA AUTHENTICATION TACACS UP
SET SYSTEM AAA AUTHENTICATION ORDER TACACS SHADOW
SET SYSTEM AAA AUTHENTICATION TACACS ENCRYPT TRUE
SET SYSTEM AAA AUTHENTICATION TACACS SERVER 10.10.10.12 SECRET digitel
SET SYSTEM AAA AUTHENTICATION TACACS ONERROR
ONERROR defines what should be done when TACACS is the first authentication method (the order is
TACACS SHADOW). Valid options are FAIL or CONTINUE. FAIL specifies that when the first authentication
method fails, login should be denied; CONTINUE specifies that authentication should be attempted by using the
next method.
INTERFACE STATISTICS
DT2048 SHDSL/R routers include several troubleshooting features. Checking for interface errors is one of the
most widely used ones. Next, we describe the counters for different encapsulation protocols:
WAN (all protocols - HDLC interface)
TX ERRORS:
• Frame eliminated due to interface timeout (due to physical problems, failure, or transmit clock problems)
• Physical transmission errors (loss of CTS or underrun - should not normally occur)
RX ERRORS:
• Frame eliminated due to limited processing capacity at reception (should not normally occur)
• Frame received with CRC error
• Frame received with addressing error (should not normally occur)
• Frame received with synchronization error
• Frame received with size violation
• Frame received with incomplete octet numbers
• Abort sequence received
• Frame received with data carrier loss
TX DROPPED:
• Frame eliminated due to interface resetting
• Frame eliminated due to insufficient memory (should not normally occur)
RX DROPPED:
• Frame eliminated due to limited processing capacity at reception (should not normally occur)
• Frame eliminated due to CRC error
• Frame eliminated due to addressing error (should not normally occur)
• Frame eliminated due to insufficient memory at reception (should not normally occur)
TX OVERRUN:
• Not used
RX OVERRUN:
• Frame received with overrun error
COLLISION:
• Not used
88
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
CRC ERRORS:
○
• Frame received with CRC error
○
○
○
TX ABORTED:
○
○
○
○
○
TX FIFO ERROR:
○
○
• Underrun at transmission (should not normally occur)
○
○
○
TX CARRIER ERROR:
○
• Loss of CTS at transmission (should not normally occur)
○
○
○
○
RX LENGTH ERROR:
○
○
○
○
RX FRAME ERROR:
○
○
• Frame received with incomplete octet numbers
○
○
○
RX MISSED ERROR:
○
○
• Frame received with data carrier loss
○
○
○
WAN (HDLC-Cisco protocol)
○
○
○
RX ERRORS:
○
○
• Frame received with protocol error (short frame, addressing error, size error)
○
○
○
○
○
WAN (FRAME RELAY protocol - HDLC interface)
○
○
○
○
RX ERRORS:
○
• Frame received invalid (short frame or in wrong format)
○
○
• LMI frame received when LMI=NONE
○
• LMI protocol errors
○
○
• Non-LMI frame received through the control channel
○
○
• Frame received with unknown DLCI
○
○
• Frame received for disabled PVC (interface DOWN)
○
○
○
○
WAN (FRAME RELAY protocol - PVC interface) ○
○
○
TX DROPPED:
○
○
• Frame eliminated due to limited transmission rate (full buffers)

○
• Frame eliminated due to inactive channel

○
○
TX COMPRESSED:
○
○
• Frame transmitted with congested channel

○
○
○
RX COMPRESSED:
○
○
• Frame received with congested channel

○
○
○
WAN (X25 protocol - HDLC interface)

○
○
○
○
RX ERRORS:
○
• Frame received with LAPB protocol error

○
○
○
○
○
○
○
89
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
LAN (all protocols - ETH interface)
TX ERRORS:
• Frame retransmitted by collision up to the limit and eliminated
• Frame transmitted with underrun
• Frame transmitted with data carrier loss
• Frame transmitted without heartbeat
• Frame transmitted with late collision
RX ERRORS:
• Frame received with incomplete octet numbers or with late collision
• Frame received with CRC error or FIFO overrun
TX DROPPED:
• Not used
RX OVERRUN:
• Not used
RX DROPPED:
• Frame eliminated due to limited processing capacity or insufficient memory at reception (should not normally
occur)
TX OVERRUN:
• Not used
RX OVERRUN:
• Not used
COLLISION:
• Collision during frame transmission
CRC ERRORS:
• Frame received with CRC error or FIFO overrun
TX ABORTED:
• Frame retransmitted by collision up to the limit and eliminated
TX FIFO ERROR:
• Frame transmitted with underrun
TX CARRIER ERROR:
• Frame transmitted with data carrier loss
TX HEARTBEAT ERROR:
• Frame transmitted without heartbeat
TX WINDOW ERROR:
• Frame transmitted with late collision
RX LENGTH ERROR:
RX FRAME ERROR:
• Frame received with incomplete octet numbers or with late collision
RX MISSED ERROR:
• Not used
90
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
SYSLOG
○
○
○
Another way to check for errors is by using Syslog, a powerful troubleshooting tool, which can be viewed on the
○
○
console (buffer) or in the remote server, where messages can also be stored.
○
○
To configure output of messages, we can create several entries (ENTRYx), where we specify, for instance, a
○
remote Syslog server or the terminal itself. The configuration parameters are the following:
○
○
○
SET SYSTEM LOG <enter>
○
Valid SET options for LOG:
○
○
UP Starts the Syslog daemon
○
DOWN Disables the Syslog daemon
○
○
PURGE Clears the Log module
○
ENTRY0 Generates an entry configuration
○
○
○
SET SYSTEM LOG ENTRY0 <enter>
○
○
Applying to: ENTRY0
○
○
○
FACILITY Type of facility
○
PRIORITY Type of priority
○
OUTPUTTYPE Type of output
○
○
HOST* Identifies the remote Syslog server IP
○
PURGE Clears the ENTRY0 configurations
○
○
*Only when OUTPUTTYPE=REMOTE
○
○
○
○
○
○
Facility
○
○
○
The FACILITY parameter is used to specify the type of program that will generate log messages, as described
○
○
below:
○
○
○
○
SET SYSTEM LOG ENTRY0 FACILITY <enter>
○
○
Applying to: ENTRY0
○
○
ALL All messages
○
○
AUTH Securtiy/authentication messages
○
SECURITY Security messages
○
○
AUTHPRIV Security/authentication messages (private)
CRON Cron and at daemon ○
○
○
DAEMON Other system daemons

○
KERN Kernel messages

○
○
LPR Printing subsystems

○
MAIL Mail subsystems

○
○
MARK Timer for MARK messages

○
NEWS USENET news subsystem

○
○
SYSLOG Internal Syslog messages

○
USER Generic user messages

○
○
UUCP UUCP subsystem

○
LOCAL0 Reserved for local use

○
○

○

○
○

○

○
○

○

○
○

○
○
○
○
○
91
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Priority (Level)
Determines the importance of the messages. The following levels are allowed, in order of importance:
SET SYSTEM LOG ENTRY0 PRIORITY <enter>
Applying to: ENTRY0
ALL All levels
DEBUG Debugging messages
INFO Information messages
NOTICE Normal system conditions
WARNING Warning conditions
WARN Synonymous with warning level
ERR Error conditions
ERROR Synonymous with err level
CRIT Critical conditions
ALERT Some action must be taken immediately
EMERG The system is unusable
PANIC Synonymous with emerg level
SET SYSTEM LOG ENTRY0 OUTPUTTYPE <enter>

