InfiNet Wireless. OS WANFleX User Manual
Contents
1. H323 LOGIN ALIAS IWPhone V Pupkin 101 232 eth e Geote 3 H323 GK ID lt not supplied gt Here the list of client s supplied options consists of records strings which contain a number lt N gt of a supplied option a map of server s divisions from which this option was supplied to a client if was supplied name of the option and its value If a requested option was not defined in any of server s divisions it is displayed as lt not supplied gt in the list On the map the divisions are displayed using the following indication 1 SR scope reservation division 2 IR interface reservation division 3 S scope reservation 4 client s interface division 5 SV server s division Moreover the options which were requested by clients and supplied to them but which were not defined in any division e g Subnet Mask are marked as DF Creating User Defined Options Besides standard well known DHCP Server options one can create his own ones using the following commana dhcpd useroption lt NAME gt code lt CODE gt type lt TYPE gt The NAME and the CODE of the created option should be unique from the standard and previously created user defined DHCP options The TYPE of the option can be of the following values n8 8 bit integer n16 2 bytes integer n32 4 bytes integer ip IP address ipp IP address pairs classful routes clr classless routes in the following format A B C D M gt R R R R2. RF1 dETH Node4_1 RF2 ne Node1_2 Node3 Node6 In this example we have joined several distributed possibly even geographically distributed network segments Combining joins for different radio interfaces and pseudo radio interfaces the network will obtain a good number of alternative paths in any direction thus providing with the best delivery quality and less bottlenecks Important f several interfaces are used with join function when configuring switch groups only one of those joined interfaces should be mentioned in switch group configuration mint join rf4 0 rf4 1 switch group 1 add eth rf4 0 Nodes authentication Setting the secret key mint IFNAME key SECRETKEY This command sets the secret key for the current node See different authentication modes descriptions below to learn how it is being used The key can be up to 64 characters long and should not contain spaces or should be put in quotes mint IFNAME authmode public static remote The command sets the type of nodes authentication There are three types of nodes authentication available public all nodes have the same key password for access The simplest case of authentication It can be used for small workgroups point to point connections mass public access networks and for MINT architecture testing purposes Any two nodes of the network can esta
3. Total flow samples Number of grouped records delivered from flow records Overflow records Number of records in Instance for all cases when Instance overflowed earlier then interval period had ended Overflow count Number of times when Instance overflowed earlier then interval period had ended Total cycles Overall number of gathering statistics success cycles Total datagrams Overall number of sent datagrams Unused datagrams Number of datagrams that could be created in compliance with datagrams parameter but was not used Copyright 2004 2012 by InfiNet Wireless 19 InfiNet Wireless WANFleX OS User Manual Bytes sent Overall number of transmitted data by Sflow protocol Lost flow samples Number of flow samples that were discarded because of maxpacket interval and datagrams parameters low values Lost flow records Number of flow records that were discarded because of maxpacket interval and datagrams parameters low values Lost overflow Number of times when Instance overflowed earlier records then interval period had ended and data were lost sflow cl earstat name clears statistics for a component if name parameter is not specified then ipstat component will be used sflow collector lPaddress port sets address of a collector that process sflow packets Default port is 6343 sflow agent I Paddress sets agent s own address device
4. maxrate XX lip X X X X tip X X X X mask X X X X lgw X X X X tgw X X X X none Icost XX tcost XX setpri addpri NN 1 disable enable delete This set of parameters defines the nodes with which a node can work with The following parameters can be specified mac This parameter is mandatory X X X X X X is a MAC address of the node with which a connection can be established key Unique unit s key key word or phrase up to 64 characters long if contains spaces should be put into quotes Used in authentication procedures The same key should be specified in the settings of the connecting unit mint FNAME key lip Local IP address This address will be assigned to this unit when the connection with a remote is established tip and mask Target P address and mask This address will be assigned to the remote side when a connection is established The mask is applied to both Local IP and Target IP If mask is not specified these addresses will not be used igw Local gateway IP address will be assigned to the local node once connection is established tgw Target gateway IP address will be assigned to the remote node once connection is established None option forbids providing information about default gateway that is set by addnode defgw command to the remote node Icost Local cost of the connection to this neighbor from current node If not specifi
5. To perform the invert filtering i e find non matching lines v or invert match option is used To find and display only those lines that matches only the whole world w or line x the corresponding options are used To count the number of the result lines matching or non matching if used together with v option c option is used Result lines themselves are not displayed The m option m NUM stops search after the specified number of matching lines All the command output lines are index numbered starting from 1 To show the matching lines with their index numbers n option is used The A NUM B NUM and C NUM options are used to print the specified number NUM of nearby lines after before or after and before the matching lines correspondingly When using these options each matching line in the grep output will be printed together with the specified number of the nearby lines separated from other matching entries with a special line Copyright 2004 2012 by InfiNet Wireless 28 InfiNet Wireless WANFleX OS User Manual 111 Layer 2 commands set PHY and MAC 1 Rfconfig command Radio interface configuration The command is used to configure a radio module Syntax rf interface parameters Interface rf5 0 parameters band XXX bandwidth MHz double 40 full 20 half 10 quarter 5 grid BG frequency grid lt bw gt freq1 freq2 step clear freq XXX central frequency MHz b
6. WORD in out name of a filtering prefix list with direction specification in import out export Filters can be configured for all areas to which ABR is connected except for the backbone area Links aggregation Advertising suppression For every area to which OSPF router is connected there is a list of address ranges for link aggregation before sending a summary LSA to the backbone area Aggregated links are checked to belong to one of the address ranges If several links belong to one address range ABR makes an advertisement to the backbone or to other areas of only one single link with destination equal to the address range and a metric equal to the maximal metric of all the links or equal to the specified for this range value It is possible to announce that some range is a blocking one and then advertising of the links which belong to this range will be blocked When advertising an aggregated backbone link to other non backbone Copyright 2004 2012 by InfiNet Wireless 138 InfiNet Wireless WANFleX OS User Manual areas the aggregation will not be performed if the area to which backbone links are advertised is a transit area it has virtual links The list of addresses ranges for the area consists of the records that consist of the following fields B Range of addresses R B Flag of advertisement suppression not advertise B The metric of an aggregated link C B Advertised link Rs If non advertis
7. sflow maxpacket size sets maximum size of a Sflow packet in bytes 1472 bytes by default Upper bound is limited by hardware and operational system capabilities In case of its exceeding packet size will be decreased to acceptable value sflow interval number time in seconds equal to interval with which statistics is delivered from instance Increasing of this parameter leads to increasing in overall system efficiency but in case of unexpected network activity splash data could be lost 15 seconds by default sflow datagrams number maximum number of datagrams between times of receiving statistics from instance The increase of this parameter leads to the decrease in datagram average size and increases in theoretical number of delivered statistics data Reduces the load on the CPU but in the same time reduces overall system efficiency However reducing of system efficiency doesn t happen with low traffic It is recommended to increase this parameter when decreasing maxpacket parameter and or when increasing interval parameter 100 by default Maximum flow sflow datagrams interval maxpacket Bytes sec sflow rawheader on off sends original ipV4 headers in spite of statistics data off by default Used for compliance with traffic monitoring programs Sflow debug on off puts statistics information to log Example ipstat enable full detail 3000 starting the process of gathering statistics sflow add ipstat a
8. Description The IP statistics gathering module provides for collecting information on data flows traversing the router for further analysis and or for accounting Information is accumulated in the router s RAM memory as a series of records having three fields source address destination address number of bytes transferred By default only outgoing packets are counted at the moment they are sent to a physical interface One record takes 12 bytes The maximum number of records is specified by the SLOTS numeric parameter of an ipstat enable SLOTS command it shall not exceed the size of memory available By default the number of records is 1000 typically it s sufficient for recording 15 to 20 minutes of operation of a client unit Accumulated information is displayed on the current terminal or rsh session using the following commands e ipstat enable incoming outgoing full detail SLOTS disable enables disables ip statistics gathering It can allow gathering only incoming outgoing or full both data flows Detail option switch on detailed ip statistics gathering including ports and protocols information SLOTS option allows setting the maximum number of rows in the ipstat table e ipstat clear clear accumulated statistical info If the record table in the router memory overflows or if there is not enough memory currently available an appropriate warning is written into the system log and further statisti
9. Show associated stations list Copyright 2004 2012 by InfiNet Wireless 97 InfiNet Wireless WANFleX OS User Manual Description d For Wi Fi AP activation use ifc wifiO up command uname lt string gt sets NAS identifier of the device used in Radius authentification process ssid lt string gt sets Service Set Identity name of Wi Fi network where string Service Set Identity name freq lt frequency gt sets AP frequency in MHz Use wifi IFNANE cap command to view a list of supported frequencies power lt power gt sets AP output in mW Use wifi IFNANE cap command to view a list of supported values antenna lt antenna gt allow to choose active antenna for Wi Fi AP operation In the diversity mode device will choose what antenna to use for each client automatically regarding link quality only for devices with 2 antennas Use li show command to view a list of supported antenna types auth lt type gt sets clients authentification type for connection to AP Use wifi IFNANE cap command to view a list of supported authentification types pass lt key gt sets clients authentification password key for connection to AP Key parameter format ascii hex lt string gt where ascii hex options defines the format of the password key and lt key gt parameter password key wpa encrypt lt type gt sets traffic encryption type between client and AP when using WPA authentification Use
10. Total number of Sagad Kbits sec received and transmitted Current number of Kbits received Same statistics for transmission Total number of Average number packets sec received of Kbits received and transmitted Maximal number Pin of Kbits received Number of packets sec received 11 Bpf command Berkeley Packet Filter The command enables packet capturing regime Berkeley Packet Filter Syntax bpf ifname P_addr port bpf ifname bpf f pcap filter expression Description The packet capturing regime which is enabled by the first of the above commands and disabled by the second allows for replicating entire information flow through any of the system interface and forwarding the replica to a remote workstation for subsequent analysis and check The filter does not interfere with normal operation of the router Because of limited memory capacity and CPU speed the router software is not capable itself of sorting and analyzing data flows The bpf command helps to perform thorough analysis on any network workstation even in real time and with the help of more powerful analysis tools e g tcpdump utility Each packet of the data flow through the specified interface together with its MAC header is sent using the UDP protocol to a remote workstation at the specified address and port Parameters are as follows e ifname the name of the interface delivering the stream to be analyzed Copyright O 2004 2012 by
11. addresses aliases that includes starting and ending IP addresses of the scope e START_IP and END_IP starting and ending P addresses of the scope correspondingly When attaching to network interface it is checked if a range of this scope does not intersect and is not included within another scope that might be attached to this interface When IP addresses are assigned to clients only those scopes can be used which are connected to the same network interface as a client In any case if a scope cannot be attached it is not deleted To create dynamic scope you can use the following command dhcpd add dscope lt SCOPE_NAME gt lt INTERFACE gt lt START_IP gt lt END_IP gt Copyright 2004 2012 by InfiNet Wireless 177 InfiNet Wireless WANFleX OS User Manual Example 2 gt dhcpd add scope MSOFT eth0 192 168 177 20 192 168 177 22 ethO lt 192 168 177 12 gt MSOFT 192 168 177 20 192 168 177 22 Scope attached OK In the example we created a scope with MSOFT as a name and for suitable interface etho 2 gt dhcpd add scope new 10 12 12 30 10 12 12 50 WRN Scope created but not attached Here a scope with mew name was created to be attached to any suitable interface A scope was successfully created but could not find a suitable interface to be attached to In order to change a range of addresses of existing scope one can use the following command Syntax dhcpd scope lt SCOPE_NAME gt set rang
12. e Frame Relay Example sppp ppp0 enable mode cisco fconfig ppp0 10 0 0 1 10 0 0 2 up where 10 0 0 1 address of own PPP interface 10 0 0 2 remote side interface address Options mode Operation mode cisco ppp fr e keepalive Used along with cisco and ppp modes Value range on off Enables disables line state testing on the remote interface using control packets with 10 sec period Makes sense only in cisco and ppp mode Example sppp ppp0 enable mode cisco keepalive on sppp ppp0 keepalive off sppp ppp0 keepalive on PPP mode authorization options The below options are used only in ppp mode for selection of authentification protocol and setting of its parameters e proto Sets authentification protocol for both peers myproto hisproto Allowed values none pap chap o none disable authentification protocol o pap Password Authentification Protocol Copyright O 2004 2012 by InfiNet Wireless 73 WANFleX OS User Manual o Chap Challenge Handshake Authentification Protocol RFC 1994 with preliminary challenge coordination InfiNet Wireless e myproto The same as proto but only in case when far end requires authentification e hisproto The same as proto but only in case when near end requires authentification e myname Sets username for authentification protocol chap pap e mysecret Sets password for authentification phase for near end e hissecret Sets password for authentificatio
13. mint vers Copyright 2004 2012 by InfiNet Wireless 36 InfiNet Wireless WANFleX OS User Manual General commands description Setting the node type Syntax mint IFNAME type mesh master slave The command sets the type of node Three node types are available e MASTER Master can establish connections with all other types of nodes He is able to form a network of any topology with other masters or with nodes of mesh type On master node a marker access polling can be enabled Only one master in a network segment can have this option enabled by means of which forming a star topology segment point to multipoint With this all other nodes break their connections with their respective neighbors with exception of connections formed by join This type of nodes is usually used for static networks with no or small number of nomadic or mobile clients e MESH This type of node can be a part of a network with any topology Establishes connections with master and mesh nodes The difference between master and mesh is that master nodes will try avoid sending traffic of core transport network master master through mesh nodes by setting the cost of master mesh connection from master side higher meshextracost parameter Thus mesh type of nodes can be used on mobile units where connection s parameters might change quickly in time Mesh nodes can work in a marker access node with master node being a polling mas
14. 2 Neighbors 00020 Node3 000000000003 Cost 40 1 0 24 27 lt 36 36 gt mesh 00030 Node1_1 000000000011 Cost 3 1 O 0 0 lt 0 0 gt join As you can see from the example each interface shows two neighbors n reality the exchange of data between interfaces does not involve their physical activity energetic parameters of the connection signal levels and data rates are not shown zero And this kind of connection has a constant and a very low cost In order to disjoin interfaces to make them independent the following command is used mint disjoin Pseudo radio interface prf MINT protocol can work not only via radio but via wired Ethernet interface prf pseudo radio interface is used for this purpose This interface can be attached to the physical interface like it s done with vlanX interfaces prf 0 parent eth0 ifconfig prf0 up Please find more information on prf interface in prf command description Such pseudo radio interface can be configured as a MINT network node and even can be joined with other interfaces From MINT protocol point of view this Copyright 2004 2012 by InfiNet Wireless 46 InfiNet Wireless WANFleX OS User Manual pseudo interface will look like a usual radio interface through which a node can find neighbor and establish a connection with it mint prf0 start mint join rf4 0 rf4 1 prf0 PRFO 4 FREQ Node2 Node1_3 A Node5 bh
15. N B A B C D M a parameter is set in a format P address subnet mask length Example 192 168 0 0 24 B IFNAME name of a physical network interface Example ethO If a parameter can be written in different formats it will be displayed in round brackets the options are separated by character Example A B C D lt 0 4294967295 gt If a parameter is optional it is put into square brackets Any command may contain no prefix Having this prefix in the command means deleting a corresponding parameter from the configuration Start stop of OSPF Start of OSPF router is executed by the following command ospf start In order to stop OSPF execute the following command in config mode stop daemon clear Example gt ospf OSPF gt configure OSPF config stop daemon If stop command is executed with clear parameter the router will clear its part of the system configuration prior to quitting CS Router identifier Every OSPF router has a unique identifier Identifier is a 32 bit integer In order to assign an identifier execute the following command in config router mode router id A B C D Example OSPF gt configure OSPF config router OSPF config router ospf router id 195 38 45 107 OSPF config router If identifier was not set by administrator the router will automatically assign an identifier which equals to a maximal by value IP address from all P addresses participating in
16. Radio interfaces rfX X states are not saved in the configuration after rebooting all radio interfaces of the unit are in the up state Examples ifconfig ethO up ifconfig ethO 1 1 1 1 24 up ifconfig rf5 0 down mtu N sets the desirable MTU Maximum Transfer Unit size of the packet for the interface in bytes The allowed range is from 72 to 1580 Default value is 1500 Usually the value of this parameter does not need to be changed but in some cases decreasing the MTU value facilitates improving the work condition for a client with very low signal In addition it can be used to vary parameters of the tunnel interfaces A MTU paramater makes sense only on Layer 3 level in routing mode Media parameter allows specifying physical Ethernet interface 10 100 1000 type Allowed MediaType values model dependent Copyright 2004 2012 by InfiNet Wireless 103 InfiNet Wireless WANFleX OS User Manual 1000BaseFX fullduplex 1000BaseFX halfduplex 1000BaseT X fullduplex 1000BaseTX halfduplex 100BaseTX fullduplex 100BaseTX halfduplex 10BaseT fullduplex 10BaseT halfduplex auto By default auto For vlanX VLAN IEEE 802 1q configuration one should use vlan and vlandev options in ifconfig command Vian parameter sets VLAN tag for the current interface 1 4094 Viandev parameter creates a connection with a physical interface which serves the media eth0 in this case Example ifconfig vlan1 1 1 1 1 24 vlan 5 v
17. adds to the set of incoming filters a reject filter which will discard all packets with source address 192 168 5 3 and destination address 192 168 11 7 For better understanding of how filtering mechanism works it is necessary to read how filters are defined and how filters are used list show reset rearrange N flush quiet quiet del num mov num1 num2 add out NUM IFNAME rules Copyright 2004 2012 by InfiNet Wireless 149 InfiNet Wireless WANFleX OS User Manual rules setpri addpri N accept reject rpfilter pass log vlan N any ACL dotlp N swg N ether X any dscp N tos N prf f pcap filter expression PROTO from not ADDR PORTs to not ADDR PORTs PROTO all tcp udp icmp arp proto NUMBER ADDR IP LOCAL ROUTE ACL mac x x x x x x PORTS NUM NUM NUM Description ipfw list The set of currently defined filters is displayed on the operator terminal ipfw show reset This command shows ipfw rules resets ipfw rules counters ipfw flush All currently defined filters in both the incoming and outgoing filter sets are removed Filtering is disabled ipfw add num ipfw addout num These two commands are used to add a filter to the incoming and outgoing filter sets respectively The add keyword is followed by a filter definition The optional num parameter may be used to explicitly specify the number of the new filte
18. be set in a traditional numeric format nn nn nn nn An optional mask can be set either as mask length in bits or as a numeric value in nnn nnn nnn nnn format Possible formats for address information are the following nn nn nn nn nn nn nn AN XXX XXX XXX XXX nn nn nn nn NN Using semicolon means that the mask is set in a numeric address format Slash symbol means that mask is set as a length in bit number of first bits which are set as 1 others are set as 0 Example 192 168 9 0 24 sets the network address 192 168 9 0 with 24 bits mask length Second option 192 168 9 0 255 255 255 0 0 0 means all possible P addresses If you need to create a filter which is applied to several network addresses or groups it is more convenient to group all those addresses in one corresponding access list and specify the list name as an IP address S ACLRULE There are several predefined dynamic ACL lists which cannot be built in any other way LOCAL list includes all local addresses owned by the router This list can be used for a convenient filter description which allow or restrict the access to the device Copyright O 2004 2012 by InfiNet Wireless 153 InfiNet Wireless WANFleX OS User Manual ipfw add accept all from 0 0 to LOCAL ROUTE list contains system routes table excluding default route When an address matches this list it means that this address has some specific route and default route wi