Applying to: ENTRY0
REMOTE Defines a server as remote
TERMINAL Defines a server as local
By default, the Syslog is enabled. To enable all Syslog features, type the following command:
SET SYSTEM LOG ENTRY0 FACILITY ALL PRIORITY ALL OUTPUTTYPE TERMINAL
To view the messages at the Console (TERMINAL), type the following command:
SHOW SYSTEM LOG MESSAGES <enter>
If you have a Syslog server on the network, only change the type of output (REMOTE) and configure the host IP
address:
SET SYSTEM LOG ENTRY0 FACILITY ALL PRIORITY ALL OUTPUTTYPE REMOTE HOST
192.168.100.23
VRRP (VIRTUAL ROUTER REDUNDANCY PROTOCOL)
When a router is configured with a default gateway, without any dynamic routing protocol (e.g.: RIP), it can
become a vulnerable spot on the network. This scenario is characterized by a single flaw (the gateway). To solve the
problem, use a dynamic routing protocol; however, this may slow down the network, due to the complexity of these
protocols. So,b a better alternative is to have a router operating as backup for the network gateway; then, when the
gateway fails, the backup will start operating.
The Virtual Router Redundancy Protocol (VRRP) implements this feature. It is defined in RFC 2338 and offers
automatic backup, taking on the IP of the main router (Master).
The VRRP has the same function as the Hot Standby Router Protocol (HSRP) by CISCO and as the IP Standby
Protocol (IPSTB) by Digital Equipment Corporation.
92
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
Definitions
○
○
○
○
• VRRP Router: Router running Virtual Router Redundancy Protocol.
○
○
• Virtual Router ID: ID associated with the LAN IP. Both Master and Backup routers must have the same ID.
○
○
• IP Address Owner or IP: IP that represents the VRRP Router address.
○
○
• Virtual Router Master: VRRP router that routes packets using the IP associated with the Virtual Router (also
○
○
replying to the ARP request of this IP). Only the Master router sends VRRP packets over the network.
○
○
• Virtual Router Backup: VRRP router that takes over the Virtual Router in case of a failure.
○
○
○
Configuration
○
○
○
○
The VRRP configuration in DT2048 SHDSL/R is available via the command line interface (CLI). To view
○
configuration options, use the SET VRRP command. The configuration options are:
○
○
○
○
SET VRRP <enter>
○
○
○
VRID Virtual Router ID (router running VRRP).
○
○
INTERFACE LAN interface.
○
IP Virtual IP used by VRRP.
○
○
PRIORITY Defines priority between Master and Backup equipment.
○
That with the highest priority is the Master.
○
○
When priority is not informed, the value is 255.
○
ADVERT Interval for message transmission (VRRP packets).
○
○
AUTH Type of authentication (NONE, PW or AH).
○
PREEMPT Prevents a backup VRRP router with higher priority from
○
○
taking over the Master. The default value is preemptive.
○
PASSWORD Password for pw or ah authentications.
○
○
NO-PASSWORD Clears the password.
○
UP Runs the VRRP.
○
○
DOWN Disables the VRRP.
○
PURGE Clears configuration.
○
○
○
○
○
As an example, we can configure a router to be the Master. VRRP router. Minimum configuration in this case
○
includes VRID, the interface and the IP address:
SET VRRP STATE MASTER VRID 10 INTERFACE LAN0 PRIORITY 200 IP 20.20.20.20 UP ○
○
○
○
○
In our example, the configuration of the backup VRRP router would be as follows:
○
○
SET VRRP STATE BACKUP VRID 10 INTERFACE LAN0 PRIORITY 50 IP 20.20.20.20 UP

○
○
○
○
○
○
○
○
○
Master
○
○
○
VRRP
○
Internet
○
Router
○
○
○
Backup
○
○
○
○
○
○
○
○
○
93
CLI Complete
Guide - Command Line Interface
list of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
COMPLETE LIST OF COMMANDS
Language Basic syntax
SET <Module name>

<Module specific options>
SHOW <Module name>
DUMP <Module name>
ALL <Module specific options>
HELP <Module name>
EXEC
PING <Ping parameters>
TRACEROUTE <Traceroute parameters>
NETSTAT <Netstat parameters>
TCPDUMP <Tcpdump parameters>
CONFIG
INPUT {BATCH,KEYBOARD}
SAVE
LOAD EXTERN
SERVER <Server name>
USER <User name>
PASS <Password>
REMOTEFILE <Remote file name>
IMPORT
EXPORT SHOW PURGE
QUIT
94
CLI Guide - Command
Complete list Line Interface
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
System configuration - SYSTEM
○
○
○
○
SET SYSTEM
○
○
TIMETYPE {SERVER,LOCAL}
○
TIMESERVER <IP address>
○
DATE <Date>
○
○
TIME <Time>
○
USER <User identifier number>
○
TYPE OPERATOR,MODERATOR,ADMINISTRATOR}
○
○
LOGIN
○
PASS
○
PURGE
○
○
AAA
○
AUTHENTICATION
○
TACAC
○
○
ENCRYPT {TRUE,FALSE}
○
DEBUG {TRUE,FALSE}
○
SERVER <IP address>
○
○
SECRET <String>
○
TIMEOUT <Numeric>
○
ONERROR {FAIL,CONTINUE}
○
○
UP
○
PURGE
○
RADIUS
○
○
DEBUG {TRUE,FALSE}
○
SERVER <IP address>
○
SECRET <String>
○
○
TIMEOUT <Numeric>
○
ONERROR {FAIL,CONTINUE}
○
UP
○
○
PURGE
○
SHADOW
○
UP
○
○
DOWN
○
ORDER
○
AUTHORIZATION
○
○
N TACACS
○
SHADOW
○
ACCOUNTING
○
○
TACACS
○
SHADOW
○
LOG
○
○
ENTRY <Entry identifier number>
○
FACILITY {ALL,AUTH,SECURITY,AUTHPRIV,CRON,DAEMON, KERN,LPR,
MAIL,MARK,NEWS,SYSLOG,USER,UUCP,LOCAL0,LOCAL1,LOCAL2, ○
○
○
LOCAL3,LOCAL4,LOCAL5, LOCAL6,LOCAL7}
○
PRIORITY {ALL,DEBUG,INFO,NOTICE,WARNING,WARN,ERR,ERROR,
○
CRIT,ALERT,EMERG,PANIC}
○
○
OUTPUTTYPE {TERMINAL,REMOTE}
○
PURGE (when OUTPUTYPE=REMOTE)

○
HOST <Host address>

○
○
UP
○
DOWN
○
PURGE
○
○
UPDATE
○
TYPE {TFTP,FTP}
○
○
FILE <File name>

○
SERVER <IP address>

○
USER <Username>
○
○
PASS <Password>
○
EXECUTE
○
RESTART
○
○
○
○
○
○
○
○
95
CLIComplete
Guide - Command Line Interface
list of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
MODEM configuration
SET MODEM
VGMODE {OFF,ON}
V35FROM {CONECTOR|WAN}
SUPERVISOR
LOOP {LAL|LDL|RDL|NONE}
UPDATE
FTPSERVER <IP address>
USER <Username>
PASS <Password>
TYPE {FLASH,PROCESSOR}
FILE <File name>
EXECUTE
UP
DOWN
PURGE
Ethernet/LAN configuration
SET LAN
LAN <interface identifier number>
IP
MASK
BROADCAST
RESETCOUNTERS
UP
DOWN
PURGE
LAN <interface identifier number>:<virtual device number>
IP
MASK
BROADCAST
RESETCOUNTERS
UP
DOWN
PURGE
Configuration of WAN interfaces

SET WAN <interface>
PROTO {HDLC, FRAMERELAY,PPPS,PPPA,DIALIN,X25}
<protocol options>
HDLC Protocol
IP <IP address>
MASK <Network address>
PEER <Peer address>
CLOCK {INTERNAL,EXTERNAL}
SPEED {64,128,192,256,512,768,1024,1536,2048,3072,4096,4915.2}
TXINV {TRUE,FALSE}
INTERVAL <numeric value>
TIMEOUT <numeric value>
RESETCOUNTERS
Frame Relay Protocol
PROTOCOL {ANSI,CCITT,NONE}
SPEED {64,128,192,256,512,768,1024,1536,2048,3072,4096,4915.2}
TXINV {TRUE,FALSE}
WAITING {TRUE,FALSE}
96
CLI Guide - Command
Complete Line
list of Interface
Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
BANDWIDTH <numeric value>
○
○
DLCI <numeric value>DLCI <numeric value>
○
IP <IP address>
○
○
○
PEER <Peer address>
○
○
CIR <numeric value>
○
PEAK <numeric value>
○
○
RESETCOUNTERS
○
PURGE
○
○
RESETCOUNTERS
○
○
X25 Protocol
○
○
○
○
○
SPEED {64,128,192,256,512,768,1024,1536,2048,3072,
○
4096,4915.2}
○
○
TXINV {TRUE,FALSE}
○
MODE {DTE,DCE}
○
○
LAPB
○
EXTENDEDMODE {TRUE,FALSE}
○
WINDOWSIZE <numeric value>
○
○
EXTENDED {TRUE,FALSE}
○
NEGOTIATE
○
○
WINDOWSIZE {TRUE,FALSE}
○
PACKETSIZE {TRUE,FALSE}
○
○
REVERSECHARGING {TRUE,FALSE}
○
ROUTES (DEFAULT, SUBST_SOURCE and SUBST_DEST are used
○
○
within ADD)
○
ADD {X121_address}
○
○
REMOVE {X121_address}
○
PROTOCOL {IP, IPX}
○
○
SVC <number>
○
X121BIND <X121 address>
○
○
WAITCONNECTION
○
X121TO <X121 address>
○
○
IP <IP address>
○
MASK <IP address>
○
○
PEER <IP address>
○
MTU <numeric value>
○
○
NET {IPX net number}
○
NODE {IPX node address}
RESETCOUNTERS ○
○
○
○
○
○
Configuration of static routes - ROUTES

○
○
○
SET ROUTES
○
○
ROUTE <route identifier number>

○
DEVICE {NONE,<Interface name>}

○
NET <Net address>

○
○
MASK <Mask address>

○
GATEWAY <Gateway address>

○
COST <Route cost>

○
○
PURGE
○
DEFAULT
○
GW1 <IP address>

○
○
COST1 <numeric value>

○
GW2 {PURGE,<IP address>}

○
COST2 <numeric value>

○
○
POLL <numeric value>

○
DEVICE {NONE,<Interface name>}

○
PURGE
○
○
PURGE
○
97
CLI Guide list
Complete - Command Line Interface
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Backup line configuration - BACKUP
SET BACKUP
BACKUP <number>
FROM <Interface>
TO <Interface>
IDLELIMIT <1...65000>
PROBE {TRUE,FALSE}
MINRATE {25,50,75,100}
REMOTEIP <IP address>
PURGE
UP
DOWN
PURGE
Configuration of Dynamic Routing - RIP
SET RIPZ
DEFAULTMETRIC <numeric value>
VERSION {1,2}
<INTERFACE>
ENABLED {TRUE,FALSE}
TYPE {ACTIVE,PASSIVE}
RECEIVEVERSION {1,2,12,DEFAULT}
SENDVERSION {1,2,12,DEFAULT}
AUTH
TYPE {NONE,SIMPLE,MD5}
PASS <password>
IN <In identifier number>
LIST <LIST>
PURGE
OUT <Out identifier number>
LIST <LIST>
PURGE
LIST <List identifier number>
ADDRESS <Address>
MASK <Network mask>
TYPE {PERMIT,DENY}
PURGE
PURGE
UP
DOWN
PURGE
Configuration of Dynamic Routing - OSPF
SET OSPFZ
ROUTERID <Router id number (x.y.z.w)> Router id number (
REDIST-CONNECTED {TRUE,FALSE}
REDIST-STATIC {TRUE,FALSE}
REDIST-RIP {TRUE,FALSE}
RFC1583 {TRUE,FALSE}TRUE,FALSE}
DEBUG
EVENT {TRUE,FALSE}
INTERFACE {TRUE,FALSE}
98
CLI Guide - Command
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
REDISTRIBUTE {TRUE,FALSE}
○
○
PACKET {TRUE,FALSE}
○
LOG
○
○
STDOUT {TRUE,FALSE}
○
SYSLOG {TRUE,FALSE}
○
○
TRAP {NONE,EMERGENCIES,ALERTS,CRITICAL,ERRORS,
○
WARNINGS, NOTIFICATIONS,INFORMATIONAL, DEBUGGING}
○
○
AREA <area identifier number>
○
ID <Area ID number (x.y.z.w)>
○
○
AUTH {NONE,SIMPLE,MD5}
○
STUB {TRUE,FALSE}
○
○
COST <numeric value>
○
VIRTUAL
○
○
○
TRANSIT <IP address>
○
○
RANGE <range identifier number>
○
ADDRESS <IP address>
○
○
MASK <IP address>
○
PURGE
○
○
EXPORT <Export identifier number>
○
LIST <LIST>
○
○
PURGE
○
IMPORT <Import identifier number>
○
○
LIST <LIST>
○
PURGE
○
PURGE
○
○
LIST <List identifier number>
○
○
○
ADDRESS <Address>
○
MASK <Network mask>
○
○
TYPE {PERMIT,DENY}
○
PURGE
○
○
PURGE
○
NETWORK <Network identifier number>
○
○
ADDRESS <Address>
○
MASK <Network mask>
○
○
AREA <Area identifier>
○
PURGE
○
○
<INTERFACE>
○
DIGEST <Digest identifier number>
○
○
KEYID <numeric value>
○
PASS <Password>
○
○
PURGE
○
PASS <Password>
○
○
NOPASS
○
PRIORITY <numeric value>