19. cece reer terre eeeee ead 58 A O A A CR 59 Link Aggregation lag COMMANdO occoooococccnnnconccnnnnconcnnnninnnononnnncnnnnnnrrnnnnncrrnannnrrnnnnnnnnn 60 Ltest radio Ink sata oh eian sa hetes oa olan si dane oo eine sadness aoe 61 Muffer command Environment analyZer ccccccsccccssseeseeeeeeeeeesueeeeseeeeseeeeeseeetsneeeenenenea 66 Review MOE A Be coed ea a ee eee 66 SID MOJE csi ti is ete ro dt Da osa hdd 67 MAC MAC2 MAC3 MYNET MOS oocccccccccnnncioocccccnnnnnnnoninonccnnnnonnnnncncnnncnnnononnnniannnccnnnnnnnns 67 SCAN MO eras eaa a AA Eaa EAA asi getbe aaa eesbe cased DRAA ENA ETEA 68 Statistics modules cad taa 69 Spectrum Analyzer Mode saisin aaaea a i a eee alee 70 Macf command addresses mapping occoccococccnnncocccnnnnconnnnnnincnanoninononnnnrnnnnnnnannnnnncancnnns 71 SPPP COMMAND OE A SE AA ARa 73 Arp command ARP protocol cccccececeecccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeseesaeeeeseseesnseeeaeeesaeeeenegss 74 Switch comman dms erna a a dees aro a E ar debes sa 75 Wildcard AM ies ho a OA A I A A 77 List configuration COMMANAS vei 2 seeds cede edd elds E etiaeeberenty 78 Groups configuration COMMANAS cer nieeer iad 79 Rules configuration COMMANA S si carita ti a Handa tena APTANA ATATEN 87 Control COMMANAS aenean anaia eee eee Oti 88 Sample configuration rsono aa a A A 92 CES COMMANG i a c eatin vehi oeed aia 93 WIFI Wi FLAPCONTIQUTATION xiii A A 3 a vein 97 Dfs Dynamic Frequency Sel
20. deny permit Control commands Syntax switch keeptag on off switch resynchronize switch trace off on verbose filter pcap expr switch stptrace off on switch stpblock off on switch dump WILDCARD MACADDRESS switch local tag TAG switch igmp snooping dump detail switch igmp snooping Imot Value switch igmp snooping gmi Value switch igmp snooping static add MCAST F_NAME MAC switch igmp snooping static del MCAST IF_NAME MAC Copyright 2004 2012 by InfiNet Wireless 88 InfiNet Wireless WANFleX OS User Manual switch igmp snooping srcip IP switch igmp snooping querier group N source X mcast X Y vlan N start stop clear switch start stop restart destroy dead interval DEAD_INTERVAL strict admin on off switch statistics clear help D switch maxsources MAXSOURCES 0 switch resynchronize Forces to reload lists which had an external file as a source switch trace off on verbose filter pcap expr Disables off enables on logging the service information into the system log Verbose option enables more detailed information to be written into the system log Filter pcap expr option enables tracing how packets of the given type are being processed by the switch Example sw trace filter ether host 00 11 22 33 44 55 sw trace filter net 1 2 3 0 24 sw trace off disables the filter action switch stptrace off on D
21. dump switch group ID stp priority PRIO default 32768 step 4096 switch group ID stp forwarddelay DELAY default 15 sec switch group ID stp maxage TIME default 20 sec switch group ID stp port IFNAME priority PRIO default 128 step 16 switch group ID stp port IFNAME cost COST default 200000 RSTP 65535 STP switch group ID igmp snooping off on switch group ID order N switch group ID setpri addpri prio deny permit showrules showblack switch group ID dump interface WILDCARD dbdelete MACADDRESS start stop remove switch group ID in trunk I D 0 switch admin group ID 0 switch group ID add del FNAME TAG 0 The command adds or deletes specified interfaces to from the switching group ID numeric switching group identifier 1 4095 add del these commands add delete specified interfaces to from the switching group If add keyword is used and there is no switching group with 1D identifier it will be automatically created I FNAME network interface name which should be added or deleted from the switching group TAG This option allows different manipulations with VLAN tags of the packet when the packet is sent through this interface The following options are available O TAG is specified for the interfaces and its value is gt 0 That means that any packet forwarded to the interface by the switch will be tagged with a VLAN tag TAG I
22. log Example mint rf5 0 log detail This command will turn full logging on MINT protocol version Syntax mint vers The command shows current version of MINT protocol Joining interfaces Syntax mint join FACE1 IFACE2 Among all of exiting features of MINT architecture one can mention join capability which allows joining several interfaces of one unit into one mesh network Some units can have two or more radio interfaces of different types Each of these interfaces may act as an independent MINT network node However the nodes from different networks will not be able to connect to each other as radio interface parameters will be different frequencies modulations or other parameters and other limitations authentication parameters secret keys etc will take place JOIN function allows for two or more radio interfaces of one unit to interconnect with each other as if they are two nodes of one network Copyright 2004 2012 by InfiNet Wireless 45 InfiNet Wireless WANFleX OS User Manual 4 FREQ _ Node2 RFA ae od Node1_1 lt ETH RF2 Node1_2 Node3 mint join rf4 0 rf4 1 mint map Interface rf4 0 node 000000000011 Node1_1 id 11 mesh 2 Neighbors 00020 Node2 000000000002 Cost 40 1 0 24 27 lt 36 36 gt mesh 00012 Nodel_2 000000000012 Cost 3 1 O0 0 0 lt 0 0 gt join Interface rf4 1 node 000000000012 Nodel_2 id 12 mesh
23. options Thus if during the lease some of the options were changed in the server or division to which this client was applied the client will learn it in the moment of lease prolongation If after lease expiration the client does not confirm it the scope cancels the lease If the client is not a scope reservation client the scope will mark the IP address of this lease as conditionally free On scope state output dhcpd show scope this state will be marked as lt OBIND gt Thus with other addresses available for lease the scope will not give lt OBIND gt addresses for new clients If during 24 hours from the moment of lease expiration the client will request for a lease again the server will give him the same IP address 1 gt dhcpd show scope MSOFT gt SCOPES MSOFT 192 168 177 20 192 168 177 22 eth0 ATTACHED eth0 lt 192 168 177 12 gt 255 255 255 0 lt CLIENT CLASS IDs gt IW_BRI_GATEWAY MSFT 5 0 lt CLIENT gt 1D 01 00 C0 DF 10 AF 69 MSFT 5 0 wad 192 168 177 20 lt BOUND gt since 01 01 2003 01 01 14 lt O_BIND gt D 01 00 0F EA 05 29 C6 MSFT 5 0 win2k3sbs 192 168 177 21 lt OBIND gt lt FREE RANGE gt 192 168 177 22 192 168 177 22 1 OK At the same time the scope writes down the parameters of expired lease into a special database boundhistory 1 gt dhcpd interface ethO show boundhistory eth0 gt BOUND_HISTORY 1 MSOFT 1D 01 00 0F EA 05 29 C6 BOUND 192 168 177 21 unt
24. seconds milliseconds back from the current time o Clear clear the system log Copyright 2004 2012 by InfiNet Wireless 6 InfiNet Wireless WANFleX OS User Manual o nolJfilter this option removes neighboring identical lines from system log leaving only one copy of each message and counts their recurrence enabled by default system factorypassword single otp Each unit has its unique factory access password that can be obtained via the tech support Once obtained this password stays the same for each factory login attempt Setting the unit to otp mode tells it to ask for a new password each time the factory login is given the unit will provide different sequences that should be submitted to the tech support in order to obtain a new password Whenever the unit is set to single mode again its unique factory access password is restored system icmplimit XX This command sets the limit to the number of out coming ICMP packets per second 0 by default no limitation applied It helps to avoid the device reboot while network scanning programs are working Being set to 0 all limitations are turned off system no sendredirects Enables disables the system to send icmp redirect messages for the packets source suppression if routing is incorrectly configured system no dropredirects Enables disables the system to send icmp redirect messages for routing tables updating if routing is incorrectly configured sys
25. 130000 freq 2427 burst rfconfig rf5 0 bitr 300000 freq 5280 sid 01020304 burst rfconfig rf5 0 txpwr 18 pwrctl 2 MINT mint command General Description Attention MINT firmware is not compatible with earlier RMA version Don t try to update your current network to MINT version from RMA without prior documentation studying and laboratory testing MINT architecture gives a functionality to present a radio interface of a unit as well as a network connected to it as a traditional Ethernet in a bus topology Therefore the unit can have several Ethernet interfaces and several pseudo interfaces tun ppp null etc Any of Ethernet interfaces can be united in bridging groups which consist of two or more interfaces Moreover routing mode can also be used Full syntax mint IFNAME type mesh master slave mint IFNAME mode mobile nomadic fixed mint IFNAME nodeid NUMBERID mint IFNAME name NAME mint IFNAME key SECRETKEY mint IFNAME authmode public static remote mint IFNAME no authrelay mint IFNAME no snmprelay mint IFNAME no replicate ACL mint IFNAME noJautobitrate DB fixedbitrate mint IFNAME autofactor 1 5 3 mint IFNAME tpcmin dB tpcmax dB tpcadj dB Copyright O 2004 2012 by InfiNet Wireless 35 InfiNet Wireless WANFleX OS User Manual mint FNAME ratefall 0 8 0 mint IFNAME minbitrate XX mint IFNAME meshextracost XX mint IFNAME extracost XX mint IFNAME fixe
26. 168 151 10 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State DR Priority 1 Designated Router 1D 192 168 151 10 Interface Address 192 168 152 1 No backup designated router on this network Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 03 Neighbor Count is 0 Adjacent neighbor count is 0 lo0 is up OSPF not enabled on this interface null0 is down OSPF not enabled on this interface rf5 0 is up OSPF not enabled on this interface OSPF gt 8 Netstat command Network statistics Display the network statistics Syntax netstat r netstat i Description Displays the contents of different system data pertained to network parameters r parameter displays system routing tables Routing tables Interface etho 10 1 0 61 UG D D eth 10 3 1 26 UG 0 r o rfi rfO rfi 100 ethO rfO etho etho rf0 Copyright 2004 2012 by InfiNet Wireless 147 InfiNet Wireless WANFleX OS User Manual Flags for specific routes have the following meaning e U this routing table element is currently active e H this route leads to a host If this flag is not set the route goes to a network e D the route has been created using the icmp redirect protocol M the route has been modified using the icmp redirect protocol e G the route is connected to a host If this flag is not set it is considered that the route destination is directly connected e S static route
27. 1D 01 00 04 35 00 22 23 IW_IP_PHONE Andrew 9 1 1 170 lt BOUND gt since 01 01 2003 05 49 35 lt FREE RANGE gt 9 1 1 171 9 1 1 200 30 lt OPTION gt Router 9 1 1 3 lt OPTION gt H323_GK_ADDRESS 195 38 45 84 OK Copyright 2004 2012 by InfiNet Wireless 182 InfiNet Wireless WANFleX OS User Manual Here a client 1D 01 00 05 90 02 1F C8 in his DHCP request did not specify his class so OTHERS scope 192 168 177 12 255 255 255 0 subnet ethO interface as this scope does not have class filters However administrator wants this client to get his additional configuration parameters from PHONES scope In order to do that a reservation is created 2 gt dhcpd scope PHONES add reservation 1D 01 00 05 90 02 1F C8 9 1 1 200 OK 2 gt dhcpd show scope gt SCOPES MSOFT 192 168 177 20 192 168 177 22 eth0 ATTACHED eth0 lt 192 168 177 12 gt 255 255 255 0 lt CLIENT CLASS IDs gt W_BRI_GATEWAY MSFT 5 0 lt CLIENT gt 1D 01 00 C0 DF 10 AF 69 MSFT 5 0 wad 192 168 177 20 lt BOUND gt since 01 01 2003 05 01 08 lt FREE RANGE gt 192 168 177 21 192 168 177 22 2 NEW 10 12 12 30 10 12 12 50 OTHER 192 168 177 110 192 168 177 19 ethO ATTACHED eth0 lt 192 168 177 12 gt 255 255 255 0 lt FREE RANGE gt 192 168 177 10 192 168 177 11 2 lt FREE RANGE gt 192 168 177 13 192 168 177 19 7 PHONES 9 1 1 151 9 1 1 200 ATTACHED eth0 lt 9 1 1 100 gt 255 255 255 0 lt CLIENT CLASS
28. 22 vlanO DOWN lt SUBNET gt 192 168 178 1 255 255 255 0 OK In this example DHCP server has two interfaces ethO and vlan0 vlan0 interfaces was turned down by WANFleX command ifconfig vianO down Eth0 is turned on and we see three scopes attached to it phones other and msoft PHONES is attached to 9 1 1 100 255 255 255 0 subnet two others to Copyright 2004 2012 by InfiNet Wireless 180 InfiNet Wireless WANFleX OS User Manual 192 168 177 12 255 255 255 0 subnet Imagine that we want lock ethO interface Example 2 gt dhcpd lock interface etho eth0 lt 9 1 1 100 gt PHONES 9 1 1 151 9 1 1 200 Scope detached eth0 lt 192 168 177 12 gt OTHER 192 168 177 10 192 168 177 19 Scope detached eth0 lt 192 168 177 12 gt MSOFT 192 168 177 20 192 168 177 22 Scope detached OK After locking let us see interfaces information again 2 gt dhcpd show interface z gt INTERFACES eth0 UP LOCKED lt SUBNET gt 9 1 1 100 255 255 255 0 lt SUBNET gt 192 168 177 12 255 255 255 0 vlan0 DOWN lt SUBNET gt 192 168 178 1 255 255 255 0 OK Now eth0 interface is locked and it had all his scopes detached Interface can be unlocked Syntax dhcpd unlock interface lt INTERFACE gt Example 2 gt dhcpd unlock interface etho eth0 lt 192 168 177 12 gt MSOFT 192 168 177 20 192 168 177 22 Scope attached eth0 lt 192 168 177 12 gt OTHER 192 168 177 10 192 168 177 19 Scope attached eth0 lt
29. 255 172 16 12 prefix 192 168 0 0 192 168 255 255 192 168 16 prefix Internet backbone routing protocols do not advertise these addresses which allows to use the same addresses in different Internet segments These addresses are used by ISP s and enterprises to build internal transport environment and or to connect small subscriber communities Copyright 2004 2012 by InfiNet Wireless 165 InfiNet Wireless WANFleX OS User Manual Perhaps when connecting your LAN to Internet ISP will suggest you to minimize the number of really existing P addresses in order to save its own address space Common user needs very limited set of well known services WWW FTP ICQ Telnet SMTP Games This is quite accessible using private internets and NAT Besides there are dedicated proxy servers for concrete services which fit better for this task E g for HTTP and FTP it is better to use caching proxy server Squid If you decided to use P telephone based on H 323 standard then it is better to use private internets We have H 323 support module in our NAT version So we have the following scenario using private internets in your LAN and you have a limited number of public IP address Commands description nat local_acl NAME public_addr dhcp IFNAME exclude DSTACL enable disable delete This command sets the real public IP address which will be used for address translation In order for the routing protocols to work n
30. Ctrl C OSPF config router interface OSPF config router OSPF config if route map OSPF config route map Every mode has its own set of commands The following commands are available in any mode B Help prints the list of commands for the current mode B End goes back from the current mode to the base mode B Exit exit to WANFleX CLI from OSPF CS At the start CS is in the base mode which has a set of commands to view current router state In order to switch to the configuration mode you should have superuser rights After entering a configuration mode the configuration is being blocked and entering in this mode from other terminal e g other telnet session is prohibited In order to avoid a dead block of the session CS automatically quits the configuration mode after five minutes of no activity Context help is always available using For example OSPF gt config Copyright 2004 2012 by InfiNet Wireless 128 InfiNet Wireless WANFleX OS User Manual OSPF config access list Add an access list entry clear Reset functions end End current mode and change to root mode CTRL C exit Back to WANFleX command shell CTRL D help Print command list interface Select an interface to configure no Negate a command or set its defaults prefix list Build a prefix list route map Create route map or enter route map command mode router Enable a routing p
31. Enterprise and is very easy to configure The following SNMP security options can be used by setting the sec urity parameter e noAuthNoPriv SNMP messages are sent unauthenticated and unencrypted e authNoPriv SNMP messages are sent authenticated and unencrypted e authPriv SNMP messages are sent authenticated and encrypted The passphrase for the encryption is set by the privpass PRIVPASS parameter The protocol is set by the proto des aes128 parameter The nodebug debug options disables enables printing of SNMP service information into the system log The snmpd clear command deletes SNMP configuration on the unit Example snmpd comm secret snmpd user john add pass mypassword security authNoPriv snmpd on 14 Td command Telnet daemon Telnet daemon management Syntax Copyright 2004 2012 by InfiNet Wireless 164 InfiNet Wireless WANFleX OS User Manual td enable disable RemoteHOST td start stop flush Description Telnet daemon makes it possible to remotely configure and manage a router and more generally to execute any operation system commands in the same way as itis done on a local operator workstation Telnet daemon starts automatically when the router is switched on To stop the daemon operation a td stop command shall be executed a td start command restarts the daemon By default the daemon accepts Telnet connection establishment requests from any hos
32. IDs gt W_IP_PHONE lt CLIENT gt 1D 01 00 04 35 00 22 24 IW_IP_PHONE Stas 9 1 1 151 lt BOUND gt since 01 01 2003 05 00 34 lt FREE RANGE gt 9 1 1 152 9 1 1 169 18 lt RESERV gt 1D 01 00 04 35 00 22 23 IW_IP_PHONE Andrew 9 1 1 170 lt BOUND gt since 01 01 2003 05 49 35 lt FREE RANGE gt 9 1 1 171 9 1 1 199 29 lt RESERV gt 1D 01 00 05 90 02 1F C8 f 9 1 1 200 lt BOUND gt since 01 01 2003 06 22 30 lt OPTION gt Router 9 1 1 3 lt OPTION gt H323_GK_ADDRESS 195 38 45 84 OK If reservation is no more required you can delete it Syntax dhcpd scope lt SCOPE_NAME gt delete reservation lt CLIENT_ID gt If a client acquired its IP address after reservation deletion a server will hold a lease of this address to this client if a client does violate scope s rules excludes and class filters Example 1 gt dhcpd scope phones delete reservation 1D 01 00 05 90 02 1F C8 OK 1 gt dhcpd show scope X gt SCOPES MSOFT 192 168 177 20 192 168 177 22 eth0 ATTACHED eth0 lt 192 168 177 12 gt 255 255 255 0 lt CLIENT CLASS Ds gt W_BRI_GATEWAY MSFT 5 0 lt CLIENT gt 1D 01 00 C0 DF 10 AF 69 MSFT 5 0 wad 192 168 177 20 lt BOUND gt since 01 01 2003 01 01 08 Copyright O 2004 2012 by InfiNet Wireless 183 InfiNet Wireless WANFleX OS User Manual lt FREE RANGE gt 192 168 177 21 192 168 177 22 2 NEW 10 12 12 30 10 12 12 50 OTHER 192 168 177 10 192 168 177
33. IP MAC proxy arp add IP auto proxy Adds record into the ARP table MAC address mapped to IP address If keyword proxy specified then the system will announce this information as response to the requests from other stations acting as proxy ARP server even if this IP address is not system own address In this case instead of MAC address one may specify auto keyword arp del IP all proxy Deletes the record for IP Or all records in the system if keyword all specified If optional parameter proxy specified then only proxy P addresses will be deleted arp freeze Enables to freeze ARP table No more automatically updates allowed The command fixes only manual records and does not affect on the radio interface with active protocol MINT Be careful when entering this command via telnet arp proxyall ACL In proxyall mode the system will reply on all ARP requests if respective IP target address resides in the routing tables and reachable via interface other than source MAC address l e if there is a route to the target IP then the system can be considered as a gateway In proxyall mode you can specify an ACL list of addresses networks which limits replied ARP requests of the command with networks and addresses of the ACL list Example arp add 10 10 10 10 00 11 22 33 44 55 arp add 192 168 5 1 5544332211 proxy 10 Switch command This command is used to configure MAC Switch Syntax ee LIST commands switc
34. InfiNet Wireless WANFleX OS User Manual ipfw add rf5 0 accept tcp from 0 0 to 0 0 900 5000 ipfw add rf5 0 reject tcp from 0 0 to 0 0 The first filter in the above filter set wards off any attempt of TCP connection establishment from outside clients to your internal servers with port numbers 900 to 5000 The second filter authorizes any other incoming TCP packets aimed at port numbers within the same range and the third filter rejects all other TCP packets This unreliable UDP protocol Unlike the connection oriented TCP protocol the UDP protocol sends separate packets datagrams In this protocol every packet is transmitted independently from all others and if there is a logical connection or session between a client and a server communicating through UDP such connection or session exists between higher layer application entities only and is invisible to UDP As all UDP packets are independent of each other a UDP packet header bears no information on whether it is a client to server or a server to client packet in fact UDP users are all equal in rights the terms client and server cannot be defined explicitly Therefore the only recipe we can propose is to define as precisely as possible the range or set of those UDP port numbers which are allowed to communicate with the outer world A domain name server DNS is an example of a server using the UDP protocol at port number 53 Assuming that your communications with the o
35. InfiNet Wireless 161 InfiNet Wireless WANFleX OS User Manual e P_address the IP address of the destination of the replicated data stream e port the number of the port to which the replicated data stream should be sent It does not cost much labour to write a simple program for receiving packets at the workstation storing them in memory and or delivering for examination by a packet analyzer You may use as a prototype the source code of the bpfshow command for the FreeBSD OpenBSD system In this case the program is launched with a port number as the only parameter and stores all packets received in a file named pcap raw then the flow contents could be analyzed with the tcpdump utility bpfshow 8000 E tcpdump r pcap raw bpf f allows to set pcap filter Example bpf rf5 0 10 11 12 13 8000 Enables packet capturing regime sending all packets from the rf5 0 interface to a workstation at the address 10 11 12 13 bpf rf5 0 Disables packet capturing regime at the rf5 0 interface 12 RPCAP Remote Packet Capture RPCAP Remote Packet Capture system provides the ability to remotely capture the packets being passed over the network allowing the remote control and analysis of the transit data flows RPCAP system consists of a server side daemon and a client side application The client application for example packet analyzer connects to the server daemon gives instructions which packets should be captured and
36. Number of mapped memory Memory allocated pages Total number of to network bytes memory pages Outgoing Queue Number of Maximal Number of to interface ethO packets in queue queue size lost packets Hierarchical N Eem go AA t gt Token Buela 0 300 0 gt rf5 0 rx 0 300 0 gt Queue intQ 0 lt 500 0 gt ISR QM Incoming ar HTB cur 0 max i Queues x Number of Maximum detected packets in queue queue size 23 Grep command Grep is a console output filtering utility It filters a command output with lines containing a match to the given regular expression A Attention This command is not available on the H01 H02 platforms Syntax grep OPTIONS e PATTERN command Copyright 2004 2012 by InfiNet Wireless 27 InfiNet Wireless WANFleX OS User Manual or command grep OPTIONS e PATTERN OPTIONS e PATTERN regexp PATTERN i ignore case v invert match w word regexp x line regexp C count m NUM max count NUM n line number A NUM after context NUM B NUM before context NUM C NUM context NUM Description Grep utility searches the output of the given command for lines matching the given PATTERN and displays the result When used with e option e PATTERN or regexp PATTERN allows searching a PATTERN that begins with dash sign To ignore case distinction between capital and lowercase letters while searching i or ignore case option is used
37. OSPF system To cancel identifier assigning use the following command no router id Copyright 2004 2012 by InfiNet Wireless 130 InfiNet Wireless WANFleX OS User Manual Filters In many parameters of the router participating in the configuration filters are used Filters are represented by two classes of objects B Access lists access list B Prefixes lists prefix list Access lists consist of a set of operators Each operator consists of a range of P addresses and deny or permit command The range of addresses is set as lt value gt lt mask for insignificant bits gt The object to be filtrated has its basic parameter in the same format IP address subnet etc To make a decision whether the object corresponds with a list each operator from the list is consequently applied to the basic parameter of the object until this parameter satisfies the condition When a right condition is met the decision is made according to the record in the command of the operator deny or permit In OSPF router there are three types of access lists B Standard Is identified by numbers 1 99 or 1300 1999 and is used to analyze one parameter of filtration object B Extended Is identified by numbers 100 199 or 2000 2699 and is used to analyze two parameters of filtration object for example source address and destination address B Nominate Identical to Standard but is identified by a name not number Moreover operators are conf