○
○
COST <numeric value>

○
HELLOINTERVAL <numeric value>

○
○
DEADINTERVAL <numeric value>

○
DELAY <numeric value>

○
○
RETRANSMISION <numeric value>

○
UP
○
○
DOWN
○
PURGE
○
○
○
PURGE
○
○
○
SET ZEBRA
○
○
ROUTES OSPF
○
UP
○
○
DOWN
○
99
CLI Guide -list
Complete Command Line Interface
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
NAT configuration
SET NAT
MASQUERADE <Masquerad identifier number>
INTERFACE <Interface>
MASK <Network mask>
REDIRECT <Redirect identifier number>
FROMINTERFACE <Interface>
FROMADDRESS <IP address>
FROMPORT <numeric value>
TOADDRESS <IP address>
TOPORT <numeric value>
PROTOCOL <ICMP | UDP | TCP | protocol number>
PURGE
EXCLUSION <Exclusion identifier number>
TOADDRESS <IP address>
TOMASK <Network address>
TOINTERFACE <Interface>
PURGE
NAT <NAT 1:1 identifier number>
SOURCEADDRESS <IP address>
SOURCEMASK <Network address>
DESTINATIONADDRESS <IP address>
DESTINATIONMASK <Network address>
PURGE
Configuration of GRE tunnels
SET GRE
GRE <channel identifier number>
INTERFACE <Interface name>
REMOTE <IP address>
TUNNELLOCAL <IP address>
TUNNELREMOTE <IP address>
KEEPALIVETIME <1...300>
KEEPALIVE {TRUE,FALSE}
UP
DOWN
PURGE
UP
DOWN
PURGE
VPN PPTP configuration
SET PPTP
CHAP <CHAP identifier number>
DOMAIN <Domain name>
USER
PASS
PURGE
CLIENT <Client identifier number>
DOMAIN <CHAP identifier>
SERVER <IP of remote server>
100
CLI Guide - Command
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
UP
○
○
DOWN
○
PURGE
○
○
SERVER
○
LISTEN <Interface name>
○
○
LOCALIP <local ip identifier number>
○
BEGIN <IP address>
○
○
END <IP address>
○
PURGE
○
○
REMOTEIP <remote ip identifier number>
○
BEGIN <IP address>
○
○
END <IP address>
○
PURGE
○
UP
○
○
DOWN
○
PURGE
○
○
PURGE
○
○
○
○
VPN L2TP configuration
○
○
○
○
SET L2TP
○
LAC <LAC identifier number>
○
○
ID <numeric value>
○
LNS <IP address>
○
○
REDIAL {TRUE,FALSE}
○
PURGE
○
○
LNS
○
IPPOOL <Ippool identifier number>
○
○
BEGIN <IP address>
○
END <IP address>
○
○
PURGE
○
LACRANGE <Range identifier number>
○
○
BEGIN <numeric value>
○
END <numeric value>
○
PURGE
○
○
LOCALIP <IP address>
○
UP
○
○
PURGE
○
AUTH {NONE,PAP,CHAP}
○
○
USER <User identifier number> ○
USERNAME
○
○
PASS
○
PURGE
○
○
UP
○
DOWN
○
○
PURGE
○
○
○
○
VPN IPSEC configuration

○
○
○
SET IPSEC
○
○
IPSEC <IPSEC identifier number>

○

○
○
PURGE
○
CHANNEL <Channel identifier number>

○
○
NAME <Channel name string>

○
LEFT
○
○
ADDRESSTYPE {BINDED,ANY,DEFAULTROUTE,OPPORTUNISTIC}
○
SUBNET {TRUE,FALSE}
○
○
NET <IP net address>

○
101
CLI Guide list
Complete - Command Line Interface
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
MASK <Netmask address>

USEGATEWAY {TRUE,FALSE}
RIGHT
ADDRESSTYPE {USER,ANY,DEFAULTROUTE,OPPORTUNISTIC}
SUBNET {TRUE,FALSE}
NET <IP net address>
MASK <Netmask address>
USEGATEWAY {TRUE,FALSE}
KEY
AUTH {ESP,AH}
AUTHBY {SECRET,RSA}
PASS <Password>
BITS {128,256,512,1024,2048}
PEERPUBLICKEY
LOCALSIDE {LEFT,RIGTH}
GENERATEKEY
NEGRESTART
TIME <numeric value>
MARGIN <numeric value>
KEYLIFE <numeric value>{H,M,S}
ISAKMP <numeric value>{H,M,S}
RETRIES <numeric value>
PERFECTFORWARD {TRUE,FALSE}
DPDACTION {CLEAR,HOLD,NONE}
DPDDELAY <numeric value>
DPDTIMEOUT <numeric value>
PURGE
COMPRESS {TRUE,FALSE}
IKE <Identifier number>
ESP <Identifier number>
FRAGICMP {TRUE,FALSE}
HIDETOS {TRUE,FALSE}
UNIQUEIDS {TRUE,FALSE}
PACKETDEFAULT {PASS,DROP,REJECT}
NATT {TRUE,FALSE}
TYPE {INTERFACE,DEFAULTROUTE}
UP
DOWN
PURGE
DHCP Protocol configuration
SET DHCP
TYPE {NORMAL,RELAY}
(when TYPE=NORMAL)
UNKNOWNCLIENTS {TRUE,FALSE}
SHAREDNETWORK {TRUE,FALSE}
SERVERNAME <Server name>
SUBNET <Subnet identifier number>
ADDRESS <IP network address>
MASK <Network mask address>
RANGEIP {TRUE,FALSE}
RANGEBEGIN <IP address>
RANGEEND <IP address>
LEASE <numeric value>
AUTHORITATIVE {TRUE,FALSE}
DNSDOMAIN <DNS domain name>
DNS <DNS identifier number>
102
CLI Guide - Command
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
PURGE
○
○
ROUTER <Router identifier number>
○
○
○
PURGE
○
WINS <Wins identifier number>
○
○
○
PURGE
○
○
PURGE
○
HOST <Host identifier number>
○
○
NAME <Hostname string>
○
MAC <Hardware address>
○
○
○
DNSDOMAIN <DNS domain name>
○
DNS <DNS identifier number> <DNS identifier number>
○
○
○
PURGE
○
○
ROUTER <Router identifier number>
○
○
○
PURGE
○
WINS <Wins identifier number>
○
○
○
PURGE
○
○
PURGE
○
UP
○
○
DOWN
○
PURGE
○
○
(when TYPE=RELAY)
○
SERVER <IP address of the server>
○
ALLINTERFACES {TRUE,FALSE}
○
○
LISTEN <Listen identifier number>
○
○
○
PURGE
○
UP
○
○
DOWN
○
PURGE
○
○
○
○
SNMP Protocol configuration
○
○
○
SET SNMP
LOCATION ○
○
○
AGENTADDRESS
○
○

○
PORT
○
PURGE
○
○
○
IPX Protocol configuration

○
○
○
○
SET IPX
○
<INTERFACE> (when interface is a lan)

○
○
FRAMETYPE {802.2,802.2TR,802.3,SNAP,ETHERII}
○
NETWORK <IPX Network address>

○
○
UP
○
PURGE
○
○
(when interface is asynch ppp and TYPE=CLIENT)

○
TYPE {CLIENT,SERVER}
○
○
UP
○
PURGE
○
○
(when interface is asynch ppp and TYPE=SERVER)

○
TYPE {CLIENT,SERVER}
○
○
103
CLI Guide - Command
Complete Line Interface
list of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