38. PLCP length errors number Non deferred packets number CRC check errors number Protocol deferred packets number Number of partially received packets Number of deferred packets due to media unavailability Number of SSID mismatches useless in our case Number of retries for the packets which exceeded RTC threshold Access Point mismatches useless in our case Number of retries for the packets which were lower than RTC threshold Data rate mismatches number Authentication rejects number Number of received acknowledgements for packets transmitting Number of authentication timeouts Number of not acknowledged packets when transmitting Association rejects number Number of received CTS packets Number of association timeouts Number of not received CTS packets Number of expired lifetime packets after receiving Copyright 2004 2012 by InfiNet Wireless 34 InfiNet Wireless WANFleX OS User Manual e bcsid enables SID broadcasting in beacon service packets which are regularly sent by the radio module This feature is a potential weak place in the security because it lets the device to reply to subscriber s cards requests having no SID value ANY Though MINT protocol exclude the possibility of unauthorized network connection such device s behavior leads to its unstable work failures and communication link delays bcsid disables SID broadcasting Disabled by default Examples rfconfig rf5 0 sid 1 bitr
39. a public key of the connected SSH Client Usage of the COMMENT parameter here is the same as it is in the sshd import command described above Sshd show command shows SSH Client s public keys that are registered in the SSH Server list Sshd clear command deletes all the SSH Client s public keys from the SSH Server Sshd delete N command deletes a certain SSH Client s public key from the SSH Server list Parameter N is an index of the key in the list Sshd auth methods command allows viewing available authentification methods and choosing them for using in authentification process To view all available authentification methods please type sshd auth methods To choose which of them to use sshd auth methods AUTH METHODS LIST Where AUTH METHODS LIST is a list of authentification methods allowed for using To enable all authentification methods you can use all value for AUTH METHODS LIST parameter set by default Example The following command prohibits using password authentification allowing only Public key method sshd auth methods publickey Copyright O 2004 2012 by InfiNet Wireless 14 InfiNet Wireless WANFleX OS User Manual SSH Client sshc command Built in SSH Client configuration is performed using sshc command Syntax sshc options LOGIN HOST REMOTE COMMAND options window Sl ZE keepalive TI ME compress C
40. allows performing MINT enabled tests when all the traffic and link parameters are controlled and managed by MINT functions such as ATPC and autobitrate In this mode the statistics for errors abd retries is not available When using mint option target parameter can point to any MINT node s MAC address including nodes that are not direct neighbors of the current node multi hop mint option is available only with tu or tb options When using mint option r option is ignored Copyright O 2004 2012 by InfiNet Wireless 65 InfiNet Wireless Radio link bandwidth for transmitting Radio link bandwidth for receiving WANFleX OS User Manual Ltest command output in Bandwidth meter mode Minimal average and maximal delay values Direction Kbit s Pkt s Retries Errors TENA ARTES usec Transmit 56056 4671 0 00 0 00 40 213 5979 751 ee 54378 4531 0 00 0 00 22 220 11682 845 Total 110434 9202 Total radio link bandwidth Example lt rf5 0 00179AC2F3E6 tb This command starts bidirectional link bandwidth test of a local device with a remote device which have 00179AC2F3E6 MAC address 6 Muffer command Environment analyzer The muffer module is used to analyze the electromagnetic environment Syntax muffer IFNAME tXX IXX review FREQ1 FREQ2 sid mac 2 3 mynet scan MAC muffer IFNAME sensor record SEC F1 F2 BW STEP muffer IFNA
41. already verified by some of the preceding filters If the first fragment has been rejected by a filter then all the remaining fragments when received by the destination host in the absence of the first one will be rejected there after some delay normally fixed at 60 sec Logging of packets IP Firewall registers all rejected packets writing appropriate message in the system log Registering all accepted packets may be additionally requested by putting a log keyword ipfw add accept log icmp from 0 0 to 0 0 The above command will register all incoming ICMP packets A big number of logged packets may cause system log overflow if you have redirected log messages to a remote workstation Copyright 2004 2012 by InfiNet Wireless 159 InfiNet Wireless WANFleX OS User Manual 10 Loadm command load meter This is a tool to perform the channel load monitoring Syntax loadm b m 1 p w delay interface Description This command allows estimating the load of a system interfaces specified by interface parameter By default the information is displayed in one line and is updated every second the load is measured in Kbit s The following additional keys change default settings e b display values in thousand of bytes per second e m display results in Megabits or Megabytes with enabled b option per second e I display information line by line e p calculates average packet size e w delay
42. any rule the default decision for this group or interface is taken The condition might consist of one or several parameters which are checked with the packet Five packet parameters can be checked Source interface iface Source MAC address src Destination MAC address dst VLAN tag vlan Ethernet level protocol number proto Cie bh E For each parameter a corresponding list of values should be specified Moreover in the condition a PCAP expression may be present This expression will be considered as a pseudo parameter of the packet and is called match Therefore the packet is considered to have matched the condition if all its parameters match to the corresponding acceptable values from the lists and or the packet satisfies to the expression of match type One or more parameters might be missing in a condition clause in this case it will mean that packet satisfies to that part of the condition which is missing If the list of acceptable values is empty non of the values of the corresponding parameter can match the condition even if this parameter is missing in the packet for example VLAN tag Rules configuration is implemented using the following command switch group ID interface FNAME rule NUMBER set NEWNUMBER src LIST dst LIST vlan LIST iface LIST proto LIST LIST setpri addpri prio deny permit remove Here ID and IFNAME number of the group or interface NUMBER sequ
43. attempt to add one of these options to any division the server will report an error ERR This option cannot contain in the given division To control options which were requested by the client and given to him one can use the following commana Syntax dhcpd interface lt INTERFACE gt show client lt CLIENT_ID gt where e INTERFACE name of a network interface which information is requested e CLIENT_ID client s identifier which information is requested Instead of interface name one can specify this will print information for all clients and interfaces Instead of client s identifier it is permitted to specify this will print information about all clients for the specified interface The information is shown only for clients with given address lease from one of the scopes which is attached to the specified interface Example 2 gt dhcpd interface show client gt INTERFACES CLIENTS eth0 IPHONES lt CLIENT gt 1D 01 00 04 35 00 22 24 IW_IP_PHONE Unknown node 192 168 0 101 lt BOUND gt since 25 04 2005 11 32 57 SUPPLIED OPTIONS EL haa DF Subnet Mask 255 255 255 0 2 a eas Time Offset lt not supplied gt 3 S Router 192 168 0 1 Copyright 2004 2012 by InfiNet Wireless 187 InfiNet Wireless WANFleX OS User Manual ET AA Log Server lt not supplied gt 42 S NTP Servers 192 168 0 1 230 S H323 GK ADDRESS 192 168 0 1 231 IR
44. dead block of the session CS automatically quits the configuration mode after five minutes of no activity Context help is always available using For example RIP gt config RIP config access list Add an access list entry clear Reset functions end End current mode and change to root mode CTRL C exit Back to WANFleX command shell CTRL D help Print command list interface Select an interface to configure key Authentication key management Copyright 2004 2012 by InfiNet Wireless 115 InfiNet Wireless WANFleX OS User Manual no Negate a command or set its defaults prefix list Build a prefix list route map Create route map or enter route map command mode router Enable a routing process show Show running system information stop stop RI P config interface IFNAME Interface s name RIP config interface ethO RI P config if authentication Authentication control description Interface specific description end End current mode and change to root mode CTRL C exit Back to WANFleX command shell CTRL D help Print command list no Negate a command or set its defaults receive Advertisement reception send Advertisement transmission show Show running system information split horizon Perform split horizon RI P config if After quitting CS using exit command or Ctrl D CS stays in the last active mode Commands may have different parameters Commands parameters are specified in several
45. entered using console or Telnet Prefix command for WANFleX command interpreter is dhcpd Full command list without prefix command Syntax add scope lt SCOPE NAME gt lt INTERFACE gt lt START_IP gt lt END_IP gt add dscope lt SCOPE_NAME gt lt INTERFACE gt lt START_IP gt lt END_IP gt add virtual interface lt VIFNAME gt lt GATEWAY gt lt GWIFNAME gt clear delete option lt OPTION NAME gt delete scope lt SCOPE_NAME gt delete virtual interface lt VIFNAME gt interface lt INTERFACE gt delete option lt OPTION_NAME gt interface lt INTERFACE gt option lt OPTION NAME gt lt OPTION _VALUE gt Copyright 2004 2012 by InfiNet Wireless 175 InfiNet Wireless WANFlex OS User Manual interface lt INTERFACE gt reservation lt CLIENT_1D gt delete option lt OPTION_NAME gt interface lt INTERFACE gt reservation lt CLIENT_ID gt option lt OPTION _NAME gt lt OPTION _VALUE gt interface lt INTERFACE gt show boundhistory interface lt INTERFACE gt show client lt CLIENT_ID gt lock interface lt INTERFACE gt option lt OPTION_NAME gt lt OPTION_VALUE gt scope lt SCOPE_NAME gt add classid lt CLIENT_CLASS ID gt scope lt SCOPE_NAME gt add exclude lt START_IP gt lt END_IP gt scope lt SCOPE_NAME gt add reservation lt CLIENT_ID gt lt CLIENT_IP gt scope lt SCOPE_NAME gt delete classid lt CLIENT_CLASS_1D gt scope lt SCOPE_NAME gt delete exclude lt START_IP gt scope lt SCO
46. for every band is formed in the form of a list of sub ranges with the defined frequency step start frequency end frequency step or a list of comma delimited standalone frequencies Syntax IFNAME grid BAND FREQUENCY _RANGE_LIST Example rf rf5 0 grid 40 4920 5940 5 rf rf5 0 grid 20 5310 5390 10 5450 5500 5580 20 rf rf5 0 grid 10 5480 5500 5520 5540 5560 5580 The resulting frequency grid can be viewed in the rf cap command output and is used every time the frequency is setup using the auto command roaming dfs etc To remove a frequency grid rf IFNAME grid BAND clear That will restore the default frequency grid supplied in the unit s license e freq XXX central operating frequency in MHz Must be equal at the both sides of the link The list of allowed frequencies can be obtained by executing rf if name cap command e bitr XXX the bit transfer rate in Kbit s of the radio link Allowed values are o For CKK mode 11000 5500 2000 1000 Kbit s o For OFDM mode standard models 6000 9000 12000 18000 24000 36000 48000 54000 Kbit s o For OFDM mode Xm models B 5 MHz 3250 6500 9750 13000 19500 26000 29250 32500 Kbit s B 10 MHz 6500 13000 19500 26000 39000 52000 58500 65000 Kbit s B 20 MHz 13000 26000 39000 52000 78000 104000 117000 130000 Kbit s B 40 MHz 30000 60000 90000 120000 180000 240000 270000 300000 Kbit s The maximum bitrate is limited
47. in SNMP trap packet is defined by the following command trapd agent x x x x To delete the agent s IP address from the configuration use sign as shown in the command syntax Default agent s own IP address is 127 0 0 1 SNMP traps can be sent to the SNMP server via SNMP network agent running on some other device gateway To direct SNMP traps to the gateway the following command should be used trapd gateway xxxxo0000000 auto Where XXXXXXXXXXXx is the gateways MAC address When parameter auto is specified instead of the gateways MAC address SNMP traps are automatically sent to the MINT SNMP relay defined by the mint snmprelay command if it exists in the MINT network To delete the gateway from the configuration use sign as shown in the command syntax All these traps can be allowed or rejected for sending by the following command trapd type TYPENAME enable disable Where TYPENAME is the trap s name By default all traps are disabled Example trapd dst 192 168 1 1 trapd type newNeighborEvent enable trapd start The following SNMP traps and trap groups are supported by the system ColdStartEvent trap is sent when the units is powered up AuthenticationFailureEvent trap is sent in case of failure in SNMP authentification Syslog all new messages in the system log are sent as a trap Copyright 2004 2012 by InfiNet Wireless 174 InfiNet Wireless WANFleX OS User
48. indicated by seldom tones in the headphones If there is a link established the signal level is indicated by the set of clicks The higher the signal level the higher is the frequency of the clicks and their number in the set The durability of the set and the interval between the sets is always the same and has a value of 2 and 0 5 seconds correspondingly The indication cycle always corresponds with a PREVIOUS measurement cycle That means that the sound indication has a delay of 2 5 seconds The maximum signal level is indicated by a permanent tone Attention AudioMonitor is NOT included in a standard device set it should be ordered separately Copyright 2004 2012 by InfiNet Wireless 62 InfiNet Wireless WANFleX OS User Manual I When this option is set you will hear a sound indication of a signal that is received on a local device i e a signal which is transmitting from remote device to local device r When this option is set you will hear a sound indication of a signal that is received on a remote device i e a signal which is transmitting from local device to remote device m When this option is set you will hear a sound indication of a signal that is minimal among two previous signals for example if a signal that is received on a local device is lower than a signal that is received on a remote device then a signal that is received on a local device will be indicated e auto I r m automatic test in a soun
49. is encapsulated into IP packets at one end of a link and is delivered to its opposite end through the existing transport network Four parameters are necessary to configure a tunnel 1 The internal P address of the local end of the P2P link 2 The internal IP address of the remote end of the P2P link 3 Real source IP address to be specified in the outgoing packets 4 Real destination P address to be specified in the outgoing packets Internal P addresses of both ends of a P2P link are set using ifconfig command all other parameters are specified by the tun command see example below Copyright O 2004 2012 by InfiNet Wireless 105 InfiNet Wireless WANFleX OS User Manual Syntax tun N src ADDR dst ADDR mtu N df clear Description Assigns the source src and destination dst real P addresses to a tunnel specified by its logical number N which has been created by an ifconfig command Outgoing packets are encapsulated into IP datagrams and sent to the dst address The src address is inserted into the datagram as source address The dst address shall also be attainable through an interface of the router different from that used to access the tunnel This can be done for example by using explicit static routing the route add command or by prohibiting importation of some of the RIP protocol route descriptors arriving to that interface If this condition is not satisfied a looping may happen when already en
50. likelihood of a local routing cycles If poisoned reverse option is set device when removing the route still some time left it in the routing table and include it in the standard distribution announcement with special reference so that neighboring routers realize that the route is no longer used Metrics of a route with the value 16 is used as a metrics for this Split horizon algorithm without poisoned reverse option is enabled by default To cancel split horizon algorithm use command p no split horizon Route map route map For more flexible configuration of metric type and its value one can use a route map Route map is a set of conditional records Each record has its number in the map a condition of correspondence for the importing route of the record actions to be done with a resulting object in case of its correspondence resulting action deny permit etc Routes are listed in the route map according to their number in ascending order If a route satisfies a record s condition If a resulting action is deny the route is denied review of map s records is aborted and a resulting object is cancelled link is not advertised If a resulting action is permit all actions specified in the record are performed for a resulting object Further records viewing is stopped or if specified in the scenario it is resumed depending on the option specified in the scenario 1 on match next viewing is continued from the r
51. link metric type E1 metric type 1 E2 metric type 2 External link metric is printed in the format of lt metric of the router which advertised the link gt lt link metric gt Interfaces information show interface INTERFACE This command prints the information on network interfaces including virtual links states If interface name is not specified all interfaces information will be printed For example OSPF gt show interface VLINKO is up Internet Address 192 168 151 10 24 Area 0 0 0 0 Router ID 192 168 151 10 Network Type VIRTUALLINK Cost 2 Transmit Delay is 1 sec State Point To Point Priority 1 No designated router on this network No backup designated router on this network Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 08 Neighbor Count is 1 Adjacent neighbor count is 1 eth0 is up Internet Address 192 168 151 10 24 Area 0 0 0 1 Router ID 192 168 151 10 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State DR Priority 1 Designated Router ID 192 168 151 10 Interface Address 192 168 151 10 Copyright 2004 2012 by InfiNet Wireless 146 InfiNet Wireless WANFleX OS User Manual Backup Designated Router ID 192 168 151 1 Interface Address 192 168 151 1 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 05 Neighbor Count is 1 Adjacent neighbor count is 1 Internet Address 192 168 152 1 24 Area 0 0 0 2 Router ID 192
52. list of values with each value taking one line The file is retrieved using FTP protocol Example switch list MACGROUP1 file ftp 1 2 3 4 switches list macgroup1 txt With this macgroup1 txt file might contain the following information The list of computers in HR department 00 01 02 03 04 05 Smith 00 11 12 13 14 15 Johnson lt EOF gt Values are loaded from the file automatically after switch is started or when a source file name is modified or when the following command is executed switch synchronize switch list LISTNAME remove This command deletes the list with LISTNAME name from the switch configuration switch list LISTNAME flush Clears the contents of LISTNAME name switch list OLDLISTNAME rename NEWLISTNAME Renames the list with OLDLISTNAME to NEWLISTNAME switch list LISTNAME dump WILDCARD Prints the contents of the list LISTNAME If WILDCARD parameter is specified the command prints only those values from the list which satisfy the WILDCARD Groups configuration commands Syntax switch group ID add del FNAME TAG 0 switch group ID repeater trunk uncoupled fon off switch group GORUPID up down stream SCI D 0 switch group ID x vlan TAG LIST 0 no bidir switch group ID nvlan on off switch group 1D info INFO_STRING switch group ID setid NEWID Copyright 2004 2012 by InfiNet Wireless 79 InfiNet Wireless WANFleX OS User Manual switch group ID stp off on
53. net 192 168 1 0 24 nat local_acl NAT 123 1 1 1 nat enable Done One can start to check access from the LAN nat disable Disables NAT Copyright 2004 2012 by InfiNet Wireless 167 InfiNet Wireless WANFleX OS User Manual nat same_ports yes no This command forces NAT module to leave ports numbers in the modified packets as they are If it is impossible then arbitrary port numbers will be used nat verbose yes no Enables diagnostic mode and prints modified packets into system log nat Proxy only yes no If enabled then NAT module only forwards packet according to proxy_rule commands Usual NAT not performed nat stat Shows NAT statistics Packet redirection NAT disadvantage is that local hosts are not accessible from Internet Local hosts can establish outgoing connections but cannot serve incoming This hinders starting Internet applications on local hosts Simple solution is to redirect traffic from some ports to local hosts The below commands are dedicated for creating redirection rules redirect_ xxx and proxy_rule Multiple command execution with different arguments allowed Commands are numbered when browsed using config show This allows to delete not needed rules using nat del XX where XX is sequential number in the config show list nat redirect_port The command comes with two flavors First type redirect_port proto local_addr local_port_range public_addr public_port_range remote_add
54. not fault_ tolerant and are not designed manufactured or intended for use or resale in applications where the failure malfunction or inaccuracy of products carries a risk of death or bodily injury or severe physical or environmental damage high risk activities High risk activities may include but are not limited to use as part of on line control systems in hazardous environments requiring fail safe performance such as in the operation of nuclear facilities aircraft navigation or communication systems air traffic control life support machines weapons systems or other applications representing a similar degree of potential hazard Infinet wireless specifically disclaims any express or implied warranty of fitness for high risk activities InfiNet Wireless hereby declares that R5000 Om R5000 Mm R5000 Sm and R5000 Lm are in compliance with the essential requirements and other relevant provisions of Directive 1995 5 EC The declaration of conformity may be consulted at www infinetwireless co Indication of the countries InfiNet Wireless equipment has no geographical limitations for selling and can be supplied to any country of the world Limitation of Liability Infinet Wireless shall not be liable to the purchaser or to any third party for any loss of profits loss of use interruption of business or for any indirect special incidental punitive or consequential damages of any kind whether arising under breach of contract
55. of the fragmented P packets are not checked to fulfill the port number restrictions as a port number is specified only in the first fragment If the first fragment is filtered the rest of the fragments will be rejected by the target machine P protocol Modifiers field is used for the additional packet characteristics which can be considered by the filter Possible values e tcp_connection The filter is refered only to the packets of an establishing a TCP connection Connection is synonym of tcp connection Technically a packet for requesting a connection has a TCP header with SYN flag set and ACK flag cleared e ip_ fragment The filter refers only to fragmented packets Technically either offset field in the packet has non zero value or a more fragments bit is set e ip_head_fragment The filter is applied only to the first fragment of the fragmented packet Technically an offset field in the packets has non zero value or a more fragments bit is set e ip_tail_ fragment Copyright 2004 2012 by InfiNet Wireless 154 InfiNet Wireless WANFleX OS User Manual The filter is applied to all packet s fragments excluding the first one Offset field has non zero value More fragments field value is of no importance e ip_option The filter is applied to the P packets which have any P options set excluding NO OP option e ip_recroute_option The filter is applied only to those P packets which have either record