NODE <IPX Node number>
UP
PURGE
(when interface is not a lan)
NODE <IPX Node number>
UP
PURGE
BRIDGE protocol configuration
SET BRIDGE
BRIDGE <Bridge identifier number>
NAME <Interface name>
AGEING <numeric value>
GARBAGEINTERVAL <numeric value>
SPANNINGTREE {TRUE,FALSE}
PURGE <INTERFACE>
Firewall configuration
SET FIREWALL
INPUT
POLICY {ACCEPT,DROP}
RULE <Rule identifier number>
PROTOCOL {TCP,UDP,ICMP,ALL}
PROTOCOLINVERTED {TRUE,FALSE}
ACTION {ACCEPT,REJECT,DROP,RETURN,LOG}
FRAGMENT
WHICH {FIRST,REMAIN}
SOURCE
INTERFACEINVERTED {TRUE,FALSE}
MASK <IP address>
ADDRESSINVERTED {TRUE,FALSE}
DESTINATION
INTERFACEINVERTED {TRUE,FALSE}
MASK <IP address>
ADDRESSINVERTED {TRUE,FALSE}
PACKETTYPE
UNICAST
BROADCAST
MULTCAST
MAC
SOURCE <MAC address>
LIMIT
RATE <numeric value>{D,H,M,S}
BURST <numeric value>
CONNECTIONSTATE
INVERTEDLOGIC {TRUE,FALSE}
INVALID {TRUE,FALSE}
104
Complete
CLI Guide list of
- Command Commands
Line Interface
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
ESTABLISHED {TRUE,FALSE}
○
○
NEW {TRUE,FALSE}
○
RELATED {TRUE,FALSE}
○
○
TOS
○
○
INVERTED {TRUE,FALSE}
○
○
VALUE {MINIMIZEDELAY, MAXIMIZETHROUGHTPUT,
○
MAXIMIZERELIABILITY, MINIMIZECOST, NORMALSERVICE}
○
○
TIME
○
○
○
START <Time>
○
END <Time>
○
○
SUNDAY {TRUE,FALSE}
○
MONDAY {TRUE,FALSE}
○
○
TUESDAY {TRUE,FALSE}
○
WEDNESDAY {TRUE,FALSE}
○
○
THURSDAY {TRUE,FALSE}
○
FRIDAY {TRUE,FALSE}
○
○
SATURDAY {TRUE,FALSE}
○
UDP
○
○
SPORT <numeric value>[-<numeric value>]
○
DPORT <numeric value>[-<numeric value>]
○
○
TCP
○
SPORT <numeric value>[-<numeric value>]
○
○
DPORT <numeric value>[-<numeric value>]
○
SYNENABLED {TRUE,FALSE}
○
○
SYNINVERTED {TRUE,FALSE}
○
TCPOPTION <numeric value>=1 and <= 65536>
○
○
TCPOPTIONINVERTED {TRUE,FALSE}
○
FLAGS
○
○
○
LIST
○
○
SYN {TRUE,FALSE}
○
ACK {TRUE,FALSE}
○
FIN {TRUE,FALSE}
○
○
RST {TRUE,FALSE}
○
URG {TRUE,FALSE}
○
○
PSH {TRUE,FALSE}
○
ALL {TRUE,FALSE}
○
○
NONE {TRUE,FALSE}
○
ENABLED
○
○
SYN {TRUE,FALSE} ○
ACK {TRUE,FALSE}
○
○
FIN {TRUE,FALSE}
○
RST {TRUE,FALSE}
○
○
URG {TRUE,FALSE}
○
PSH {TRUE,FALSE}
○
○
ALL {TRUE,FALSE}
○
NONE {TRUE,FALSE}
○
○
ICMP
○
○
○
○
TYPE {ECHO-REPLY, DESTINATION-UNREACHABLE,

○
○
NETWORK-UNREACHABLE, HOST-UNREACHABLE,
○
PROTOCOL-UNREACHABLE, PORT-UNREACHABLE,
○
○
FRAGMENTATION-NEDEED, SOURCE-ROUTE-FAILED,
○
NETWORK-UNKNOWN, HOST-UNKNOWN, NETWORK-PROHIBITED,

○
○
HOST-PROHIBITED, TOS-NETWORK-UNREACHABLE,
○
TOS-HOST-UNREACHABLE,COMMUNICATION-PROHIBITED,
○
○
HOST-PRECEDENCE-VIOLATION, PRECEDENCE-CUT-OFF,SOURCE-QUENCH,
○
REDIRECT, NETWORK-REDIRECT, HOST-REDIRECT,

○
○
105
CLI Guide - Command Line Interface Complete list of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
TOS-NETWORK-REDIRECT, TOS-HOST-REDIRECT, ECHO-REQUEST,

ROUTER-ADVERTISEMENT, ROUTER-SOLICITATION,
TIME-EXCEEDED, TTL-ZERO-DURING-TRANSIT,
TTL-ZERO-DURING-REASSEMBLY, PARAMETER-PROBLEM,
IP-HEADER-BAD, REQUIRED-OPTION-MISSING, TIMESTAMP-REQUEST,
TIMESTAMP-REPLY,ADDRESS-MASK-REQUEST, ADDRESS-MASK-REPLY}
OUTPUT <Same as the INPUT chain>
FORWARD <Same as the INPUT chain>
QOS <Same as the INPUT chain, without POLICY and including
subtree below>
RULE <Rule identifier number>
MARK <numeric value>
REJET
WITH {ICMP-NET-UNREACHABLE,NET-UNREACH,ICMP-HOST-
UNREACHABLE, HOST-UNREACH,ICMP-PROTO
UNREACHABLE,PROTO-UNREACH, ICMP-PORT-
UNREACHABLE,PORT-UNREACH,ICMP-NET-PROHIBITED, NET-
PROHIB,ICMP-HOST-PROHIBITED,HOST-PROHIB,TCP-RESET}
LOG
ENABLED
LEVEL {DEBUG,INFO,NOTICE,WARNING,ERROR,CRIT,ALERT,EMERG,
PANIC}
PREFIX <string>
NO-PREFIX
TCPSEQUENCE {TRUE,FALSE}
TCPOPTIONS {TRUE,FALSE}
IPOPTIONS {TRUE,FALSE}
CHAIN <Chain identifier number>
<Same as the INPUT chain, without POLICY and including
subtree below>
NAME <User chain name>
PURGE
IP Quality of Service- QOS configuration
SET QOS <INTERFACE>

ROOT-HTB <Commands for HTB node (Set this will release all tree if root is
not already a htb node)>
ROOT-SFQ <Commands for SFQ node (Set this will release all tree if root is
not already a sfq node)>
ROOT-TBF <Commands for TBF node (Set this will release all tree if root is
not already a tbf node)> <numeric value>:[< numeric value >]
NEW-HTB <Commands for HTB node (This will create a new child node)>
NEW-SFQ <Commands for SFQ node (This will create a new child node)>
NEW-TBF <Commands for TBF node (This will create a new child node)>
HANDLE <numeric value>:[< numeric value >]
RATE <numeric value>{BPS,KBPS,MBPS,KBIT,MBIT}
BURST <numeric value>{B,KB,MB,KBIT,MBIT}
CEIL <numeric value>{BPS,KBPS,MBPS,KBIT,MBIT}
PURGE
HTB <numeric value>:[< nume ric value >] <Commands for HTBnode>
SFQ <numeric value>:[< numeric value >] <Commands for SFQ node>
TBF <numeric value>:[< numeric value >] <Commands for TBF node>
FILTER <Filter handle value>
HANDLE <numeric value>
PROTOCOL {IP,ICMP,UDP,TCP}
PURGE
106
CLI Guide - Command
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
NEW-FILTER <Commands for filter>
○
SFQ <numeric value>:[< numeric value >]
○
○
PERTURBATION <numeric value>{S,MS,US}
○
○
QUANTUM <numeric value>{B,KB,MB,KBIT,MBIT}
○
PURGE
○
FILTER <Filter handle value> <Commands for filter>
○
○
NEW-FILTER <Commands for filter>
○
TBF <numeric value>:[< numeric value >]
○
○
○
RATE <numeric value>{BPS,KBPS,MBPS,KBIT,MBIT}
○
BURST <numeric value>{B,KB,MB,KBIT,MBIT}
○
MPU <numeric value>{BPS,KBPS,MBPS,KBIT,MBIT}
○
○
PEAKRATE <numeric value>{BPS,KBPS,MBPS,KBIT,MBIT}
○
MTU <numeric value>{B,KB,MB,KBIT,MBIT}
○
TYPE {LIMIT,LATENCY}
○
○
LATENCY <numeric value>{S,MS,US}
○
LIMIT <numeric value>{B,KB,MB,KBIT,MBIT}
○
○
PURGE
○
NEW-FILTER <Comm ands for filter>
○
○
FILTER <Filter handle value> <Commands for filter>
○
○
VRRP Protocol Configuration
○
○
○
○
SET VRRP
○
STATE <MASTER, BACKUP>
○
○
VRID <integer number>
○
INTERFACE <interface name>
○
○
IP <IP address>
○
PRIORITY <integer number>
○
○
ADVERT <integer number>
○
AUTH <NONE, PASS, AH>
○
○
PREEMPT <TRUE, FALSE>
○
PASSWORD <password in hexadecimal format>
○
○
NO-PASSWORD
○
UP
○
○
DOWN
○
PURGE
○
○
○
PIM Configuration - Multicast
○
○
○
○
SET PIM
○
MODE { SPARSE | DENSE } ○
○
DEBUG { TRUE | FALSE }

○
DEFAULTPREFERENCE { integer | NONE }

○
DEFAULTMETRIC { integer | NONE }

○
○
○
○
○
○
○
RPCANDIDATE
○
TRUE
○
○
FALSE
○
BIND { interface | NONE }

○
○
PRIORITY { integer | NONE }

○
TIME { integer | NONE }

○
○
GROUP<n>
○

○
○
MASKLEN <integer>
○
PURGE
○
○
BSRCANDIDATE
○
TRUE
○
○
FALSE
○
107
CLI Guide -list
Complete Command Line Interface
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
BIND { interface | NONE }

PRIORITY { integer | NONE }
SPTTHRESHOLD
TRUE
FALSE
RATE { integer > 1000 | NONE }
REGISTERTHRESHOLD
TRUE
FALSE
RATE { integer > 1000 | NONE }
INTERVAL { integer > 5 }
PHYINT<n>
PURGE
BIND < interface >
PREFERENCE { integer | NONE }
METRIC { integer | NONE }
TTLTHRESHOLD { integer | NONE }
SCOPED { IP address | NONE }
MASKLEN < integer >
UP
DOWN
PURGE
SHOW PIM
ALL
STATS
IPACCT Configuration – IP Accounting
SET IPACCT
STATUS <UP|DOWN>
ADD
AGGREGATE <SOCKET FROM socket TO socket INTO socket>
AGGREGATE <IP ADDR ip/masklen STRIP maskbits>
USER user MODE <ADMIN|IBACKUP|DEFAULT|VIEWONLY|DENY>
MEM <amount of memory in kylobytes, valid values are 0-
1000>
TTE <time to live value>
PURGE <Interface name>
ENABLE <TRUE|FALSE> PROMISC
INPUTONLY
BPF <Berkeley Packet Filter according tcpdump man page>
ARP table configuration
SET
ARP
DEL <index arp table>
FLUSH
PPP over Ethernet (PPPoE) configuration
SET PPPOE
TYPE {CLIENT,RELAY}
INTERFACE <interface name>
DEBUG {TRUE|FALSE}
NAME <service name>
CONCENTRATOR <concentrator name>
108
CLI Guide - Command
of Commands
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
USER <username>
○
○
PASS <password>
○
MAXCO
○
○
DESIZE
○
SENT <numeric value>
○
○
RECEIVED <numeric value>
○
MRU <numeric value>
○
○
MTU <numeric value>
○
AUTH {PAP,CHAP}
○
○
PAP
○
AUTHREQ <numeric value>
○
○
○
RESTART <numeric value>
○
○
CHAP
○
MAXCHALLENGE <numeric value>
○
○
○
DIALOUT
○
○
DEMAND {TRUE,FALSE}
○
PERSIST {TRUE,FALSE}
○
○
PPDEFROUTE {TRUE,FALSE}
○
LCP
○
○
ECHOFAILURE <numeric value>
○
ECHOINTERVAL <numeric value>
○
○
MAXCONFIGURE <numeric value>
○
MAXFAILURE <numeric value>
○
MAXTERMINATE <numeric value>
○
○
○
DOWN
○
○
UP
○
PURGE
○
○
○
LoopBack interface configuration
○
○
○
SET LOOPBACK
○
○
LO: <interface number>interface number>
○
IP <IP address>
○
○
MASK <network mask>
○
RESETCOUNTERS
○
○
UP
○
DOWN
○
○
PURGE
○
○
XOT Configuration (X25 over TCP)

○
○
○
○
SET XOT
○
REMOTE_IP <IP address>

○
○
DEBUG_LEVEL {0,1,2,3}
○
ROUTES
○
○
ADD {route address}

○
DELETE
○
○
UP
○
DOWN
○
○
PURGE
○
○
○
○
○
○
○
○
○
○
○
○
○
109
• Update
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
SOFTWARE UPDATE
O perational System Update
To update the firmware of the operational system of the DT2048 SHDSL/R, execute the following
procedures:
1. Place the file with the firmware version to be installed in the directory of a TFTP server accessible by
the router (if necessary, see the chapter about installation and initial configuration). The file of the operational
system must have a .dwm extension.
2. Execute the CLI.
3. Type de command SET SYSTEM UPDATE TYPE TFTP SERVER <ip_of_tftp_server> USER <user>
PASS <password> EXECUTE. The equipment will start the firmware update process.
The update also can be performed via WebConfig, as follows:
the router (if necessary, see the chapter about installation and initial configuration). The file of the operational
system must have a .dwm extension.
2. Open a browser and type the equipment’s IP.
3. In the commands box, execute the step 3 of the system update via CLI.
The file with the latest firmware version of the product is at the Digitel’s website (http://www.digitel.com.br),
in the support section.
IMPORTANT!
In case there’s in an interruption in the power supply of the DT2048 SHDSL/R during the update
proccess of the firmware, it’s possible that the equipment doesn’t work properrly. If this happens,
proceed according to the description of chapter Operation.
Bootloader Update (SHDSL2RBoot)
In special cases and only with Digitel’s indication, it might be necessary to update the Bootloader’s
firmware of the DT2048 SHDSL/R. For this, it’s necessary to connect one terminal to the Console port of the
DT2048 SHDSL/R and execute the following procedures:
1. Turn on the DT2048 SHDSL/R and, in the DT2048 SHDSL/RBoot prompt, enter the mode test command.
If the DT2048 SHDSL/R is already turned on, execute the SET SYSTEM RESTART command in the CLI
configuration interface.
2. The following message will appear:
3. Verify the IP address configuration of the Bootloader’s TFTP server and place the file containing the
new firmware in the TFTP server, that must be reachable by the DT2048 SHDSL/R through its LAN interface. The
Bootloader’s update file must have a .boot extension
4. In the Bootloader prompt (SHDSLBoot>), type the command upboot <file name> and press enter.
5. After the update proccess (if successful), the following message will be displayed:
SHDSL2R boot correctly updated!
6. Execute the clear now command for the default values of the new bootloader to be used.
7. Execute the restart now command to validate the load of the new bootloader in the DT2048 SHDSL/R.
DT2048 SHDSL/R Test mode
110
Specifications
Update
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
9. In case it’s recommended by Digitel, the update of the system’s firmware must be also performed (see
○
items Restoring firmware version and Cleaning router’s configuration, in the Operation section). Otherwise,
○
○
press the dip-switches in the automatic mode and execute the restart now command.
○
○
○
○
○
Modem’s Firmware Update
○
○
○
○
For the update of the DT2048 SHDSL/R modem it’s necessary to execute the following procedures:
○
○
○
○
the equipment (the FTP server doesn’t need to be connected to the local net, being possible the usage of its
○
loop for the operation). The file of the modem must have a .bin extension.
○
○
2. Execute the CLI.
○
○
3. Type de command SET SYSTEM MODEM UPDATE TYPE FLASH TFTPSERVER <ip_of_tftp_server>
○
○
USER <user> PASS <password> EXECUTE. The equipment will start the firmware update process of the
○
supervisor.
○
○
4. Type de command SET SYSTEM MODEM UPDATE TYPE PROCES SOR TF TPSERVER
○
○
<ip_of_tftp_server> USER <user> PASS <password> EXECUTE. The equipment will start the firmware update
○
process of the modem.
○
○
○
The file with the latest firmware version of the product is at the Digitel’s website (http://www.digitel.com.br),
○
in the router support section.
○
○
○
○
○
IMPORTANT!
○
○
In case there’s in an interruption in the power supply of the DT2048 SHDSL/R during execution of
○
the item 5, it’s possible that the equipment doesn’t work properrly. If this happens, contact the
○
○
Digitel support.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
111
Update
Specifications
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
Model DT2048 SHDSL/R/2W/E DT2048 SHDSL/R/4W/E