56. of them has a link to the backbone area in the area not stub area a virtual link is organized This can be done using the following command in config router mode area A B C D lt 0 4294967295 gt virtual link A B C D where e A B C D lt 0 4294967295 gt area identifier through which a virtual link goes A B C D ABR router id with which a virtual link is established Virtual link must be configured on both routers For example Router 192 168 152 45 OSPF gt configure OSPF config router OSPF config router area 0 0 0 1 virtual link 192 168 78 12 Router 192 168 78 12 OSPF gt configure OSPF config router OSPF config router area 0 0 0 1 virtual link 192 168 152 45 Formally the virtual link looks like a point to point network connecting two ABR from one area one of which there is a link to backbone area This pseudo network is considered to belong to the backbone area Link to area information filtering Summary information about area s links which is advertised by ABR through backbone to other area export can be filtered Moreover the information from ABR that came from other areas can also be filtered import Filters are configured in config router mode area A B C D lt 0 4294967295 gt export list NAME area A B C D lt 0 4294967295 gt filter list prefix WORD in out area A B C D lt 0 4294967295 gt import list NAME where NAME name of a filtering list access list
57. packets Number of errors in the decryption process Number of packet drops in an aggregate due to he packet sequence errors Number of packet drops in an aggregate due to protocol excesses for transmission age Full Retries Number of duplicate aggregates transmitted Maximal detected number of packets in an aggregate Maximal detected bytes in an aggregate Number of successfully encrypted packets Copyright 2004 2012 by InfiNet Wireless 33 InfiNet Wireless Parameter Beacons Received Beacons Transmitted Ack Packets Transmitted RTS Packets Transmitted CTS Packets Transmitted PLCP CRC Errors Single Collisions PLCP Format Errors Polling cache aged PLCP Length Errors No Deferral MAC CRC Errors Deferred Protocol Partial Received Deferred Energy Detect SSID Mismatches Retry Long AP Mismatches Retry Short Data Rate Mismatches Authentication Rejects Ack Received Authentication T O No Ack Received Association Rejects CTS Received Association T O No CTS Received Packets Aged WANFleX OS User Manual rf stat command output for 2 4GHz devices Description number of received service packets not used Number of transmitted service packets not used Number of transmitted acknowledgement packets Number of RTS packets transmitted Number of CTS packets transmitted CRC errors counter Single collisions counter PLCP format errors number Expired cache lifetime packets number
58. parameter must be put into quotes Example 2 gt dhcpd scope MSOFT add classid MSFT 5 0 or 2 gt dhcpd add scope Micro Soft ethO 9 1 1 201 9 1 1 250 Attention DHCP executes commands ONLY after its start dhcpd start Copyright 2004 2012 by InfiNet Wireless 176 InfiNet Wireless WANFleX OS User Manual DHCP Client DHCP protocol is used for workstations and servers TCP IP network hosts connection parameters dynamic configuration UDP IP protocol is used as a transport protocol Host which requests data for its network connection configuration IP address subnet mask default gateway etc is called DHCP client IP address is a basic configuration parameter After client s start it sends a DHCP request over the network so it could get a lease of IP address and other network parameters For its identification in its request a client may use client identifier In general case client identifier is a binary set of bytes which is unique within a physical network segment to which a client is connected If client does not provide an identifier the server will accept client s MAC address for network interface Thus in DHCP server a client is identified by its identifier and network interface from which server accepts client s requests client s interface Client s identifier lt CLIENT_ID gt parameter in commands is represented as ID lt identifier gt or 01 lt MAC address of network adapter gt Example 1D 01 0
59. possible to establish reliable communication between subscribers when the ordinary CSMA CA wireless access method does not work at all Despite a slight decrease in the maximum transmission speed the polling mode substantially increases the total throughput of a base station and provides for its fair distribution between client units The polling algorithm is so designed as to minimize the protocol overhead while maintaining high efficiency and robustness The polling mode is enabled on the master station only Configuration of client units needs not to be modified For fine tuning of polling regime there are three optional parameters which can be set using the following syntax mint Fname poll start mi XX ub XX mt XX MI Marker Interval The primary time unit used in calculating the marker sending frequency The approximate value is a half of the round trip delay for the interface Values are given in milliseconds from 4 to 20 UB Upper bound Marker sending interval upper bound This value provides a minimal guaranteed marker sending frequency This parameter is chosen based on the compromise between the total number of markers loading up the channel for no purpose and the response time for the first key pressed in telnet program The value is within 3 and 1000ms MT Marker Timeout The maximum waiting time for a client unit response to a marker or data packet Expressed in milliseconds default value is 120ms Exa
60. route or timestamplP options set without any other options These options can be set by violators to build your network map No other threat is possible here e ip_misc_option This filter is applied only to the packets which have one or more IP options but record route timestemplP or NO OP Many of P options of MISC group are used by the violators to avoid filters in order to enter the network There are several additional rules for the modifiers field 1 tcp_connection value can be used only when the proto field has tcp value 2 If more than one option among ip fragment ip _head_fragment or ip_tail_ fragment is used than the latter ones will cancel the action the former ones 3 If more than one option among ip_option ip_recroute_option or ip_misc_option is used than the latter ones will cancel the action the former ones The packet must fulfill all options set otherwise it will go through the filter Parameter f allows using pcap filters Example ipfw add reject f icmp and host 1 1 1 1 or 1 1 1 5 Examples of packets filtering Hereafter some examples are given of how to use the ipfw command in different cases Simple examples Our first example will be a filter prohibiting passage of any packet from some unreliable address 1 1 1 1 to the address 2 2 2 2 ipfw add reject all from 1 1 1 1 to 2 2 2 2 As enemies often attack in unite front let us now bar the way to all packets from the whole hostile n
61. seeing detailed information on Multicast subscribers switch igmp snooping Imat Value This command sets Last Member Query Time value i e the maximum time during which the switch will wait for the answer from active subscribers after receiving IGMP leave If no answer is received the switch will stop Multicast packets delivery to the particular Gateway Gateway is an Ethernet interface or radio interface with a MAC address of the device on the other side of the link switch igmp snooping gmi Value This command sets Group Membership Interval value i e the amount of time that must pass before a Multicast Router decides there are no more clients subscribed to a Multicast group no more IGMP report messages in the group switch igmp snooping static add MCAST F_NAME MAC This command creates static subscription on a Multicast address switch igmp snooping static del MCAST F_NAME MAC This command removes static subscription on a Multicast address switch igmp snooping srcip IP This command allows replacing a source IP address in IGMP Report packets with the one specified in the IP parameter switch igmp snooping querier group N source X mcast X Y vlan N start stop clear Copyright O 2004 2012 by InfiNet Wireless 91 InfiNet Wireless WANFleX OS User Manual This command starts stops start stop Querier function operation IGMP Querier substitutes the functions of Mu
62. specifies time interval between updates A For the rf5 0 radio interface the loadm command shows the total channel load and not only that part of it which corresponds to the given device On a client unit for example not only that unit s own traffic appears on its rf5 0 interface and is taken into account by the loadm command but also the traffic between the base station and other client units In other words the channel being observed comprises in this case the totality of a cell traffic generated by several mutually affecting units on the same frequency Therefore the real load of the unit is better to see on its ethO interface Example loadm I rf5 0 The output example is shown below Copyright 2004 2012 by InfiNet Wireless 160 InfiNet Wireless WANFleX OS User Manual Interface name Y a A Load Meter TS All results in Kbits per second rf5 0 INPUT OUTPUT SUM PACKETS CPU cur avg max packets cur avg max packets 15 36 36 36 16 14 14 14 6 50 22 6 30 33 36 16 12 13 14 5 42 21 3 39 35 39 18 6 10 14 5 45 23 3 16 30 39 12 12 11 14 5 28 17 2 16 2 39 12 18 12 18 6 34 18 2 17 26 39 14 5 11 18 5 22 19 2 17 24 39 14 4 10 18 4 21 18 2 22 24 39 18 6 10 18 5 28 23 2 15 23 39 12 13 10 18 6 28 18 2 12 22 39 11 4 9 18 4 16 15 2 13 21 39 12 14 10 18 6 2 18 2 10 20 39 10 5 9 18 5 15 15 2 20 20 39 15 12 10 18 5 32 20 2 14 20 39 12 5 9 18 5 19 17 2 17 20 39 13 14 10 18 6 31 19 2 13 19 39 11 13 10 18 6 26 17 t
63. system administrator enters the router from the console or remotely using telnet http Example system user root e system password lt password gt Sets the system administrator s password Example system password qwerty e system gpsxy E W XX XXXXX N SIYY YYYYY Sets the geographical coordinates of the device longitude latitude This parameter can be used for automatic radio module parameters correction when connecting to the network Example system gpsxy 60 40056 56 82857 Copyright 2004 2012 by InfiNet Wireless 5 InfiNet Wireless WANFleX OS User Manual system guest key word or phrase Specifies a keyword for entering a guest mode The keyword is entered as a login any password may be used While in the guest mode you cannot modify the router s configuration parameters neither security related parameters Example system guest for members only system prompt any word Replaces the prompt on the screen with the given any word of a maximum length of 16 characters The resulting prompt will look as Prompt ttyN gt Example system prompt MyHost system useAAA Instructs the unit to turn on RADIUS based authentication for accessing the management interface To use the authentication the AAA module should be running refer to chapter 19 Remember that the AAA authentication method has the highest priority and local login database is used only in case when the required account is not found on the RADIUS serv
64. the last operator in a list Thus the operator will have the biggest number and will be placed in the end of the list Link state advertisement The router can advertise its link states of two types 1 Internal links These are links which destinations are addresses of the subnets to which a router is connected directly using one of its network interfaces and which are described in OSPF router configuration 2 External links Links which destinations are route s destinations configured in WANFleX These can be static routes route add kernel or routes which appear in the routing table by assigning IP address alias to one of physical network interfaces connected In order to advertise an internal link a subnet should be specified which destination is an advertised link This can be done in config router mode network A B C D M area A B C D lt 0 4294967295 gt Network is specified by router s P address mask which belongs to this network Area ID can be inputted either in P addresses format or in decimal number format Example OSPF gt configure OSPF config router OSPF config router network 4 7 8 32 24 area 0 0 0 1 OSPF config router network 192 168 15 1 24 area 0 OSPF config router Copyright 2004 2012 by InfiNet Wireless 132 InfiNet Wireless WANFleX OS User Manual If none of router s network interfaces has an IP address from specified subnet OSPF will not advertise this link alt
65. the list of algorithms algo list to be used in SSH Server Client authentification process cipher algos ALGO LIST short form c ALGO LIST allows choosing cicpher algorithms from the list of algorithms algo list to be used in SSH data encryption hash algos ALGO LIST short form m ALGO LIST allows choosing hash algorithms from the list of algorithms algo list to be used in SSH data verification comp algos ALGO LIST allows choosing compression algorithms from the list of algorithms algo list to be used in SSH data compression For compulsory interruption of the SSH Client s session for example if SSH Server is not responding to SSH Client s requests please use the following key sequence lt Enter gt on the keyboard firstly press Enter key then key then key Example sshc C root 1 2 3 4 This command will try to connect SSH Client to the SSH Server located on the host with IP address 1 2 3 4 under root login user name and enable compression of the data flow 13 pstat command I P statistics IP statistics gathering module Copyright 2004 2012 by InfiNet Wireless 16 InfiNet Wireless WANFleX OS User Manual Syntax ipstat enable incoming outgoing full detail SLOTS disable ipstat clear ipstat traf detail bytes total_bytes ipstat fixit fixget fixclear ipstat strict strict ipstat add intf rule ipstat del N ipstat rearrange N
66. to 0 0 qm add ch1 all from 0 0 to 1 1 1 0 24 Establishes for the traffic from or to 1 1 1 0 24 network the highest priority over all other data flows qm ch1 pri 5 qm ch2 pri 10 qm add ch2 all from 1 1 1 0 24 to 0 0 qm add ch2 all from 0 0 to 1 1 1 0 24 Copyright 2004 2012 by InfiNet Wireless 111 InfiNet Wireless WANFleX OS User Manual qm add ch1 all from 0 0 to 0 0 The 1 1 1 0 24 network traffic will have the lowest priority as compared to other data flows Please note the order of rules in the above list The last rule which is satisfied by any packet may only be at the end of the list qm ch1 to 10 10 10 10 qm ch2 to 20 20 20 20 qm add ch1 all from 1 1 1 0 24 to 0 0 qm add ch2 all from 2 2 2 0 24 to 0 0 Subscribers of the 1 1 1 0 24 network will be serviced by the 10 10 10 10 provider while the 2 2 2 0 24 subscribers will use the 20 20 20 20 provider In more complicated situations when the routers of service providers are not directly accessible from the given node one would better start with defining tunnels to those providers and then redirect traffic to those tunnels qm option rtp tos This command disables real time packets automatic prioritization and enables TOS automatic prioritization Example of traffic prioritization and remapping Channel 1 disables DSCP labels and 802 1p priorities qm ch1 dscp 0 dotlp 1 Channel 2 sets flow priority QM_PRIO_BUSINESS1 and DSCP label 31 qm ch2 pri
67. wifi IFNANE cap command to view a list of supported encryption types Different encryption types can be combined with comma as delimiter auth server lt address gt sets Radius authentication server address and password Use lt host gt lt port gt lt secret gt format for the address where lt host gt lt port gt options defines server IP address and port lt secret gt option defines password acct server lt address gt sets Radius accounting server address and password Use lt host gt lt port gt lt secret gt format for the address where lt host gt lt port gt options defines server IP address and port lt secret gt option defines password debug radius on off enable disable output of Radius server system messages hidden on off enable disable hidden AP mode In a hidden mode AP do not appear in a search output of the available wireless networks wme on off enable disable Wireless Multimedia Extensions QoS support according to 802 11e protocol isolation on off restricts allows client stations of the given AP establish a connection between each other directly without using external routers rsn preauth on off enable disable RSN WPA2 pre authentication quick roaming support according to 802 11r protocol mcast rate lt rate gt sets multicast packets bitrate acct interval lt iterval gt sets interim accounting update interval in seconds according to which Radius se
68. will it be a switched network 1 Perform the following actions on each client device Note down or remember MAC address of radio interface which is used to connect to base station You can view it using command Ifc rf5 0 Save current configuration it is supposed that client device is connected to base station in the moment using command config save Upload MINT firmware using commana fl get user password server file 2 Perform restart of all the client devices one after another using command restart y 3 Upload MINT firmware on the base station and restart base station After the restart all devices will start with MINT firmware Upon discovering the old configuration RMA new MINT firmware will start neighbor search protocol on all radio interfaces of the device with default parameters master autobitrate hiamp 4 Radio interface parameters will be delivered from the old configuration at the time of its last saving This is enougth for device to connect to MINT Network The devices will lose IP address assigned by RMA 4 Ensure all devices have connected to base station using mint map command 5 Assign appropriate IP address on base station radio interface for example ifc rf5 0 10 0 0 254 24 up 6 Using mint rcmd command assign IP addresses on radio interfaces of all client devices addressing them using MAC adress you can miss colon in MAC addresses for example Copyright 2
69. 0 04 35 22 88 1D In its requests to the server a client may indicate its class class identifier Class identifier is a string which defines one of client s properties which is common for a set of clients For example it can be client operating system s name E g DHCP clients which work under OS Windows XP send MSFT 5 0 as a class identifier InfiNet Wireless IP phones IW_IP_PHONE Client s class can be used by server administrator for automatic clients grouping in address scopes in order to conveniently assign them specific configuration parameters options Address Scope Scope is a range of P addresses within which a server can assign addresses to its clients Scopes are located in a configuration database of a server and are identified by names configured by server administrator when this scope was created Scope is created by the following command Syntax dhcpd add scope lt SCOPE_NAME gt lt INTERFACE gt lt START_IP gt lt END_IP gt here e SCOPE_NAME scope name It is not case sensitive and must be unique If scope name contains spaces server will automatically substitute them with underscore sign _ e INTERFACE name of the network interface with which this scope will be attached allowed interface If is specified as interference that means that this scope can be attached to all suitable network interfaces Suitable network interface is an interface which contains a subnet of IP
70. 000 class2 qm ch2 max 400 ceil 1000 class2 qm ch3 max 100 ceil 300 class3 qm ch4 max 200 ceil 300 class3 The result of these commands are a hierarchy of service classes see figure where channels Ch1 and Ch2 members of the Class2 have a higher priority to use a bandwidth of 1000 kbps then channels Ch3 and Ch4 since Class2 is of higher priority than Class3 4 Route command static routes configuration The command is used to configure static routing tables Syntax route add address default gateway route delete address gateway Description This command provides with manual management of system routing tables In the normal mode when a routing daemon is active this command is not needed However in some cases it allows to achieve more precise non standard configuration Parameters e add adds a route to a table e delete deletes a route from a table Copyright 2004 2012 by InfiNet Wireless 113 InfiNet Wireless 5 ARIP WANFleX OS User Manual e address destination network IP address or host address The parameter can be specified in the following formats network address mask length or network address mask or network address e gateway P address of the router through which the address is attainable It is possible to use the keyword default instead of explicitly specifying the 0 0 P address Examples route add default 195 38 44 129 route add 193 124 189 0 27 195 38 44 108 rout
71. 004 2012 by InfiNet Wireless 58 InfiNet Wireless 3 Prf WANFleX OS User Manual mint rf5 0 rcmd node 17 9a c2 f4 34 cmd ifc rf5 0 10 0 0 1 24 up co save mint rf5 0 rcmd node 17 9a c3 ad 46 cmd ifc rf5 0 10 0 0 2 24 up co save mint rf5 0 rcmd node 179ab1f391 cmd ifc rf5 0 10 0 0 3 24 up co save and so on After that all client devices will be accessible from base station by IP if it wasn t rejected by configuration options 7 Using telnet perform the rest necessary configuration on each device for smooth network functioning routing and so on If IP access is not obtained it is always possible to verify or correct configuration of client devices using mint remd command mint rf5 0 rcmd node 0023113231 cmd co show reply with reply parameter command result will appear in a local system log sys log show MINT architecture protocol can work not only via radio interfaces but through wired Ethernet interfaces For this purpose prf interface pseudo radio interface is used which can be attached to the physical interface like vlanX interfaces Syntax prf N parent IFACE hwmtu N channel N prf N clear prf driver allows sending network frames of a proprietary format through Ethernet network When sending frames to Ethernet the driver encapsulates them into IEEE802 3 frames If specified maximal length of Ethernet frame is not enough to send a fully encapsulated original fr
72. 1 1 1 2 255 255 255 252 tunnel source 194 34 34 34 tunnel destination 195 23 23 23 tunnel mode ipip Copyright O 2004 2012 by InfiNet Wireless 106 InfiNet Wireless WANFleX OS User Manual 3 Qm command QoS configuration The command manages the Quality of Service QoS parameters General description QoS manager is a convenient and flexible mechanism to manipulate data streams going through the device The user can create up to 200 logical channels characterized by different properties such as priority levels and data transfer rates and then assign data streams to these logical channels according to special rules of assignment Packets going through different channels are thus modifying their own properties as well as properties of their respective data flows Syntax qm option rtp dot1p tos Jicmp tcpack strict qm classN max N ceil N ceilprio N parent N clear qm chN max N 0 ceil N 0 ceilprio N 0O latency N 0 pri P no strict pps N 0 to addr vlan X 1 dscp N 1 dotlp N 1 classL clear qm stat full clear del RULE_NUMBER mov RULE_A RULE_B rearrange N qm add out num ifname chN pass rule where e N L X P R S T are integers e addr is an P address e rule is a packet filtering rule with the same syntax as in the ipfw command Parameter values shall be put after their keywords if any without A blanks as shown above no blank may be p
73. 1 1 3 belong to the gateway 128 1 1 1 can be used as public gateway IP address and 128 1 1 2 and 128 1 1 3 will be redirected to LAN clients A and B nat redirect_address 192 168 1 2 128 1 1 2 nat redirect_address 192 168 1 3 128 1 1 3 redirect_proto proto local_addr public_addr remote_addr Redirects all the incoming packets with specified protocol proto to the host with address local_ addr Copyright 2004 2012 by InfiNet Wireless 169 InfiNet Wireless WANFleX OS User Manual nat default_h323 yes no Includes address modification according to H 323 stack for outgoing connections Affects all incoming UDP packets destined for port 1719 and incoming TCP connections for port 1720 By default disabled A Do not enable this option unless needed because this will hinder NAT performance if not used in IP telephony applications nat h323_ destination ras cs remote_addr remote_port local_addr local_port Enables to describe more specifically using of H 323 elements in the external network e ras cs H 323 stack layer specified for processing e remote_addr address of external network its connections will be processed e remote port port its outgoing connections will be processed If port not specified then used value 1719 for ras and value 1720 for cs e local_addr LAN host address its outgoing connections will be processed If address not specified then any port connections will be processed e
74. 19 eth0 ATTACHED eth0 lt 192 168 177 12 gt 255 255 255 0 lt CLIENT gt 1D 01 00 05 90 02 1F C8 192 168 177 10 lt BOUND gt since 01 01 2003 01 16 36 lt FREE RANGE gt 192 168 177 11 192 168 177 11 1 lt FREE RANGE gt 192 168 177 13 192 168 177 19 7 PHONES 9 1 1 151 9 1 1 200 ATTACHED eth0 lt 9 1 1 100 gt 255 255 255 0 lt CLIENT CLASS IDs gt W_IP_PHONE lt CLIENT gt 1D 01 00 04 35 00 22 24 IW_IP_PHONE Stas 9 1 1 151 lt BOUND gt since 01 01 2003 01 01 47 lt FREE RANGE gt 9 1 1 152 9 1 1 169 18 lt RESERV gt 1D 01 00 04 35 00 22 23 IW_IP_PHONE Andrew 9 1 1 170 lt BOUND gt since 01 01 2003 01 01 37 lt FREE RANGE gt 9 1 1 171 9 1 1 200 30 lt OPTION gt Router 9 1 1 3 lt OPTION gt H323_GK_ADDRESS 195 38 45 84 OK In this example after the reservation was deletes the server cancelled a lease for 1D 01 00 05 90 02 1F C8 client for IP address 9 1 1 2000 in PHONES scope because client s class does not fulfill class filter requirements in the scope After some time the same client obtained another IP address from OTHER scope 1 gt dhcpd scope phones delete reservation 1D 01 00 04 35 00 22 23 OK 1 gt dhcpd show scope phones gt SCOPES PHONES 9 1 1 151 9 1 1 200 ATTACHED eth0 lt 9 1 1 100 gt 255 255 255 0 lt CLIENT CLASS IDs gt W_IP_PHONE lt CLIENT gt 1D 01 00 04 35 00 22 24 IW_IP_PHONE Stas 9 1 1 151 lt BOUND gt since 01 01 2003 01 01 47 lt F
75. 30 minutes announce the information about their firmware to the MINT network The information includes the version of the firmware and the time of uninterrupted without reboots work with this version All units of MINT network both active and passive receive and accumulate the Copyright 2004 2012 by InfiNet Wireless 49 InfiNet Wireless WANFleX OS User Manual information from active units choosing the source with the latest version of firmware with which the source has worked for the longest period of time After the period of information accumulation passive units send their requests for the new firmware to the chosen source Active units form a list of requests and perform a group distribution of the firmware using special MINT multi address distribution protocol The period of information accumulation can be changed using fast normal and slow parameter of the command In fast mode the unit will wait for the potential source of the firmware to work with new version within two hours with no reboots Only after two hours the request will be sent In normal mode the waiting period is 7 hours in slow 24 hours By default passive normal mode is turned on For immediate firmware upgrade there is a special option force The command is not saved in the configuration and acts as a signal for all units to send their requests for upgrade regardless the work mode and information accumulation time period If during the proc
76. 8 61 29 26 192 168 61 1 192 168 61 1 000 35 16 Here clients are started on ethO and rf5 0 interfaces Copyright 2004 2012 by InfiNet Wireless 195 InfiNet Wireless WANFleX OS User Manual For ethO interface DHCP client obtained a lease for 192 168 61 26 IP address with 26 bits network mask length from 192 168 61 1 DHCP server The lease expires in 35 minutes and 16 seconds DHCP client on rf5 0 interface has not yet received any parameters 20 VRRP server VRRP command General Description At the present time most of the large LANs are built with a router in the center In such LANs virtual networks with routing are usually organized redundant connections between devices are provided and additional central router is installed While this kind of structure might seem to be reliable it is the central router that seems to be the vulnerability of the system In the case of central router s malfunctioning there might be a few scenarios each of which would require a system administrator to interfere workstations configuration in order they could work with other router as a gateway changing the configuration of a redundant unit additional router installation etc VRRP server is able to keep the network alive in case any of the described situations occurs In fact the server provides with giving the responsibilities from one device to another if the first one fails When VRRP server is used additional router automatically
77. 9 1 1 100 gt PHONES 9 1 1 151 9 1 1 200 Scope attached OK 2 gt dhcpd show interface gt INTERFACES ethO UP lt SUBNET gt 9 1 1 100 255 255 255 0 lt SCOPE gt PHONES 9 1 1 151 9 1 1 200 lt SUBNET gt 192 168 177 12 255 255 255 0 lt SCOPE gt OTHER 192 168 177 10 192 168 177 19 lt SCOPE gt MSOFT 192 168 177 20 192 168 177 22 vlan0 DOWN lt SUBNET gt 192 168 178 1 255 255 255 0 OK Scope reservation The target of scope reservation is to reserve an P address for a specific client The command is the following Syntax dhcpd scope lt SCOPE_NAME gt add reservation lt CLIENT_ID gt lt CLIENT_IP gt where Copyright O 2004 2012 by InfiNet Wireless 181 InfiNet Wireless WANFleX OS User Manual e SCOPE_NAME name of the scope to which reservation is added e CLIENT_ID client identifier e CLIENT_IP P address which will be given to this client Scope reservations are saved in configuration database of the server and are identified by scope name and client s identifier Example 2 gt dhcpd scope PHONES add reservation 1 D 01 00 04 35 00 22 23 9 1 1 170 OK Thus if a client 1D 01 00 04 35 00 22 23 sends a request to the interface with attached scope PHONES the server will definitely give this client 9 1 1 170 address P address of the reservation must be within a scope range Excludes does not affect the reservation If you add a reservation and another registration for the same
78. 9 dscp 31 Channel 3 sets flow priority QM_PRIO_VIDEO and DSCP label 11 qm ch3 pri 3 dscp 11 Channel 4 sets flow priority QM_PRIO_BUSINESS8 and DSCP label 51 qm ch4 pri 16 dscp 51 All the traffic is coming through channel 1 for setting all priorities to null qm add ch1 pass all from 0 0 to 0 0 Some traffic is setting into channel 2 qm add ch2 tcp from X X X 0 24 to 0 0 Another part of traffic is setting into channel 3 qm add ch3 udp from X X X 0 24 PORT to 0 0 Other traffic will be processed as non priority traffic or can be appointed with some priority by setting into channel 4 qm add ch4 all from 0 0 to 0 0 Channel 25 sets 802 1p packet priority If there is no VLAN heading it will be added automatically qm ch25 dotlp 5 Channel 26 sets 802 1p priority and VLAN ID If there is no VLAN heading it will be added automatically qm ch26 vlan 7 dotlp 4 Copyright O 2004 2012 by InfiNet Wireless 112 InfiNet Wireless WANFleX OS User Manual Packets which are coming from MINT network through eth0 interface and having DSCP label 11 is put into channel 25 qm addout ethO ch25 dscp11 from 0 0 to 0 0 Packets which are coming from MINT network through ethO interface and having DSCP label 13 is put into channel 26 qm addout eth0 ch26 dscp13 from 0 0 to 0 0 Example of using a hierarchy of service classes qm class1 max 1000 qm class2 max 600 ceil 1000 qm class3 max 300 ceil 1000 ceilprio 1 qm ch1 max 200 ceil 1
79. 92 168 1 1 var conf test cfg 5 Flashnet command firmware uploading This command uploads a new version of software Syntax flashnet get put login password host file S src_addr Description Copyright 2004 2012 by InfiNet Wireless 8 InfiNet Wireless WANFleX OS User Manual With get option loads a new software version into the device from a remote server using FTP With put option downloads current software from the device File is the name of the file containing the information transferred The file name shall be specified in full in the format of the remote server s file system Host is the IP_address of the remote FTP server By default the sending interface s address is put in the source address field of the packets Using the S option any other IP address SourceAddress may be substituted for this default address Example flashnet get fto ftp 192 168 1 1 R5000 H05S01 MINTv168 7 bin Loading consists of two phases e Reading the file from the remote server e Loading the system image in the router memory The second phase is shown on the screen by repeated sign 6 Restart command The command performs soft router reset Syntax restart y restart SECONDS restart stop Description Full reset and re initialization of a router Equivalent to toggling the power switch off and on May be used to restore initial configuration after a number of unsuccessful attempts to und
80. A and WEB server is running on client B Then in order to get it work connections accepting on ports 6667 irc and 80 web should be redirected to the appropriate hosts nat redirect_port tcp 192 168 0 2 6667 6667 nat redirect_port tcp 192 168 0 3 80 80 Second type redirect_port proto local_addr_1 local_port_rangel local_addr_2 local_port_range public_addr public_port_range remote_addr remote_port_range Cyclic redirection of incoming packets to several destination addresses for nat redirect_port tcp 192 168 1 2 80 192 168 1 3 80 123 1 1 2 80 In this case all requests to WEB server 123 1 1 2 will be redirected to the LAN servers nat redirect_address local_addr local_addr public_addr Redirects all incoming traffic directed to public_ addr to local_addr If several local_addr addresses specified then redirection will be done in round robbin fashion nat redirect_address 192 168 1 2 192 1 1 1 nat redirect_address 192 168 1 3 192 1 1 2 In this case all traffic incoming to 192 1 1 1 will be redirected to the LAN address 192 168 1 2 and traffic incoming to 192 1 1 2 will be redirected to 192 168 1 3 Address redirection makes sense when there are several P addresses on the same host In this case NAT can assign to every LAN client its own external IP address Then NAT transforms outgoing packets changing P addresses to public external P addresses For example P addresses 128 1 1 1 128 1 1 2 128
81. D List identifier Command value Mask of bits Range of values for the parameter This command creates an operator in a standard access list Value and mask define a range criteria for the operator The mask defines those bits of the value which form the range For example in order to specify the range of IP address from 192 168 12 0 to 192 168 12 255 one should specify the value of 192 168 12 0 and a mask of 0 0 0 255 For the value and mask of 0 0 0 0 255 255 255 255 there is a key word any For example the command RIP config access list 1 permit 0 0 0 0 255 255 255 255 is equal to the command Copyright 2004 2012 by InfiNet Wireless 117 InfiNet Wireless WANFleX OS User Manual RIP config access list 1 permit any Correspondingly for the range which consists of only one address the key word host is used For example the command RIP config access list 1 permit 192 168 12 150 0 0 0 0 is equal to the following command RIP config access list 1 permit host 192 168 12 150 2 Extended access lists access list 2699 gt lt 100 199 gt lt 2000 deny permit p A B C D A B C D A B C D A B C D List identifier command The range of source The range of addresses destination addresses 3 Nominate access lists access list WORD deny permit A B C D M exact match List identifier command Range The requirement for the
82. D gt where e SCOPE_NAME name of the scope to which client vendor class id is added CLIENT_CLASS 1D e CLIENT CLASS ID a set of characters of variable length up to 255 characters If this parameter contains spaces it should be specified in quotes This lt CLIENT CLASS ID gt is compared to what client submits when requests for IP address lease If client submitted a class which does not present in any of scope s filters or a client did not submit any class name only scopes with no class filters can be used for IP address lease In order to delete a class from the filter the following command is used Syntax scope lt SCOPE_NAME gt delete classid lt CLIENT_ CLASS D gt Network interfaces I NTERFACE Network interface physical or VLAN network adaptor registered in OS WANFleX core After its start the server automatically detects all network interfaces which are suitable for serving DHCP clients Suitable interface is an interface connected Copyright 2004 2012 by InfiNet Wireless 179 InfiNet Wireless WANFleX OS User Manual to a multiple access network with broadcast support including VLAN support In server database each interface is identified by its name which was assigned to it while registration in WANFleX OS core In order to review all interfaces use the following commana Syntax show interface lt NTERFACE gt where e INTERFACE network interface name which information is required I
83. EHE i 39 239 HHRHHHHHHHHHHHHHHHRHHHHHHRHHHHHHHHHHHHH i 00028AE1DDC8 lt 35 HHHH EEEE EEEH 39 gt 38 HHRRHHHRHHHRRHHHRHRRRHRHRRRRRREEHHREHEEHEHEH S option keeps the output within one screen without line by line output i SECONDS set the interval for information output in seconds Audiomonitor mode Syntax mint IFNAME monitor no audio full mac MAC audio option enables sound indication AudioMonitor mode noaudio turns off the sound indication In full mode audio monitoring is performed according to a maximal receiving level among neighbors and candidates If full parameter is not specified an arithmetical mean of receive and transmit signal is calculated only for neighbors The neighbor for which this value is maximal will be indicated in audiomonitor mac MAC option allows to perform audio monitoring only for one neighbor with the specified MAC address mint I FNAME monitor audio command starts working immediately and can be saved in the configuration which allows using it even after unit s reboot Frequency roaming For a flexible management of frequency resource higher noise immunity and throughput optimization InfiNet Wireless equipment supports frequency roaming capability based on MINT protocol Copyright O 2004 2012 by InfiNet Wireless 54 InfiNet Wireless WANFleX OS User Manual Roaming is turned off by default that means that the unit works using fixed radio i
84. Ethernet interfaces Moreover in case of one Ethernet connection failure its traffic will be passed to the other one without stooping the services If later the fallen Ethernet connection will be reestablished the traffic will be sent over both Ethernet interfaces again Infinet Wireless LACP Link Aggregation Control Protocol realization fully complies with the IEEE 802 3ad standard for link aggregation In addition special proprietary LACP mode can be enabled that provides enhancement of the efficiency of the process over the standard mode For LACP configuration on W devices the lag command is used Syntax lag N command port port IFNAME IFNAME where command is status show lag interface status migrate enable session migrate migrate disable session migrate balance enable session oriented load balancing balance disable session oriented load balancing mode switch lag inteface mode Modes stand fast clear remove lag interface from configuration loadm show realtime per port load status Description To enable link aggregation on the device the following command is used lag N port IFNAME FNAME This command creates logical lagN interface in the system and assigns parent physical interfaces to it For example lag 1 port ethO eth1 In this example lagl interface is created and two Ethernet interfaces of the device are assigned To delete one ore more parent
85. InfiNet Wireless R5000 WANFleX OS User Manual Updated 16 February 2012 OS Version V1 86 Copyright 2004 2012 by InfiNet Wireless Legal Rights Copyright 2012 InfiNet Wireless All rights reserved The information contained in this document is originated by proprietary confidential and owned by InfiNet Wireless No part of this document should be disclosed reproduced or distributed without the express written permission of InfiNet Wireless Ltd InfiNet Wireless Ltd reserves the right to change the information contained in this document without prior notice No part of this document may be considered as a part of any contract or warranty Statement of Conditions The information contained in this manual is subject to change without notice InfiNet Wireless Ltd shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this manual or equipment supplied with it Disclaimer The software is sold on an AS IS basis InfiNet Wireless its affiliates or its licensors make no warranties whatsoever whether express or implied with respect to the software and the accompanying documentation Infinet Wireless specifically disclaims all implied warranties of merchantability and fitness for a particular purpose and non infringement with respect to the software Units of product including all the software delivered to purchaser hereunder are
86. MA iii AAA AAA 4 Il GENERAL PURPOSE COMMAND SETeonnnccccccccccnononnnnnnnnnnnnnnnnnnnn nr nnn cananea 5 Te Help cOMMAN a 5 DANOS 5 3 Set command time ZONE Settings cccecceeccceseceeeeeseeeeeeeeeeseeeeeaeeeeseeeesaeeeeseeetsaeeeeaeeetsnes 7 4 Config command configuration manipulations ooo onnnnnnnninncicnncconcnnnnconnnn nn nor eerste errant 8 5 Flashnet command firmware uploading ooocccocccnnnccnnnocnnnonononocnnnnaconononnnnncnnnrcnonnccnnnnnns 8 6 REStart COMMAN Aimar don 9 Je NO A As 9 8 Tenetc mmand cai a e aan 10 us TFACOA COMA OR 10 10 Webcfg Web interface support oocccconocccononnnccnnonnnonnnnnnnnrnnnonnnrnnnnnnnrrnnrn nn rerrnnnnrenrnnnnns 11 11 Rshd command Remote Sh ell occonconinccnccnncnncnn nana n oran conc cnn cnc coronan oran ron ncnnacnannrananons 11 12 SSH protocol supportiis 3 areor aaa A A earns 12 SSH Server sshd command c occocccccnccnccnconononannnonanononann non or ono nnronanononan nro nnrn nana nnrcnaanannss 12 SSH Client sshe command iia A oa 15 13 ilipstat command IP2StatistiCS uveirria a dee 16 147 Stlowagent SHOW AGO iia AA 18 15 Access Control Lists acl command oococcnccnccnncnnnnnnnncnnannronononannannrnn ron corro noc ona cnranaaninns 20 E ease chteres adver titatet kee tans a Mate a Selte noes aha dee ewig 21 TE Date COMMAN o dt E 23 18 Erp command Emergency Repair Procedure ooococccnnocccccnnnnoocnnnnnnonnnn
87. ME sensor replay muffer stat clear Description The muffer module makes it possible to rapidly test the electromagnetic environment visually estimate the efficiency of the utilization of the air links reveal sources of interference and estimate their power Several operating regimes of the muffer module provide for different levels of details in test results Review mode This regime is enabled by the review option It makes possible to have a general estimation of emissions and interference within specified frequency range Several frequencies separated by spaces subject to analysis may be specified as parameters FREQ1 FREQ2 Only two last digits of the frequency values shall be given Example muffer rf5 0 review Copyright 2004 2012 by InfiNet Wireless 66 InfiNet Wireless WANFleX OS User Manual Scanned Average Current signal frequencies signal level leve 5260 Amp 3 C15 09 HHRHRHRHHHH 5280 Amp 5300 Amp 2 C16 10 HERRHHHHHHH 5320 Amp 5340 Amp Number of packets received The picture above shows the output of review mode SID mode The sid regime allows estimating the number of currently operating client groups having different identifiers SID and the efficiency of air links utilization The analysis is carried out for all network identifiers at the frequency previously specified for the radio module by rfconfig command Example muffer rf5 0 sid Scanned Total number of SIDs freq
88. Manual TopoGroup e topoEvent full neighbor list is sent in case of any changes in number of neighbors or their status e newNeighbor vent trap is sent when a new neighbor appears e lostNeighborEvent trap is sent when the neighbor is lost MintGroup e mintBitrate trap is sent when the bitrate changes e mintRetries trap is sent Retries has changed by more than 10 e mintSignalLevel trap is sent Signal Level has changed by more than 10 cmxGroup e cesDsx1LineStatus trap is sent when the CES line status changes e ces itterStatus trap is sent the CES jitter buffer size changes ospfGrou e ospfNBRState trap is sent when there happens a change in the state of a non virtual OSPF neighbor e ospfVirtNBRState trap is sent when there happens a change in the state of a virtual OSPF neighbor e ospflFState trap is sent when there happens a change in the state of a non virtual OSPF interface e OspfVirtl FState trap is sent when there happens a change in the state of a virtual OSPF interface e ospfConfigError trap is sent when a packet has been received on an interface from a router whose configuration conflicts with this router s configuration linkEvent this trap is sent when Ethernet state is changing This trap enables disables sending two generic SNMP traps linkUp and linkDown 17 DHCP Server DHCP Server Command Language Commands used for configuration review of current DHCP server state are
89. OSPF domain via redistribution ospf config router summary address A B C D M metric M metric type T In case there is one or more external routes having network prefixes totally covered by the summary address network A B C D M then only the summary route for the A B C D M network will be announced but not the external routes Coupled with the accurate address space management this command allows to reduce the number of external network prefixes in the OSPF domain significantly To view the list of the possible summary networks and a number of the network prefixes that can be replaced with a summary route use the following command ospf show summary address detail Detail option enables detailed output of the command d This command may be used as a tip while planning the network Route map route map For more flexible configuration of metric type and its value for external links one can use a route map Route map is a set of conditional records Each record has its number in the map a condition of correspondence for the importing route of the record actions to be done with a resulting object in case of its correspondence resulting action deny permit etc Routes are listed in the route map according to their number in ascending order If a route satisfies a record s condition If a resulting action is deny the route is denied review of map s records is aborted and a resulting object is cancelled link
90. OSPFv2 dynamic routing protocol module Getting started OSPF protocol is widely used routing protocol for IP networks Basic principles that form a current version of protocol are outlined in RFC 2328 OSPF protocol is a classical Link State protocol which delivers the following functionality B no limitation for the network size routes information update sending using multicast addresses high speed route definition using authentication procedure while routes updating D D DD classless routing support Copyright 2004 2012 by InfiNet Wireless 127 InfiNet Wireless WANFleX OS User Manual Command language Basic principles OSPF has its own command shell CS To enter the shell execute the following commana 1 gt ospf OSPF gt Commands entered in CS are not case sensitive and can be shortened until ambiguity appears To get a quick hint you can press at any time OSPF gt configure Configuration from vty interface end End current mode and change to root mode CTRL C exit Back to WANFleX command shell CTRL D help Print command list show Show running system information OSPF gt CS can work in different modes Current mode is displayed along with command prefix as OSPF mode For example if configure command is entered CS switches to config mode OSPF gt configure OSPF config The following figure shows the transition scheme between different modes of CS configure end
91. PE_NAME gt delete option lt OPTION NAME gt scope lt SCOPE_NAME gt delete reservation lt CLIENT_ ID gt scope lt SCOPE_NAME gt interface lt INTERFACE gt scope lt SCOPE_NAME gt option lt OPTION_NAME gt lt OPTION _VALUE gt scope lt SCOPE_NAME gt reservation lt CLIENT_ID gt delete option lt OPTION NAME gt scope lt SCOPE_NAME gt reservation lt CLIENT_ID gt option lt OPTION NAME gt lt OPTION _VALUE gt scope lt SCOPE_ NAME gt set range lt START_IP gt lt END_IP gt scope lt SCOPE_NAME gt show declinehistory show config show interface lt INTERFACE gt show options show scope lt NAME gt show unleases lt SUBSTR gt show version start stop unlock interface lt INTERFACE gt virtual interface lt VIFNAME gt add subnet lt IP_ADDRESS gt lt SUBNET_MASK gt virtual interface lt VIFNAME gt change lt GATEWAY gt lt GWIFNAME gt virtual interface lt VIFNAME gt delete subnet lt IP_ADDRESS gt lt SUBNET_MASK gt Commands are not case sensitive and can be shortened unless ambiguity appears For example dhcpd show scope command can be shorted to dhcpd s s in its turn dhcpd show config to dhcpd sh c The commands which change DHCP configuration including stop and start commands can be executed only by administrator with super user rights Other commands can be executed by any user In above command list parameters are put into lt gt If parameter value contains spaces this