DT2048 SHDSL/R/2W/S DT2048 SHDSL/R/4W/S
Speeds n x 64 kbps, with n={1,2, ..., 36} m x 256 Kbps, with m={10, 11, ....18}
Types of operation Point to point, synchronous, full duplex
Type of Line Pair of 135 ohm balanced wires
Output power Rated 14 dBm
Output impedance 135 ohms
Encoding TC-PAM
Digital Interfaces • V.35 • G.703 • Ethernet
Ethernet Port • Connectors: RJ45 UTP with crossover function
• Loops state monitoring, activity and colision in the front panel (multifunctional
leds)
• Protocol of Ethernet access according to the ISO/IEC 8802-CSMA/CD LAN
(Ethernet; 4th edition; july/93) and ANSI/IEEE Std 802.3 CSMA/CD LAN
(Ethernet; 4th edition) standards.
Clock • Internal • Recovered • External
Tests Local loops: analog and digital
Remote loop: digital
Environmental conditions Operation: 0 to 45 °C
Storage: -5 to 65 °C
Transport: -40 to 70 °C
Relative Humidity: up to 95%
Dimensões Cabinet • Height: 60 mm • Width: 260 mm
• Depth: 350 mm • Approximate weight: 1.5 kg
Modem board • Height: 177 mm • Width: 34 mm
• Depth: 326 mm • Approximate weight: 0.6 kg
Consumption 6W
Management Through Digitel’s Modem Management System (in cabinet or subrack)
Electric protection on line Through gas sparklers, discharging at 100 V/s = 300V or varistors configured
for high speed
112
Specifications
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
○
○
○
Power Supply Cabinets GB8000 H AC/DC: Full-range 93,5 to 253 VRMS, 47 to Hz
○
63 and -48 VDC (±25%). 0 to 45°C
○
○
GB8000 HT AC/DC: Full-range 93,5 to 253 VRMS, 47 to
○
○
63 Hz and -48 VDC (±25%). 0 to 65°C
○
○
Sub-racks DTSMP20H and DTSMP20HT • DTF512-20/CA = 110-127/220
○
○
VAC (±15%)
○
○
• DT512-20/CC = -48 VDC
○
(±25%)
○
○
Range Speed 2W 4W Speed 2W 4W
○
○
○
(with 0.4 mm wire, 64 kbps 6500 m - 1472 kbps 4150 m 4600 m
○
○
26 AWG) 128 kbps 6500 m - 1536 kbps 4100 m 4600 m
○
○
192 kbps 6500 m - 1600 kbps 4050 m 4550 m
○
○
256 kbps 6100 m 6500 m 1664 kbps 4000 m 4550 m
○
○
320 kbps 5750 m 6500 m 1728 kbps 3950 m 4550 m
○
○
○
384 kbps 5450 m 6500 m 1792 kbps 3950 m 4550 m
○
○
448 kbps 5250 m 6100 m 1856 kbps 3950 m 4500 m
○
○
512 kbps 5100 m 6100 m 1920 kbps 3900 m 4500 m
○
○
576 kbps 4950 m 5750 m 1984 kbps 3900 m 4500 m
○
○
640 kbps 4800 m 5750 m 2048 kbps 3900 m 4500 m
○
○
704 kbps 4650 m 5450 m 2112 kbps 3800 m 4450 m
○
○
○
768 kbps 4600 m 5450 m 2560 kbps - 4300 m
○
○
832 kbps 4550 m 5250 m 2816 kbps - 4200 m
○
○
896 kbps 4550 m 5250 m 3072 kbps - 4100 m
○
○
960 kbps 4500 m 5100 m 3328 kbps - 4000 m
○
○
1024 kbps 4500 m 5100 m 3584 kbps - 3950 m
○
○
○
1216 kbps 4350 m 4800 m 3840 kbps - 3900 m
○
○
1280 kbps 4300 m 4800 m 4096 kbps - 3900 m
○
○
1344 kbps 4250 m 4650 m 4352 kbps - 3800 m ○
○
1408 kbps 4200 m 4650 m 4608 kbps - 3800 m

○
○
Subracks • Line protection through gas sparklers

○
○
• DTSMP20-H and DTSMP20-HT supports 20 DT2048 SHDSL boards, with a

○
○
DTF512-20/CA-CC supply
○
○
• The DTSMP20-HT allows for the operation of the DT2048 SHDSL/S/H and
○
○
DT2048 SHDSL/E/H at temperatures of up to 65°C

○
○
Telebrás Practice 225-540-780 (modem board definition)

○
○
225-540-781 (Standard management)

○
○
ITU Norms T G.991.2 G.991.2

○
○
T G.703 G.703
○
○
○
Q.922, Annex A Core Aspects of Q.922 for Use with Frame Relaying
○
○
Bearer Service, ITU, 1992

○
○
Q.933 revised, Additional Procedures for PVCs Using

○
○
Annex A Unnumbered information Frames, ITU, 1995

○
○
113
Update
Specifications
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
T1.617, Annex D Additional Procedures for PVCs Using

Unnumbered Information Frames, ANSI, 1991
T1.617a, Annex F Multiprotocol Encapsulation over Frame Relay, ANSI, 1994
T1.618 – ISDN Core Aspects of Frame Protocol for Use with Frame Relay Bearer
Service, ANSI,
V.35 (Red Book) V.35 (1998) Data transmission at 48 kbps using 60- 108 kHz
group band circuits
IETF RFC Tittle
(Internet 0768 User Datagram Protocol
Engineering 0783 TFTP Protocol (revision 2)
Task Force) 0791 Internet Protocol
0792 Internet Control Message Protocol
0793 Transmission Control Protocol
0815 IP datagram reassembly algorithms
0826 Address Resolution Protocol
0854 Telnet Protocol Specification
0861 Telnet Extended Options - List Options
0894 Standard for the transmission of IP datagrams over Ethernet
networks
0894 Internet Protocol on Ethernet Networks
0919 IP Broadcast Datagrams
0922 IP Broadcast Datagrams with Subnets
0950 IP Subnets Extension
0959 File Transfer Protocol
1034 Domain Names - Concepts and Facilities
1035 Domain Names - Implementation and Specification
1058 RIP - Routing Information Protocol
1122 Requeriments for Internet host - communication layers
1123 Requeriments for Internet host - Application and Support
1144 Compressing TCP/IP Headers
1155 Structure of Management Information
1156 Management Infomation Base-l
1157 Simple Network Management Protocol
1166 Internet numbers
1213 Management Information Base-II
1215 Defining traps for use with SNMP
1254 Gateway Congestion Control
Survey/Stochastic Fairness Queuening
1321 The MD5 Message - Digest Algorithm
1332 PPP IP Control Protocol
1334 PPP Autentication Protocol
1350 Trivial File Transfer Protocol rev.2
114
Specifications
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
○
1356 Multiprotocol Interconnect over X.25 and
○
○
ISDN in the Packet Mode
○
○
1490 Multiprotocol Interconnect over Frame Relay, IETF
○
○
1492 Access Control Protocol
○
○
1613 X.25 over TCP
○
○
○
1631 The IP Network Address Translator
○
○
1634 Novel IPX over Various WAN Media (IPX WAN)
○
○
1638 PPP Bridging Control Protocol
○
○
1643 Definitions of Managed Object for the Ethernet - Like Interfaces Type
○
○
1661 Point-to-Point (PPP)
○
○
○
1662 PPP in HDLC Framing
○
○
1700 Assigned Numbers
○
○
1902 SNMPv2
○
○
1918 Address Allocation for Private Internets
○
○
1994 PPP Challenge Handshake
○
○
2082 RIP-2 MD5 Authentication
○
○
○
2119 Key words for use in RFCs to Indicate Requirement Levels
○
○
2131 Dynamic Host Configuration Protocol
○
○
2139 Radius Accounting
○
○
2328 Open Shortest Path First
○
○
2338 Virtual Routing Redundancy Protocol
○
○
○
2367 PF_KEY Key Management API, Version 2
○
○
2370 The OSPF Opaque LSA Option
○
○
2390 Inverse Address Resolution Protocol
○
○
2393 IP Payload Compression Protocol (IPComp)
○
○
2401 Security Architecture for the Internet Protocol
○
○
2402 IP Authentication Header
○
○
○
2403 The Use of HMAC-MD5-96 within ESP and AH
○
○
2404 The Use of HMAC-SHA1-96 within ESP and AH