92. REE RANGE gt 9 1 1 152 9 1 1 169 18 lt CLIENT gt 1D 01 00 04 35 00 22 23 IW_IP_PHONE Andrew 9 1 1 170 lt BOUND gt since 01 01 2003 01 01 37 lt FREE RANGE gt 9 1 1 171 9 1 1 200 30 lt OPTION gt Router 9 1 1 3 lt OPTION gt H323_GK_ADDRESS 195 38 45 84 OK 1D 01 00 04 35 00 22 23 client did not have his lease cancelled 9 1 1 170 address because this client fulfills all scope s rules Attention When executing dhcpd scope lt SCOPE_NAME gt set range lt START_IP gt lt END_IP gt command all reservations that stop fulfilling scope s range of addresses will be deleted automatically Configuration options Configuration options are parameters which clients might request from the server for more precise host configuration These parameters are Address Time Copyright 2004 2012 by InfiNet Wireless 184 InfiNet Wireless WANFleX OS User Manual Router NTP Servers etc Clients may request a different set of these parameters The parameters are only sent when a client included them in its request and only when server knows the value of the parameter Divisions and values of the parameters are defined while DHCP server configuration Divisions can be defined for the following purposes 1 Scope reservation Options values from this division will be given to the client of this reservation 2 Interface reservation Options are sent if requested option s value is not in scope s reservation divisions 3
93. RSH server is disabled To start and stop the server the commands rshd start and rshd stop are executed When started the server ignores requests for command execution until at least one valid system entry is enabled A system entry is specified by an rshd enable command with three parameters e RemoteUSER the name of a remote user up to 16 symbols e RemoteHOST P address of a remote host e LocalUSER the name of a local user up to 16 symbols A request for command execution is serviced only if for all three parameters it specifies the values corresponding to a valid entry Up to 6 independent entries may be defined The name of a local user is in no relation with the WANFleX main authorization system it may be considered simply as a keyword To disable an entry an rshd disable command is executed with parameters defining that entry The rshd flush command clears the rsh server configuration Copyright O 2004 2012 by InfiNet Wireless 11 InfiNet Wireless WANFleX OS User Manual The RSH server may be conveniently used e g for periodic reading of a router statistics rsh 1 mysecretuser RWR domain ru ipstat get Example rshd enable admin 195 38 44 1 mysecretuser rshd enable root 195 38 45 123 mysecret2 rshd start 12 SSH protocol support SSH Secure Shell protocol allows secure remote management of network devices Its functionality is similar to Telnet protocol but as opposed to Telnet SSH encrypts all t
94. Scope Option values from this division can be sent to the client who received an address lease from this scope only if the option requested by the client is not in scope s or interface s reservation division 4 Interface Sent to the client who received a lease from one of the scopes which is attached to the interface and the value of the requested option was not in scope s reservation in the scope itself and in interface s reservation 5 Server Sent to clients which received a lease from one of the scopes if the value of the option was not in all divisions listed above Meaning of the division default value If option s value does not exist in all divisions client does not receive anything from the server Two exceptions are possible e Address Time the value of this parameter is ALWAYS sent to the client If this value is not specified in all divisions the client receives a default value of 120 lease time 2 minutes e Subnet Mask the value of this parameter is ALWAYS sent to the client The value of this option is automatically determined by the server and it cannot be defined in options divisions while server configuration The value of the subnet mask for the client always equals subnet mask of the interface to which the scope is attached this scope gave a lease to the client DHCP configuration options overall table is available using the following link http www iana org assignments bootp dhcp parameters To
95. T advisory CA 95 01 I P spoofing In the previous examples the source address was used a main and the only criteria for the address reliability checking Unfortunately there is a possibility to send the packets from an unreliable address substituting the return address with that you rely on this attack method is called IP spoofing It is clear that the checking only of the source address is not enough It is necessary to check the path of the packet or which is more practical to check the interface through which the packet was accepted A network example is shown below Copyright 2004 2012 by InfiNet Wireless 156 InfiNet Wireless WANFleX OS User Manual All subnets of an inner network including a host address innerhost are owned by the one network or a network group Let s imagine that outer network has no hosts which are within the range set up for the inner network Therefore all the packets that are accepted via rf5 0 interface of the router with firewall run on it and have the source address which is in the range of addresses of the inner network must be blocked The following command can perform this action ipfw add rf5 0 reject all from innerhost 16 to 0 0 Compared to all previous examples this filter will be applied only to those packets which come through rf5 0 interface Packets which come through any other interface ill not be blocked in the example the inner network has addresses of the B class As a
96. UBNET gt 192 168 177 12 255 255 255 0 lt SCOPE gt MSOFT 192 168 177 20 192 168 177 50 lt SUBNET gt 192 168 15 55 255 255 255 0 lt RESERVATION gt for 1D 01 00 05 90 02 1F C8 lt OPTION gt Class_Id Swissvoice vlan0 DOWN lt SUBNET gt 192 168 178 1 255 255 255 0 gt VIRTUAL INTERFACES vvv1 192 168 177 81 UP lt SUBNET gt 192 168 188 1 255 255 255 0 After that we can create a scope of addresses from which a DHCP server can give a lease to the clients to which a DRA has an access to Example 1 gt dhcpd add scope VIRTUAL_ TEST vvv1 192 168 188 20 192 168 188 50 1 gt dhcpd show interface vw1 gt VIRTUAL INTERFACES vvv1 192 168 177 81 UP lt SUBNET gt 192 168 188 1 255 255 255 0 lt SCOPE gt VIRTUAL_TEST 192 168 188 20 192 168 188 50 1 gt dhcpd show scope virtual_test gt SCOPES VIRTUAL_TEST 192 168 188 20 192 168 188 50 vvv1 ATTACHED vvv1 lt 192 168 188 1 gt 255 255 255 0 lt FREE RANGE gt 192 168 188 20 192 168 188 50 31 You can delete a subnet from the virtual interface s list using the following command Syntax dhcpd virtual interface lt VIFNAME gt delete subnet lt P_ADDRESS gt lt SUBNET_MASK gt Example 1 gt dhcpd virtual interface vwv1 delete subnet 192 168 188 1 255 255 255 0 1 gt dhcpd show scope virtual_test gt SCOPES VIRTUAL_TEST 192 168 188 20 192 168 188 50 vvv1 As we deleted a subnet to which a scope was connected the scope will be deta
97. VIDEO 3 QM_PRIO_RT2 4 QM_PRIO_QOS1 5 QM_PRIO_QOS2 6 QM_PRIO_QOS3 7 QM_PRIO_QOS4 8 QM_PRIO_BUSINESS1 9 QM_PRIO BUSINESS2 10 QM_PRIO BUSINESS3 11 QM_PRIO BUSINESS4 12 QM_PRIO_BUSINESSS 13 QM_PRIO BUSINESS6 14 QM_PRIO_BUSINESS7 15 QM_PRIO_BUSINESS8 16 Priorities 1 and 2 are additionally processed as voice Packets from which the priority is not clearly defined will be sent via common queue with Best Effort Qm option qm option rtp dot1p tos Jicmp tcpack strict e allows automatic prioritization management of data flows in the device Command options rtp dotip tos Jicmp tcpack enable disable automatic prioritization of real time packets packets labeled with IEEE 802 1p priority below is a compliance scheme of MINT and IEEE 802 1p priorities packets labeled with TOS ICMP Internet Control Message Protocol packets TCP ACK acknowledgments packets e strict option means that Strict Priority policy is applied to all queues otherwise by default Weighted Fair Queuing policy is used Strict Priority policy is when packets from queue with lower priority Copyright 2004 2012 by InfiNet Wireless 110 InfiNet Wireless WANFleX OS User Manual are not processed before queue with higher priority is not empty Weighted Fair Queuing policy is when even if higher priority queue is not empty packets from other queues will be processed in a distinct sequence relative to a highe
98. When direct is in access list is adjusted to input packages when out to output packages This command connects access list with the interface In the following example the eth0 allows only those packets that are routed to 10 0 0 0 8 RIP config router distribute list private in ethO RI P config router access list private permit 10 10 0 0 0 8 RI P config router access list private deny any Default metric is specified using the following command in the config router mode default metric lt 0 16 gt Copyright 2004 2012 by InfiNet Wireless 119 InfiNet Wireless WANFleX OS User Manual If default metric is not defined it equals 1 In redistribute kernel mode the router will not make an advertisement into RIP system about having a default route destination 0 0 0 0 0 network even if it is clearly written in the routing table by the administrator In order for the router to advertise its default route it is necessary to clearly force him to do that using a command in config router mode default information originate To cancel advertising of the default route us the command no default information originate The following command enables split horizon algorithm at the device s ip interface in the config if mode split horizon poisoned reverse When the split horizon algorithm is enabled device doesn t announce routes through an interface from which they were obtained thus reducing the
99. X Y N M auto radio interface frequency or list of frequencies Auto keyword can be used in this case all frequencies that the unit supports will be used e sid X Y SID of the radio interface or list of SI Ds e bitr X bitrate of the radio interface Acts as a top limit for the bitrate if autobitrate mechanism is turned on e band double full half quarter defines the channel width for the profile If profiles use different channel widths auto mode for frequency cannot be used e type master mesh slave node type e key XXX secret key e nodeid N node ID e fixedbitr sets fixed bitrate for the node e minbitr XXX minimum bitrate for operation in autobitrate mode e autobitr dB operation mode with automatic bitrate control dB parameter allows to manage bitrate control sensitivity e long on off enables disables compulsory long mode e enable disable delete enables disables or deletes the profile Syntax mint IFNAME roaming leader enable multiBS disable mint IFNAME profile N freq X Y N M auto sid X Y bitr X band double full half quarter type master mesh slave key XXX nodeid N Copyright 2004 2012 by InfiNet Wireless 55 InfiNet Wireless WANFleX OS User Manual minbitr XXX autobitr dB fixedbitr long fon off enable disable delete Samples mint rf5 0 profile 1 freq 5920
100. XXX XXX XXX XXX Lists of net type optimize their parameters by excluding duplicates and by having the feature that enables bigger networks include smaller networks For example if the list contained 1 1 1 1 parameter when you include 1 1 1 0 24 parameter in the list 1 1 1 1 will be excluded Example acl add LIST1 net 10 0 0 0 8 192 168 0 0 16 5 5 5 5 acl del LIST1 5 5 5 5 Reserved access lists ACLOCAL reserved list for access limitation to the device via Telnet FTP HTTP and SSH protocols Having ACLOCAL access list in the configuration all attempts to establish a connection with the device from addresses networks that are not in this list will be rejected Example acl add ACLOCAL net 10 0 0 0 8 192 168 0 0 16 16 Sntp command SNTP parameters management SNTP support developed in WANFleX lets the system to synchronize the time Client works in unicast server request mode in certain time range Copyright 2004 2012 by InfiNet Wireless 21 InfiNet Wireless WANFleX OS User Manual Syntax sntp options command Commands are the following e start start service e stop stop service Options are the following e server ipaddr set sntp server address e interval seconds specify poll interval in seconds e debug on off enable disable debug information Example sntp interval 3600 debug on sntp server 9 1 1 1 start Commands e start Make the process of time synchronization active Exa
101. Y Moreover each of these two nodes can set up connections with other nodes working in public mode if their keys correspond with each other Example 3 Node A has a local database and acts as an authentication relay Node B does not have a database and uses a relay in remote mode Node A mint rf5 0 key KEY1 mint rf5 0 authmode static mint rf5 0 authrelay mint rf5 0 addnode mac B B B B B B key KEY2 mint rf5 0 addnode mac A A A A A A key KEY3 Node B mint rf5 0 key KEY2 mint rf5 0 authmode remote Node B will be getting neighbors information via relay Node A If Node A is switched to remote mode and there is no information in the local database the authentication request will be forwarded to the remote server if specified and accessible or to another authentication relay Automatic over the air firmware upgrade mint IFNAME airupdate disable active passive force fast normal slow This set of commands manages the Automatic Over the air Firmware Update system What is it The AirUpdate system provides with an easier ways of massive firmware upgrade in the MINT network for a big number of the nodes same type In order to do that only one unit of each type should be manually or through the scheduler upgraded other units will get new firmware automatically How does it work Every unit can be configured for AirUpdate in passive or active mode Active units periodically every
102. a set of commands which delete all of these options from the divisions Syntax dhcpd scope lt SCOPE_NAME gt reservation lt CLIENT_ID gt delete option lt OPTION_NAME gt dhcpd scope lt SCOPE_NAME gt delete option lt OPTION NAME gt Copyright 2004 2012 by InfiNet Wireless 186 InfiNet Wireless WANFleX OS User Manual dhcpd interface lt INTERFACE gt reservation lt CLIENT_ID gt delete option lt OPTION _NAME gt dhcpd interface lt INTERFACE gt delete option lt OPTION_NAME gt dhcpd delete option lt OPTION NAME gt One should pay a great deal of attention to the deletion of interfaces reservation division options If after deletion it turns out that options set for this reservation is empty the interface reservation will be deleted automatically Not all of the options can be defined in any division Apart from Subnet Mask was described above there are options which can be defined for some particular divisions Example 1 gt dhcpd scope phones option class_id TestClass ERR This option cannot contain in the given division Moreover there is a set of service options which although are included into a summary table they do not act as configuration parameters but act as service parameters The list of service options of DHCP server looks as follows e Subnet Mask Address Request Overload DHCP Msg Type DHCP Server Id Parameter List DHCP Message DHCP Max Msg Size Client Id If you
103. able With this if a destination for this route is 192 168 200 0 24 network the formed route will have metric 7 any other destination will not lead to route announcing it Attention For the interface to use the route map which we have created before one have to use command route map in the config router mode route map WORD in out IFNAME where WORD name of the road map which we have created before Authentication I dentity check In order to prevent an unauthorized connection of the routers to RIP system the system has an identity check for protocol s packets Currently the router has two different options for identity check authentication Password authentication Simple password authentication is vulnerable for passive attacks sniffing because broadcasting is used and the packet has a password in an explicit form Cryptographic authentication Key is used while generation and check of message digest signatures Digital signature is built based on MD5 algorithm As a secret key is never send over the network in a clear form this gives a protection from passive attacks By default the router does not have any authentication null authentication Authentication can be configured individually for each interface using the following commands in config if mode 1 Password authentication authentication mode text authentication string LINE where LINE password less than 16 symbols 2 Cryptographic authenticati
104. accepted 2 Otherwise the first matching filter decides the packet s fate If it is an accept filter the packet is accepted If it s a reject filter the packet is rejected discarded 3 1f no filter has been found that matches the packet it is accepted The algorithm of applying any specific filter to a packet is as follows 1 1f the value in the proto field of the filter is not all and the packet s protocol is different from that specified in the filter then the filter is skipped not applied for this packet 2 1f the source address in the packet differs from that specified in the filter then the filter is skipped if the source address is specified in the filter with a mask then the mask is applied to both addresses before comparing them 3 1f the destination address in the packet differs from that specified in the filter then the filter is skipped a mask if any is applied similarly to the previous step 4 1f the ip_ fragment modifier is specified in the filter but the packet is not an IP fragment then the filter is skipped 5 1f the ip_tail_ fragment modifier is specified but the packet is either the first or the only fragment then the filter is skipped 6 1f the ip_head_fragment modifier is specified but the packet is not the first fragment of a fragmented IP packet then the filter is skipped 7 1f the tcp_connection modifier is specified but the packet is not the first or the only fragment of a TCP connectio
105. address is 123 45 67 65 Solution nat redirect_port ras 10 0 0 99 1719 1719 123 45 67 89 RAS gatekeeper address 123 45 67 65 1719 Example 2 Static subscriber resides in Internet having address 123 45 67 89 and gatekeeper resides in LAN having address 10 0 0 99 NAT alias address 123 45 67 65 Solution nat redirect_port cs 10 0 0 99 1720 1720 123 45 67 89 In subscriber configuration gatekeeper address should be 123 45 67 65 1720 16 SNMP Traps support trapd command SNMP protocol allows a network agent to send asynchronous traps when some specific event occurs on the controlled device object InfiNet Wireless devices has built in SNMP Traps support module agent that performs a centralized information delivery from internal device subsystems to the configured SNMP server SNMP Traps agent is managed using the trapd command Syntax trapd dst addr x x x x PORT GROUPNAME ITYPENAME trapd dst addr x x x x PORT trapd map trapd agent x x x x Copyright 2004 2012 by InfiNet Wireless 172 InfiNet Wireless WANFleX OS User Manual trapd agent trapd gateway xxxxxxxxxxxx auto trapd gateway trapd type TYPENAME enable disable trapd start stop where PORT default value is 162 if omitted possible GROUPNAMEs are topoGroup mintGroup cmxGroup ospfGroup and possible TYPENAMEs are topoEvent newNeighborEvent lostNeighborEvent mintRetries mintBitrate mintSignalLevel cesDsx1LineS
106. aller values correspond to greater priority levels Two special values are available 1 sets the lowest priority 2 deletes the prioritization from the logical channel e no strict Please see the strict option description in the Qm option section below e pps N Sets the limit for the packets per second for the specified channel To disable set the parameter to 0 e to addr redirects the whole stream to the specified P address irrespectively of the present routing conditions The specified address shall be directly attainable through one of the router interfaces without additional routing This may be useful when the router serves as a network access unit and two or more different clients want to access different providers through one unit e vlan N dot1p N dscp N manipulates DSCP and or 802 1p labels Value 1 deletes the parameter DSCP valid values are 0 63 sets to O zero Copyright O 2004 2012 by InfiNet Wireless 108 InfiNet Wireless WANFleX OS User Manual 802 1p priority valid values are 0 7 sets to 0 zero and if VLAN ID isn t introduced is deleted with VLAN header VLAN ID valid values are 0 4095 is deleted with VLAN header regardless of 802 1p priority If several of the above parameters are specified in the same command then speed limitation is applied first then redirection and only then priority If Wan and dotlp parameters are specified in the same comma
107. ame this frame will be fragmented and then assembled at the remote side Fragmentation algorithm uses the feature of Ethernet to avoid a delivery of frames out of order There is a possibility to create up to four isolated pseudo radio networks within one Ethernet segment Each prf interface can be assigned a number from 0 to 3 Frames sent to Ethernet with a specific channel number can be received on other nodes only be prf interfaces with the same channel number prf command options e parent I FACE IFACE interface through which encapsulated and possibly fragmented packets will be sent Only Ethernet type interfaces should be configured e hwmtu N N maximal length of Ethernet frame sent to the parent interface e channel N Copyright 2004 2012 by InfiNet Wireless 59 InfiNet Wireless WANFleX OS User Manual N channel number with which the frames are sent and received by parent interface e clear deletes prf with a specified number More information on prf interface usage one can find in mint command description 4 Link Aggregation lag command Link Aggregation is using multiple physical channels in parallel as one logical channel to increase the total capacity of the link and provide redundancy For example it can be used to set up a high capacity device to LAN backbone utilizing two Ethernet interfaces of the device The total link speed of such backbone will be a sum of the speeds of the
108. ames 16 datapad 32 ports 0 physical interface 0 tx fifo underruns 0 rx fifo overruns link status octets in out frames in out port 0 up NoAlarm 37173184 39834496 1161662 1244828 port 1 up NoAlarm 0 39744608 0 1242019 port 2 down LossOfSignal 16632896 39654336 519778 1239198 port 3 down LossOfSignal 0 39554560 0 1236080 packet interface port 0 tx on restarts 0 rx on restarts 0 jitter buffer 7 769 cur 0 231 dev 6 953 min 8 406 max packets total 39523 500 per second 100 valid OR bit O L bit O late 0 lost 0 out of order 0 underrun 0 overrun 0 invalid sequence 0 duplicate 0 malformed port 1 disabled port 2 disabled port 3 disabled Where unit status shows CES module status Slave master common synchronization mode on CES module Slave is a recovery mode master non recovery mode time time from ces start command input time from last statistics clearing mode shows ces mode parameter configuration peer Mac address of neighboring device with which CES over WLAN transmission is performed master settings shows Ces Master module configuration only in Slave mode This configuration is used on Slave module physical interface between IW CES module and external TDM equipment shows E1 T1 ports state packet interface between CES modules of point to point IW devices shows a state of CES over WLAN packet flows for each port It is seen that receiving rx and trans
109. amp max Ant amps column indicates signal levels from 0 1 and 2 antennas divided by correspondingly For successful radio link establishment the following factors have to be considered 1 It is recommended to start antenna alignment with searching maximum signal level on a minimal possible bitrate Afterwards automatic MINT mechanisms will set the most appropriate bitrate if autobitrate mode will be enabled 2 Current incoming signal level in amp max columns see ltest command output must be between 12 and 40 Copyright 2004 2012 by InfiNet Wireless 64 InfiNet Wireless WANFleX OS User Manual When it is more than 40 it is recommended to lower amplifier power If maximal signal level is less than 12 it is recommended to lower bitrate or channel width for example from 20MHz to 10MHz on the both sides of the radio link In some cases signal level that is less than 12 may be enough for radio link operation In this case one has to be guided by such parameters as number of retries number of undelivered packets and number of undelivered acks If the number of undelivered packets and the number of undelivered acks is null the number of retries is small and all these parameters are constant in time then the radio link most often will be operating properly 3 Number of retries value in rt columns must be as close to zero as possible 4 Number of undelivered packets value in up columns mus
110. and prefix as RIP mode For example if configure command is entered CS switches to config mode Copyright 2004 2012 by InfiNet Wireless 114 InfiNet Wireless WANFleX OS User Manual RIP gt configure RI P config The following figure shows the transition scheme between different modes of CS configure end Ctrl C RIP config router RIP config router interface RIP config if route map RIP config route map One can set the necessary mode or execute commands without specially entering into arip module For example if we consistently execute the following commands 1 gt arip configure 1 gt arip router 1 gt arip RI P config router While entering arip we will enter directly into necessary mode config router as it is shown in the example Every mode has its own set of commands The following commands are available in any mode B Help prints the list of commands for the current mode B End goes back from the current mode to the base mode B Exit exit to WANFleX CLI from RIP CS At the start CS is in the base mode which has a set of commands to view current router state In order to switch to the configuration mode you should have superuser rights After entering a configuration mode the configuration is being blocked and entering in this mode from other terminal e g other telnet session is prohibited In order to avoid a
111. and defines that group will switch only the packets not tagged with VLAN tag switch group ID info INFO_STRING This command allows adding comments to switch group description switch group ID setid NEWID This command changes ID of the switching group to NEWID Example switch group 3 setid 7 switch group ID Copyright O 2004 2012 by InfiNet Wireless 82 InfiNet Wireless WANFleX OS User Manual dump interface WILDCARD dbdelete MACADDRESS start stop remove Here dump prints the database of all known MAC addresses interface prints the database of all known MAC addresses by grouping them according to interfaces WILDCARD the output will be filtered according to the WILDCARD criteria e dbdelete MACADDRESS deletes all records from MAC address database connected with a specified MACADDRESS start stop starts stops a specified switching group restart restarts the switching group same as switch group ID start switch group ID start set of commands The command is used to clean the switching group database remove deletes a specified switching group from the switch configuration Examples switch group 3 dump eth0 switch group 5 start In order to access PCs which are connected wirelessly from eth interfaces e g workstations which are connected using wired interfaces to one of the units on such units border units of the wireless network one of the groups should b
112. annels Optional pass parameter allows a packet to pass a rule executing the related actions of this rule and continue with other rules in the list qm stat full clear command displays statistics of the specific channel only for channels with specified speed limitation Full option allows viewing enhanced statistics Clear option zeroizes the statistics The Qm stat command displays PPS Packets Per Second statistics d only if the limit for the packets per second is set for the specified channel qm chN pps N qm del RULE_NUMBER This command deletes the specified rule from the list qm RULE _A RULE_B Change the number of the rule from A to B qm rearrange N Renumbers all the rules with the given increment default is 5 Copyright 2004 2012 by InfiNet Wireless 109 InfiNet Wireless WANFleX OS User Manual Transparent packets prioritization is supported in MINT network It is performed by using channels management in qm command Administrator can put streams into different channels based on qm ipfw rules as well as tos and dscp fields qm chil pri 12 qm add ch1 all from x x to y y qm add ch1 dscp 31 all from a to b qm add ch1 dscp 42 Each channel can be assigned a priority 0 16 Once assigned a priority will be automatically recognized by every node inside MINT network Priority scheme looks as follows QM_PRIO_NETCRIT 0 QM_PRIO_VOICE 1 QM_PRIO_RT1 2 QM_PRIO_
113. arameters interface gateway destination etc If type and or value of a metric left undefined the router will consider these external links to have a default metric and type 2 Default metric is specified using the following command default metric lt 0 16777214 gt Copyright 2004 2012 by InfiNet Wireless 133 InfiNet Wireless WANFleX OS User Manual If default metric is not defined it equals 1 In redistribute kernel mode the router will not make an advertisement into OSPF system about having as link to default gateway destination 0 0 0 0 0 network even if it is clearly written in the routing table by the administrator In order for the router to advertise its link to the default gateway it is necessary to clearly force him to do that using a command in config router mode default information originate always metric type 1 2 metric lt 0 16777214 gt route map WORD metric type 1 2 and metric lt 0 16777214 gt attributes define the same parameters of the external link for redistribute command They are also not mandatory This command also has one optional attribute always This attribute makes a router to advertise its default gateway link even if the route is not in the routing table To cancel advertising of an external link to default gateway us the command no default information originate The following command allows setting summary address for the external routes that are injected into the
114. ation as complete as possible the scanning process may take some time It is recommended to use Graphical Spectrum Analyzer in Web interface please see IW Technical User Manual for instructions A Running Spectrum Analyzer mode disturbs normal operation of the radio module and makes it impossible to access the unit via radio Example muffer rf5 0 sensor The picture below shows muf sensor output i Fi 5000 F2 6060 Band 5 Step 5 i Pass 10 80 Fixed maximum values Mis i Detected signals 100 nud v vu uwv u vu v vu uw u vu oun Noise floor in dBm 110 5135 5150 5175 5200 5225 5250 5275 5300 5325 5350 5375 5400 5425 5450 5475 5500 Signal level scale in Scanned frequencies in dBm MHz Supplementary options for muf sensor command e Fl sets the initial frequency for scanning in MHz Minimal available frequency for the given equipment model is used by default Copyright 2004 2012 by InfiNet Wireless 70 InfiNet Wireless WANFleX OS User Manual e F2 sets the ending frequency for scanning in MHz Maximal available frequency for the given equipment model is used by default The actual shown ending frequency is limited by the size of the program window e BW sets bandwidth in MHz Allowed values are 1 5 10 20 MHz depending on the concrete equipment mode e STEP sets frequency changing step in MHz Allowed values are 1 5 10 20 MHz but no more than de
115. ay e defmask X X X X Set default mask When mask or gateway values are not defined for the subscriber node then default gateway or default mask will be used for this node Thus to add a subscriber node to the local database it is enough to define MAC address mac target IP address tip and a key mint rf5 0 addnode mac 000435567322 tip 10 1 1 1 key SecretKeyl If a key is not specified for a subscriber node then Base Station s key is assigned to this node Information about default gateway that is set by addnode tgw addnode defgw commands is not provided to a subscriber node in case P address and network mask is not specified Deleting a node from local database Syntax mint FNAME delnode mac X X X X X X The command deletes a record created using addnode command with a corresponding MAC address Example mint rf5 0 delnode mac 000028BAF234 Managing MI NT protocol Syntax mint rf5 0 start stop Copyright O 2004 2012 by InfiNet Wireless 43 InfiNet Wireless WANFleX OS User Manual The command starts or stops MINT protocol Example mint rf5 0 start Fixed cost setting Syntax mint IFNAME fixedcost XX This command will force all the costs for all the units connected to this unit to be fixed at the value specified in the command Example mint rf5 0 fixedcost 120 Extra cost setting Syntax mint FNAME extracost XX extracost is configured for the inter
116. bind addr ADDR b ADDR pubkey show pubkey new BITS pubkey clear pubkey export LOGIN PASSWORD O HOST FILE algo list kex algos ALGO LI ST hostkey algos ALGO LIST cipher algos ALGO LIST c ALGO LIST hash algos ALGO LIST m ALGO LIST comp algos ALGO LI ST Description To connect to the remote device with SSH Server running on it using SSH Client type the following command sshc options LOGIN HOST REMOTE COMMAND Where LOGIN is a login user name for remote device maybe omitted when default logging name is used on the remote device and HOST is P address of a remote device Optional REMOTE COMAND parameters defines a command that should be executed on the SSH Server after successful login The following SSH Client options are available e window SIZE allows changing SSH Client internal receiving window size in bytes SSH Client window size defines maximum allowed bandwidth for SSH Server SSH Client data channel By default SSH Client window size is 24576 bytes e keepalive TIME sets a frequency of sending compulsory session activity confirmations to the server This allows not to loose the session to the server when SSH Client leaved unused for a long time period By default SSH Client doesn t send any special activity confirmations 0 value Measured in seconds e compress C enables data compression Copyright O 2004 2012 by InfiNet Wireless 15 InfiNet W
117. blish a connection given other settings are suitable if their keys are equal In public mode having found a potential neighbor a node check for its information in the Copyright O 2004 2012 by InfiNet Wireless 47 InfiNet Wireless WANFleX OS User Manual local database defined by mint IFNAME addnode commands If requested information is found a key from a local database will be used Otherwise it is assumed that neighbor s key corresponds with node s own key mint IFNAME key parameter static every node has a full list of nodes including their parameters and access keys with which a connection can be established This mode is suitable for an autonomous area of service with no need of centralized management and monitoring Obviously nodes that are included in each others access lists local databases should have a physical ability to connect to each other in order to establish a connection In static mode each node must have a list of all permitted neighbors in a local database formed by a set of mint IFNAME addnode commands If no information on the neighbor is found in the database the connection is being rejected remote centralized authentication mode with remote server e g RADIUS or relay In this mode any node can request the information from a remote authentication server remote authentication server parameters are set using AAA command This means that the node must have an access to t
118. by the specific model If the router is configured as a BS and autobitrate mode is turned on this parameter will specify the maximum transmitting speed for the BS e txpwr XXX sets the emitting power of the transmitter in dBm The acceptable transmit power values can vary depending on the type of the radio module installed The acceptable transmit power values can be viewed using the rf lt if name gt capabilities command e sid XXX system identifier of the router a hexadecimal number in the range of 1H to FFFFFFH All routers that are supposed to see each other on the same radio link must have the same identifier Copyright O 2004 2012 by InfiNet Wireless 30 InfiNet Wireless WANFleX OS User Manual e cap displays the capabilities of the radio module including acceptable transmit the information on power levels frequencies etc e dist XXX this parameter is used as an alternative method of link range configuring in order to set the exact distance value between two devices in kilometers This parameter changes time values for some delays and time outs thus making possible to work on longer distances with smooth adjustment There are several ways to manage this parameter e To set an exact value in kilometers e Use automatic distance calculation by default In this case the unit will calculate and set the link distance automatically In the configuration an automatically calculated value is displayed after the aut
119. cal data are discarded If the ipstat strict option has been specified then at the overflow condition the transit routing is disabled but the router still responds to any protocol To get the gathered statistic info remotely one can use the following commands e ipstat fixit dumps the currently collected info from the router s memory into an intermediate buffer The memory is cleared and continues receiving info over again e ipstat fixget shows the content of the dump buffer This command may be executed any number of times with no damage to the dumped statistical info e ipstat fixclear clears the temporary dump buffer The listing of statistical info provides e time elapsed since the previous clear operation e number of records effectively used and total record space available e number of bytes lost due to record memory overflow list of all records Copyright 2004 2012 by InfiNet Wireless 17 InfiNet Wireless WANFleX OS User Manual The ipstat add ifname rule command makes it possible to filter packets for statistic gathering taking into account only those packets which satisfy the rule The syntax of the rule parameter is the same as defined in the ipfw command description The ipstat del N command deletes the N th rule from the list of rules The ipstat rearrange N command renumbers all the ipstat rules with the given increment default step is 1 The ipstat traf detail bytes total_bytes all
120. capsulated packets come back to the tunnel entrance and so on causing system overload The system watches over such situations and when discovering a loop drops erroneous packets and writes a message tunX looping into the system log The sre address must be a real P address for one of the router s interfaces for the same reason it shall be attainable from the router at the tunnel s remote end through the existing network and not only through this tunnel On the remote site of the tunnel the src and dst addresses swap their roles The mtu optional parameter allows the user to set the Maximum Transfer Unit size for packets going through the tunnel Default value is 1480 bytes Disabling the tunnel number N may be done by executing the command tun N clear When df option is enabled the unit clears DF Don t Fragment flag in the header of all IP packets passing through the tunnel Example ifconfig tun0 1 1 1 1 1 1 1 2 tun 0 src 195 23 23 23 dst 194 34 34 34 Here the ifconfig command defines internal P addresses for both ends of a tunnel 0 as addresses for an interface denoted as tunO then the tun command defines real P addresses for the tunnel 0 extremities At the opposite side of the tunnel this would look as follows ifconfig tun0 1 1 1 2 1 1 1 1 tun 0 src 194 34 34 34 dst 195 23 23 23 If you use a Cisco Systems router at the remote end you may configure it as follows interface Tunnel0 ip address
121. carry traffic Furthermore the availability of options upstream ensures that the terminal nodes will choose to send packages only one hub but it is the shortest way to the nearest hub A distinctive feature of such solution is a possibility to use different hubs with the same group number To eliminate broadcast storm that could have happened because of the connection of several hubs to different ports of the same switch trunk and downstream hubs never use each other for traffic transmission Moreover upstream option guarantees that nodes will choose only one hub for packet delivery the shortest route to the nearest hub MAC Switch supports STP protocol namely two its versions STP and RSTP To implement this feature the following switch commands are introduced switch group ID stp off on dump This command with off on options enables or disables STP for the group Dump option allows to see STP state of the group switch group ID stp dump command output Copyright 2004 2012 by InfiNet Wireless 84 InfiNet Wireless WANFleX OS User Manual Root switch Current switch Switch group Current switch Root switch identificator identificator ar as priority priority STP state for hi ae group 1 ID 2000000435007764 Priority 36864 ROOT 8001000DBD569B40 Priority 32769 Ports Name Prio Cost PUer Role State rf4 0 128 666600 RSTP ALTERNATE DISCARDING pA T MEN RETR ROOT i F Switch port me priority Port cost STP v
122. ce enters the BACKUP mode To disable the Network Prefix Monitoring mode use the off option Example vrrp eth0 10 track default Copyright O 2004 2012 by InfiNet Wireless 198 InfiNet Wireless WANFleX OS User Manual Keep alive messaging interval setting Syntax vrrp IFNAME VRID interval Al NT This command allows set the required keep alive messaging interval for the main route Parameter s value is set in seconds The router acting as MASTER periodically sends service packets to other VR routers On receiving these messages BACKUP routers get the information about MASTER s availability Default value of the parameter is 1 second If you set another value of this parameter you should keep in mind it has to be equal for all routers of specified VR Example vrrp eth0 10 interval 2 Self learning mode Syntax vrrp IFNAME VRID learn 0n off The mode allows a router to collect the list of VR s P addresses while it acts as a BACKUP router This mode is used to simplify VRRP server configuration You can simply make a list of VR s P addresses only for one router the owner of P addresses with the priority of 255 For the rest routers it is enough to create VR with an empty P addresses list and set up a self learning mode Example vrrp eth0 10 learn on VR deleting Syntax vrrp IFNAME VRID clean Command deletes specified VR Example vrrp eth0 10 clean P address removing fr
123. ched automatically This scope will stay detached until an appropriate subnet is configured for the vvv1 virtual interface DHCP server configuration cleanup In order to clean DHCP server configuration it first should be stopped by dhcpd stop command After that the configuration can be cleaned dhcpd clear 18 DHCP relay dhcpr command General Description For DHCP protocol regular work the server and the hosts that get the service should be allocated within one network segment no routers should be placed in between If the network consists of several segments each segment should Copyright O 2004 2012 by InfiNet Wireless 192 InfiNet Wireless WANFleX OS User Manual have its own DHCP server as routers block broadcast packets One of the alternatives to this solution is installing in each segment that does not have the server DHCP Relay Agent which forwards the requests from network hosts to DHCP server Some routers may also have a function of DHCP Relay Syntax dhcpr add delete SERVERIP dhcpr flush trace notrace dhcpr lock unlock INTERFACE dhcpr info noinfo dhcpr start stop Commands Description Start Stop of DHCP Relay Syntax dhcpr start stop This command starts stops DHCP relay Example dhcpr start DHCP servers listing Syntax dhcpr add delete SERVERIP This command adds deletes DHCP servers to the list for which client s requests forwarding wil
124. cified in the XXX YYY format reflecting a part of the IP address both XXX and YYY numbers can range from 1 to 255 The parameter is optional Example mint rf5 0 nodeid 5 mint rf5 0 nodeid 123 112 Setting node name Syntax mint FNAME name NAME The command sets the name for the node Node name will be displayed in mint map set of commands Node name should not exceed 16 characters Spaces in the node name are accepted if put between quotation marks Example mint rf5 0 name My_node mint rf5 0 name Master Unit Copyright 2004 2012 by InfiNet Wireless 38 InfiNet Wireless WANFleX OS User Manual Switching to marker access mode polling Syntax mint IFNAME poll start log stop stat clear The command turns on off polling mode for the master station Polling mode is a method of accessing common radio channel under master station control which consists in centralized distribution of transmission authorization markers by a master station to slaves This mode greatly improves operational stability and throughput of master stations under conditions of heavy load and signal level misbalance between different slave units It is particularly useful when slaves units are at long range from a base station and not in the direct visibility of each other so that they cannot avoid mutual collisions in the radio channel by listening each other s transmission The polling regime makes it
125. client exists in another pool new reservation will not be created and the user will see an error message 1 gt dhcpd scope other add reservation 1D 01 00 04 35 00 22 23 192 168 177 10 eth0 lt 192 168 177 12 gt OTHER 192 168 177 10 192 168 177 19 Reservation for ID 01 00 04 35 00 22 23 already exists in scope PHONES with IP 9 1 1 170 ERR Reservation s IP is out of scope s range Moreover reservation does not obey class filtering rules Example 2 gt dhcpd show scope gt SCOPES MSOFT 192 168 177 20 192 168 177 22 eth0 ATTACHED eth0 lt 192 168 177 12 gt 255 255 255 0 lt CLIENT CLASS Ds gt W_BRI_GATEWAY MSFT 5 0 lt CLIENT gt 1D 01 00 C0 DF 10 AF 69 MSFT 5 0 wad 192 168 177 20 lt BOUND gt since 01 01 2003 05 01 08 lt FREE RANGE gt 192 168 177 21 192 168 177 22 2 NEW 10 12 12 30 10 12 12 50 OTHER 192 168 177 10 192 168 177 19 eth0 ATTACHED eth0 lt 192 168 177 12 gt 255 255 255 0 lt CLIENT gt 1D 01 00 05 90 02 1F C8 192 168 177 10 lt BOUND gt since 01 01 2003 05 34 24 lt FREE RANGE gt 192 168 177 11 192 168 177 11 1 lt FREE RANGE gt 192 168 177 13 192 168 177 19 7 PHONES 9 1 1 151 9 1 1 200 ATTACHED eth0 lt 9 1 1 100 gt 255 255 255 0 lt CLIENT CLASS Ds gt W_IP_PHONE lt CLIENT gt 1D 01 00 04 35 00 22 24 IW_IP_PHONE Stas 9 1 1 151 lt BOUND gt since 01 01 2003 05 00 34 lt FREE RANGE gt 9 1 1 152 9 1 1 169 18 lt RESERV gt
126. comes onto operation Each redundant router should be a part of virtual router VR For VR there is a list of its VR P addresses At the time one of routers becomes a primary one it starts to serve each of this list P addresses i e to reply on ARP requests and takes the host functions with these P addresses VR is referred to by its identifier the number in 1 255 range VRID Hence the logic of VRRP server operations is the following 1 Several VRRP routers form VR Each of them has identical VRID and identical list of P addresses 2 The main router should be selected from the list of VRRP routers MASTER mode Other ones get the status of slave routers BACKUP mode The main router periodically sends special packets Sweeping By receiving these packets BACKUP routers make a decision about MASTER s availability 3 In the case of the main router failure there are no keep alive messages from MASTER for a long time one of the slave routers becomes the main router and starts to process packets addressed to VR The main virtual router selecting is implemented automatically this status gets the router with the highest priority or in the case their equality with the biggest network interface IP address Full syntax vrrp start stop dump vrrp dump I FNAME VRID vrrp IFNAME VRID start stop clean flush vrrp IFNAME VRID add delete PADDRESS MASK MASKLEN vrrp IFNAME VRID priority PRIO own inte
127. command e pwrctl enables Automatic Transmit Power Control ATPC on the per packet basis When it is enabled rf rf5 0 txpwr lt power gt pwrctl the system automatically adjusts device s output power to the optimal value that is necessary and sufficient to maintain the maximum productivity of the link in the given conditions Transmit power adjustment is estimated for each sending packet The upper bound of output power values that can be set by ATPC is limited by the power value specified in txpwr parameter pwretl disables ATPC Enabled by default e wocd disables carrier sense on the radio interface when sending data packets May only be used on a base station working in WMA Wireless Marker Access mode Reduces the number of retransmitted packets thus increasing effective throughput of a multipoint radio link wocd re enables the standard mechanism of permanent carrier sense Initial setting is wocd carrier sense enabled e modulation sets the modulation technique for the radio For 5 6GHz radios OFDM mode is always turned on For 2 4GHz radios both cck and ofdm modes are available o cck o Ofdm e chntime Channel Burst Time The time for the unit to occupy the radio channel By default 0 dynamic is not displayed in the configuration Set in microseconds Recommended value for PTP links 5000 20 MHz channel width e statistics displays the radio module s statistics with 1 second update int
128. command Ces command is used for Infinet Wireless devices with DU 5000 E1SCR IDU 5000 E1R indoor units Ces command allows controlling parameters of TDM flow packing module CES module as well as related WANFleX parameters for CES over WLAN mode Brief description of CES over WLAN mode monopolistic CES module Master of Infinet Wireless indoor unit receiving TDM flow from an external source accumulates a given number of TDM frames transforming them into Ethernet frame which is then transferred to outdoor unit Outdoor unit in turn transmits a frame through a radio channel to an outdoor unit of another device From outdoor unit of that device a frame comes to CES module Slave which provides precise time restoration and original TDM frame transfer to external receiver In CES over WLAN mode outdoor unit of Infinet Wireless device process packets from CES module ensuring their transmission to the other side of a radio link with a minimum delay In this mode normal non CES data is not transferred directly into the radio channel For the non CES data transfer does not interfere with CES packets transfer non CES data packets are broken into smaller parts and these parts can be added to each CES packet expanding it with a specified number of bytes as specified in the configuration At a receiving side normal non CES data parts of packets are taken from CES packets and gathered into complete packets Attention CES module only support