○
○
2405 The ESP DES-CBC Cipher Algorithm With Explicit IV

○
○
2406 IP Encapsulation Security Payload (ESP)

○
○
2407 The Internet IP Security

○
○
○
Domain of Interpretation for ISAKMP

○
○
2408 Interner Security Association and Key

○
○
Management Protocol (ISAKMP)

○
○
2409 The Internet Key Exchange (IKE)

○
○
2412 The OAKLEY Key Determination Protocol

○
○
2420 The PPP Triple-DES Encryption Protocol

○
○
○
2437 PKCS#1: RSA Cryptography Specifications Version 2.0

○
○
2451 The ESP CBC - Mode Cipher Algorithms

○
○
2453 Routing Information Protocol version 2

○
○
○
115
Update
Specifications
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
2475 Architectore for Differentiated Services/Token

Bucket Filter
2475 Architecture for Differentiated
Services/Hierarquical Token Bucket,
Traffic Conditioner - Shaper
2475 Architectore for Differentiated
Services/Generalized Random Early
Detection/Discard, Traffic Conditioner - Dropper
2537 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)
3101 The OSPF Not-So-Stubby Area (NSSA) Option
3110 RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)
3526 More Modular Exponential (MODP) Diffie-Hellman groups for Internet
Key Exchange (IKE)
3706 A Trafic-Based Method of Detection Dead
Internet Key Exchange (IKE) Peer
3947 Negotiation of Nat - Traversal in the IKE
ANSI/IEEE Reference Tittle
802.3 CSMA/CD LAN (Ethernet) fourth edition
802.1 D Transparent Bridge
802.1 Q VLAN
116
• Warranty and Technical Support
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
○
○
During the period covered by this warranty (specified in your invoice), Digitel bears responsibility for the
○
○
proper functioning of your equipment, in accordance with the characteristics and specifications described
○
in the product installation and operation manual. If you detect a problem, contact our Technical Support
○
○
Center and describe the defect you have detected.
○
○
○
This warranty covers repair and substitution of parts and components at no cost for the customer when
○
carried out by Digitel Technical Support Centers. This warranty does not cover defects resulting from other
○
○
equipment connections to this product or improper use of the equipment inasmuch as the instructions in this
○
manual are not properly followed or the repairs performed at shops other than those accredited by Digitel.
○
○
○
This warranty is “Factory Warranty” and does not cover field repairs. Digitel will NOT pay charges incurred for
○
receiving or returning the equipment to the customer.
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Porto Alegre
○
○
○
DIGITEL S.A. INDÚSTRIA ELETRÔNICA

○
○

○
○
Navegantes
○
CEP 90230-181 Porto Alegre, RS

○
○
Tel.: 55 51 3337-1999
○
○
Fax: 55 51 3337-1923
○
CNPJ: 89.547.269/0001-04
○
○
Inscrição Estadual: 0960602577

○
○
○
○
○
○
117
2009 - DIGITEL S.A. INDÚSTRIA ELETRÔNICA
Bairro: Navegantes
CEP 90230-181 Porto Alegre/RS Brasil
Tel.: 55 51 3337.1999
Fax: 55 51 3337.1923

Installation and Operation Manual DT2048 SHDSL/R 2W DT2048 SHDSL/R 4W

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Installation and Operation Manual DT2048 SHDSL/R 2W DT2048 SHDSL/R 4W

Uploaded by

Copyright:

Available Formats

INSTALLATION AND OPERATION MANUAL

Specifying inverted logic .................................................................................................................................................................. 83

Specifying fragments ........................................................................................................................................................................ 83

Configuration parameters ................................................................................................................................................................. 84

AUTHENTICATION SYSTEMS ........................................................................................................................................................ 86

INTERFACE STATISTICS ....................................................................................................................................................................... 88

WAN (all protocolo - HDLC interface) ............................................................................................................................................ 88

WAN (HDLC protocol - Cisco) ......................................................................................................................................................... 89

WAN (FRAME RELAY protocol - HDLC interface) ........................................................................................................................ 89

WAN (FRAME RELAY protocol - PVC interface) ........................................................................................................................... 89

WAN (X25 protocol - HDLC interface) ............................................................................................................................................ 89

LAN (all protocols - ETH interface) ................................................................................................................................................. 90

Priority (Level) .................................................................................................................................................................................... 92

VRRP (VIRTUAL ROUTER REDUNDANCY PROTOCOL) ................................................................................................................... 92

- Modem in modes Ethernet-G.703, V.35, G.703 or VG;

- Modem in automatic velocity (NTU);

- LTU or NTU operating modes;

- Line backup function;

- Frane Relay Protocol, in the modes ANSI, ITU or without LMI;

- Dynamic and static routing (RIP, RIP2 or OSPF);

- Possibility to configure many IP addresses per LAN interface;

- DHCP server for IP address and default gateway supply;

- DHCP Relay for applications with a centralized DHCP server;

- IP address sharing through NAT;

- PPTP, L2TP and GRE protocols for tunneling (VPN);

- Configuration via Console, Telnet and SSHv2;

- Support to SNMP management;

- Download/upload of routing configuration files;

- Software update via TFTP (router) or FTP (router or modem);

- Log of internal nets events or destinated to external elements of the net.

DT2048 SHDSL/R Board

The programation parameters via straps are the following:

Interface S3(G.703) S5(V.35 or V

IMPEDANCE SELECTION FOR G.703

SHDSL: BOARD CONFIGURATION Modem: Local NTU

Parameter Current Configuration

[1] Mode: Automatic Backup

Modem Configuration in VG mode

INTERFACE G.703 CONFIGURATION

SHDSL: MODEM CONFIGURATION Modem: Local NTU

Parameter Current Configuration

[R] Cancel Changes

INTERFACE V.35 CONFIGURATION

SHDSL: MODEM CONFIGURATION Modem: Local NTU

[R] Cancel Changes

Digital Interface Lines Maximum Rate in V.35

Single interface backup mode 2304 Kbps 2048 Kbps

Single interface 4 wires mode 4608 Kbps 2048 Kbps

VG backup mode V.35 + G.703**

VG * 4 wires mode 2048 kbps 2048 Kbps

* There are restrictions only for VG mode operating with 2 wires

**V. 35+G.703 must be less than 2304 Kbps

a) DTE A supplies synchronicity (normal application with central office)

value is supplied in minutes.

ment was turned on, or since the last time the

counters were reset .

chronicity word since it was synchronized or sin-

ce the last time the counters were reset

which line has data flow

The following figure presents an example of the G.SHDSL screen.

SHDSL: STATUS Modem: Local LTU

[A] Refresh Screen

SHDSL: G.703 STATUS Modem: Local LTU