129. cteristics of a link to the current node For example neighbor nodes that have low characteristics of a link on the Copyright 2004 2012 by InfiNet Wireless 52 InfiNet Wireless WANFleX OS User Manual lowest possible bitrate or have errors are marked this way In this case link quality can be improved by such actions as antenna alignment cable connectivity testing and so on When neighbor nodes are marking with certain color style it is not only signal level but also number of retries and errors are taken into consideration Copyright O 2004 2012 by InfiNet Wireless 53 InfiNet Wireless WANFleX OS User Manual Continuous signal levels monitoring Syntax mint IFNAME monitor s i SEC MAC MAC If no MAC addresses are specified the output of command will contain the information about all neighbors and candidates of the current node Instead of MAC addresses nodeid and or name of the node can be specified The sample output of the command is presented below MAC address es of Maximal detected i Signal level scale To From monitored units signal level 00028AE1DDC8 lt 34 HHRHH EEEE 1 37 237 HURURURURRURARANANRARANANRARANANANIN i 00028AE1DDC8 lt 35 HHRHH EEHEHE i 3 gt 37 HHHHHHHHHEHEHEHHEHEHEEREHEHEERR Ot 00028AE1DDC8 lt 36 HHHH HHIHH IIIA EEEE IE HERH 38 238 HHRHHHRHHRHRHRHHHRHRERRRRHRHRRHRHHHHHEHH 00028AE1DDC8 lt 37 HAHH HEHEHEHE HEHEHE HEIE EIEEE AE HEHE HEERE EEIE HEHEHEHEHE HEHEHEH
130. cuting this command one more interface is created in DHCP server s configuration Example 1 gt dhcpd add virtual interface vvv1 192 168 177 81 1 gt dhcpd show interface gt INTERFACES ethO UP lt SUBNET gt 9 1 1 100 255 255 255 0 lt SCOPE gt PHONES 9 1 1 151 9 1 1 200 lt SUBNET gt 192 168 177 12 255 255 255 0 lt SCOPE gt MSOFT 192 168 177 20 192 168 177 50 lt SUBNET gt 192 168 15 55 255 255 255 0 lt RESERVATION gt for 1D 01 00 05 90 02 1F C8 lt OPTION gt Class_Id Swissvoice vlan0 DOWN lt SUBNET gt 192 168 178 1 255 255 255 0 gt VIRTUAL INTERFACES vvv1 192 168 177 81 UP In server s configuration we now can observe the virtual interface Working with this interface is no different from other interfaces However before a scope is attached to it one should configure a set of subnets The following command can be used Syntax dhcpd virtual interface lt VIFNAME gt add subnet lt IP_ADDRESS gt lt SUBNET_MASK gt Where e VIFNAME name of the DHCP server s virtual interface e IP_ADDRESS P address which DRA has for this subnet SUBNET_MASK subnet mask Example 1 gt dhcpd virtual interface vvv1 add subnet 192 168 188 1 255 255 255 0 1 gt dhcpd show interface gt INTERFACES ethO UP lt SUBNET gt 9 1 1 100 255 255 255 0 lt SCOPE gt PHONES 9 1 1 151 9 1 1 200 Copyright 2004 2012 by InfiNet Wireless 191 InfiNet Wireless WANFleX OS User Manual lt S
131. d enables a test regime for illimited time e IXX specifies the number of lines on the screen for displaying test results 24 lines by default Copyright 2004 2012 by InfiNet Wireless 68 InfiNet Wireless WANFleX OS User Manual For termination of the analyzer operation in any of the above regimes press lt ESC gt or lt Ctrl C gt Statistics module The statistics gathering is used for estimating link load intensity and per client The amount of packets sent and received and the number of retransmissions is shown for each MAC address participating in the data exchange The statistics output is presented in the picture below Total percentage of repeated packets Percentage of packets thal were repeated at least once Average number of repeats per packet Number of received packets Number of repeated packets Number of unique packets transmitted Number of Device mnemonic MAC address repeated packets name MAC out rep in rep ETATE S 1883778 lt B 0 00 00 gt 3626176 Unknown node OTAL 1663776 lt 0 07007 00 gt 3026170 Burst Send Max B gt Recu Max B8 gt Drop Bad B Number of mi sent packets Number of aggregated packets Maximal number of aggregated packets l Number of Same statistics for Number of bad packets received packets dropped packets The following decisions can be made by analyzing the outputted parameters e f the number of repeated packets is comparable with total nu
132. d a filtration object is specified number or name number or name of access list or prefix list name In this case the condition will be satisfied if a corresponding route s parameter belongs to the specified filtering list according to the rule corresponding to the list type In match interface command a network interface name is specified to which a route belongs If a route matches to all record s rules one can set values for route metric for this router using command in config route map mode set metric lt 0 4294967295 gt The next step for the record s behavior after all conditions are matched by the route can be configured using one of the following commands on match goto lt 1 65535 gt on match next Configuration example RIP gt configure RIP config access list AnyNetwork permit any RI P config access list net200 permit 192 168 200 0 24 RI P config route map mapForConnected permit 10 RIP config route map match address net200 RI P config route map set metric 7 RI P config route map route map mapForConnected deny 11 RI P config route map match address AnyNetwork RI P config route map router RIP config router redistribute connected route map mapForConnected RI P config route map Copyright 2004 2012 by InfiNet Wireless 121 InfiNet Wireless WANFleX OS User Manual In this configuration the router will announce a route formed from the connected routes of the system routing t
133. d deny 11 OSPF config route map match address AnyNetwork Copyright 2004 2012 by InfiNet Wireless 135 InfiNet Wireless WANFleX OS User Manual OSPF config route map router OSPF config router redistribute connected route map mapForConnected OSPF config route map In this configuration the router will advertise external links formed from the connected routes of the system routing table with metric type 2 With this if a destination for this route is 192 168 200 0 24 network the formed link will have metric 7 any other destination will not lead to external link s advertising it Link metric Link metric is a cost of traffic delivery through its network interface OSPF router automatically calculates the cost of internal link taking physical interface s capacity to which link belongs into consideration M reference_bandwidth bandwidth reference_bandwidth by default equals 100 Mbit sec bandwidth a capacity bandwidth of a physical network interface to which the link belongs Reference bandwidth can be modified using the following command in config router mode auto cost reference bandwidth lt 1 4294967 gt The parameter is specified in Mbit sec A method for metric configuration described above is used for all links for which interfaces a specific cost is not set To set an individual cost metric for links one can using the following command in config if mode cost lt 1 65535 gt A B C D In order t
134. d gatekeeper resides in Internet having address 123 45 67 89 It is necessary for the subscriber to get registered on this gatekeeper for making and receiving calls Solution nat h323_destination ras 123 45 67 89 10 0 0 99 Example 2 several subscribers reside in LAN and gatekeeper in Internet having address 123 45 67 89 and non RAS standard port 1024 It is necessary for any subscriber to get registered on this gatekeeper for making and receiving calls Solution nat h323_destination ras 123 45 67 89 1024 Example 3 subscriber resides in LAN having address 10 0 0 99 and gatekeeper or several gatekeepers reside in Internet with unknown addresses It is necessary to get registered on unknown addresses Solution nat default_h323 4 Subscriber with private I P address gets registered on the gatekeeper from LAN Here one should specify redirect_port rule with ras protocol specified and to specify here its private IP and gatekeeper RAS port This should be done to enable for subscribers from Internet to be registered on this gatekeeper Since static subscribers also should work with the gatekeeper one should specify redirect_ port rule with protocol CS and with private gatekeeper IP address and its port Example 1 Subscriber resides in Internet having address 123 45 67 89 and gatekeeper resides in LAN having address 10 0 0 99 It is necessary for subscriber registered on this gatekeeper for making and receiving calls NAT alias_
135. d indication mode that begins after device reboot After device reboot link test will start in the sound indication mode AudioMonitor only i e you will not be able to view test output on the screen Parameters are the same as a l r m e key PASSWORD sets password for testing If two devices have different passwords they can t perform testing with each other e noauto disables automatic test after device reboot i e test wont stop immediately but after device reboot it won t start e stop stops the test almost immediately e disable enable disables enables ability to perform link test Enable by default align L R special Itest command mode for antenna alignment for Xm series devices for example R5000 Om It allows aligning each antenna of the device independently L parameter sets which antenna will be used to transmit test frames from the local device R parameter sets which antenna will be used to transmit test frames from the remote device from the other side of the link If L parameter is not specified then average signal level value between two antennas will be shown If r is not specified then test can be performed even when only one antenna is attached to each side of the link If r is specified then L and R parameters are ignored L and R parameters can have the following values 0 antenna with vertical polarization 1 antenna with horizontal polarization e evm indicates the m
136. d metrics value of such routes will be equal to 1 If another value is needed an appropriate export rule shall be specified by the rip export command After disabling this mode by a rip keepstatic command those static routes will be replaced by dynamic routes Copyright 2004 2012 by InfiNet Wireless 124 InfiNet Wireless WANFleX OS User Manual rip IFNAME v1 v2 in Jout vlin vlout v2in v2out Group of options managing protocol version Allows specifying protocol versions used for import and for export for each interface separately By default RIP2 is enabled for import and export and RIP1 is fully disabled rip IFNAME v2 v1 rip IFNAME peer ADDR MASK clear Using this filter one can limit nodes number through which routing information is being exchanged via IFNAME interface As a limiting parameter a range of addresses is set within which possible partners can be allocated Routing information will be sent only though those interfaces which addresses correspond with range set Received information will be filtered if source address does not match in the defined range Example rip rf5 0 peer 10 1 2 3 10 4 5 6 192 168 1 0 16 Routing information exchange is limited by 10 1 2 3 10 4 5 6 nodes and everyone who matches 192 168 1 0 16 range rip IFNAME ag subag Enables disables aggregation of routing information The command allows significantly decreasing the volume of routing information t
137. dcost XX mint IFNAME maxlinks XX mint IFNAME loamp XX hiamp XX mint IFNAME no crypt mint IFNAME airupdate disable active passive force fast normal slow mint IFNAME no log detail mint IFNAME roaming leader enable multiBS disable mint IFNAME profile N freq X Y N M auto sid X Y bitr X band double full half quarter type master mesh slave key XXX nodeid N minbitr XXX autobitr dB fixedbitr long fon off enable disable delete mint IFNAME addnode defgw X X X X defmask X X X X mint IFNAME addnode mac X X X X X X key STRING note STRING maxrate XX lip X X X X tip X X X X mask X X X X lgw X X X X tgw X X X X none Icost XX tcost XX setpri addpri NN 1 disable enable delete mint IFNAME delnode mac X X X X X X mint IFNAME map routes full swg detail m mint no colormap mint IFNAME monitor s i SEC MAC MAC no audio full mac MAC mint FNAME rcmd node ADDR all peer self cmd CMD file URL key KEY quiet mint IFNAME rcmdserver disable enable guestKey STRING fullKey STRING mint IFNAME odr hub mint IFNAME odr spoke connected ACL kernel ACL mint IFNAME odr disable show mint IFNAME start stop restart clear mint IFNAME poll start log stop stat clear mint join FNAME1 IFNAMEZ mint disjoin
138. dding gathering component sflow collector 1 2 3 4 start starting process of processing the statistics 15 Access Control Lists acl command Syntax acl add NAME TYPE params acl del NAME params Copyright 2004 2012 by InfiNet Wireless 20 InfiNet Wireless WANFleX OS User Manual acl ren NAME1 NAME2 acl flush Possible TYPES net num Predefined ACL names ACLOCAL Hosts networks permitted to configure the device Command description While network planning you may often need to group similar parameters in lists which can be used for different filters e g ipfw qm ipstat Access control lists ACL can effectively solve this problem acl add command creates an access list of NAME title and TYPE type Lists names MUST start with symbol and can include up to 7 letters digits and other symbols excluding spaces and semicolon At the same time the command can contain several parameters of TYPE type which will be included in the list If the list with this name has been already created listed parameters will be attached to this list acl del command deletes specified parameters from the NAME list If none of parameters are mentioned all list will be deleted acl rename command changes list s name from NAME1 to NAME2 acl flush command deletes all lists Accepted list types TYPE net contains network addresses in dot format XXX XXX XXX XXX OF XXX XXX XXX XXX MASK _ LENGTH or XXX XXX XXX XXX
139. define a set of options DHCP server has special commands for each division These commands have parameters which are inputted in a common way for all divisions OPTION_NAME name of the option see the link for the table above If option name has spaces they must be substituted with _ sign Option name is not case sensitive OPTION_VALUE value of the option Input format depends on the purpose of the option and is divided into three categories by DHCP server 1 Symbolic A string e g for Bootfile Name option If this option s value has spaces the option value should be put in quotes 2 Binary One or several decimal numbers If several numbers should be specified they are separated by commas Options examples Address Time Time Offset 3 1P address One or several values IP addresses Several IP addresses are separated by commas Commands for defining adding options for different divisions 1 Scope reservation division Syntax dhcpd scope lt SCOPE_ NAME gt reservation lt CLIENT_ID gt option lt OPTION NAME gt lt OPTION_VALUE gt where Copyright O 2004 2012 by InfiNet Wireless 185 InfiNet Wireless WANFleX OS User Manual e SCOPE_NAME scope name for which reservation one need to define an option value e CLIENT_ID reservation client identifier If this option with the same name was defined the value will be changed to the one specified in this command 2 Interfaces reservations divisio
140. dress number of bits in the mask o IP address mask o IP address Example ifconfig ethO 192 168 1 1 26 ifconfig ethO 192 168 1 1 255 255 255 192 ifconfig ethO 192 168 1 1 Copyright 2004 2012 by InfiNet Wireless 102 InfiNet Wireless WANFleX OS User Manual delete alias alias flag in the interface configuration indicates that several P addresses are assigned to one interface Each new P address assigned to an interface except the first called primary is considered as an alias address For example after executing the following commands ifconfig ethO 193 124 189 1 27 up ifconfig ethO 10 0 0 1 There will be two P addresses from two different networks assigned to the same etho0 interface To remove an P address from the unit s interface the ifconfig command is executed with the delete or alias option following the IP address to be removed When ifconfig ethO delete command is executed the CES module if connected becomes inactive Only unit s restart can reactivate the module Example ifconfig ethO 193 124 189 1 27 alias The Jalias option is applicable to any IP address that is to say all IP addresses assigned to the interface are considered as equivalent aliases If the first primary address is removed the next in the order of their assignment becomes primary up down enables disables the interface System limitations The lo0 interface cannot be set to the down state
141. dure utility allows restoring lost system password to the device Syntax erp options command options serial lt n gt device serial number code lt c gt ERP code ip lt address gt interface P address mask lt mask gt interface P address mask command boot force continuing boot on device s Device serial number may be unspecified and means any device reset resets device s configuration Serial number and ERP code must be specified Copyright 2004 2012 by InfiNet Wireless 23 InfiNet Wireless WANFleX OS User Manual ifup turns up device s interface and add IP address and mask alias to it Serial number IP address and IP address mask must be specidfied If command is not specified then it s assumed the boot command Description Options e serial lt n gt device serial number e code lt c gt special ERP code e ip lt address gt P address of device s Ethernet interface e mask lt mask gt net mask of device s Ethernet interface Commands e boot speeds up device boot e reset resets device configuration including system user name and password Serial number and special ERP code must be specified e ifup turns up device s Ethernet interface ethO and adds IP address and net mask alias to it Serial number IP address and net mask should be specified How it works To do Emergency Repair Procedure one needs two InfiNet Wireless devices First device
142. e lt START_IP gt lt END_IP gt where e SCOPE_NAME scope name which range we change e START_IP and END_IP new starting and ending P addresses of a scope correspondingly In order to change an interface for the scope one can use the following command Syntax scope lt SCOPE_NAME gt interface lt INTERFACE gt where e SCOPE_NAME scope name which interface we change e INTERFACE name of the network interface to which a scope is attached to If a system does not have an interface with specified name or a system cannot attach this scope to specified interface the scope will be immediately detached This feature can be used for temporary shutdown of one of the scopes Example 2 gt dhcpd scope OTHER interface eth0 ethO lt 192 168 177 12 gt OTHER 192 168 177 10 192 168 177 19 Scope detached OK Thus we detached OTHER scope In order to attach it again we need the following command 2 gt dhcpd scope OTHER interface ethO and eth0 lt 192 168 177 12 gt OTHER 192 168 177 10 192 168 177 19 Scope attached OK Copyright 2004 2012 by InfiNet Wireless 178 InfiNet Wireless WANFleX OS User Manual One can set up excludes into scope range of addresses Excludes are range of addresses which belong to the scope but are not given to DHCP server clients The following command should be used Syntax dhcpd scope lt SCOPE_NAME gt add exclude lt START_IP gt lt END_IP gt where e SCOPE_NAME
143. e selected as admin group All packets destined for any of the switches in wireless network will be sent by this group switch admin group ID 0 In order to deal with upstream multicast flows in video surveillance systems two additional parameters are introduced upstream and downstream switch group ID up down stream SCI D 0 Example For example we have nodes with numbers 1 2 3 4 5 and 6 that are connected to digital cameras which broadcast video traffic using multicast packets All of these flows need to be transferred to a video server the best way without flooding the network with unnecessary broadcast packets Copyright 2004 2012 by InfiNet Wireless 83 InfiNet Wireless WANFleX OS User Manual sw 1000 add eth rf4 0 sw 1000 upstream sw 1000 start sw start A E sw 1000 add eth0 rf4 0 sw 1000 downstream sw 1000 start sw start Entire downstream from server to camera traffic if any is transferred in group number 1000 in which all the nodes are located But upstream flows from each camera are transmitted directly to the nearest hub of the group A feature of this solution is the ability to set multiple concentrators with the same number of the group To address the problem broadcast storm that could arise from the fact that the concentrators are included in the various ports switch of one wire in MINT restricted Broadcast and downstream concentrators never use each other to
144. e SNMP Simple Network Management Protocol Version 1 and 3 daemon SNMP protocol support is an important feature of all communication devices because it allows the system administrator to use a uniform mechanism to manage the operation of a network as a whole and of every its component individually Although the first version of the SNMP protocol lacks security in the operation of the protocol itself which hinders its use for network management it is widely used to monitor and analyze network operation MIB variables changing are turned off for the first version it works only in read only mode vldisable option disables 1 version support completely and slightly fastens incoming SNMP requests processing Support of SNMP V3 with USM User based Security Model MD5 authentication and encryption are also available For access granting a user with username access passwords and access rights with or without authentication and encryption is created In snmpd command accessRights can be set to provide access management of the recourses ReadOnly readWrite parameters allow only reading or also changing some variables Class guest admin allows providing limited or full access to the variables The default SNMP v1 community name for read operations is public The snmpd community NAME command allows changing the default community name The present implementation supports MIB II Management Information Base Version 11 and MIB
145. e add 193 124 189 0 255 255 255 224 195 38 44 108 All routes that are described using route add command are pseudostatic It means that this information will be immediately placed into the configuration and will be active until it is deleted using route delete command However actually described routes will be put into the system tables only when there is an interface with an address and a mask within the boundaries of the gateway address set When this address is absent routes set will be automatically deleted from system tables but still will be present in the configuration Getting started ARIP module is a realization of a standard routing protocol RIP ARIP routing module support two RIP Routing Information Protocol versions RIP 1 and RIP 2 Module configuration is performed by arip command Command language Basic principles ARIP has its own command shell CS To start the ARIP module and enter the shell execute the following commands 1 gt arip start 1 gt arip RI P gt Commands entered in CS are not case sensitive and can be shortened until ambiguity appears To get a quick hint you can press at any time RIP gt configure Configuration from vty interface end End current mode and change to root mode CTRL C exit Back to WANFleX command shell CTRL D help Print command list show Show running system information RIP gt CS can work in different modes Current mode is displayed along with comm
146. e flag is not specified C and Rs parameters can be configured If a destination for one or more links belongs to R the router will advertise one link with R destination or Rs if specified and with metric that is a maximal metric of the links or C if specified For addresses ranges there are several commands in config router mode The command creates a range R and one can specify a non advertise flag area A B C D lt 0 4294967295 gt range A B C D M not advertise The command creates a range R and configures a metric for an aggregated link C area A B C D lt 0 4294967295 gt range A B C D M cost lt 0 16777215 gt The command creates a range and possibly creates a Rs destination instead of R area A B C D lt 0 4294967295 gt range A B C D M substitute A B C D M Adjacency Neighbors When two or more routers have links to the same network these routers become neighbors in order to synchronize their Link State Database Moreover a network with more than one router connected to it is a transit network and if this network is not point to point network it is an active OSPF object it can advertise its links to the routers A special designated router makes an LSA A designated router is selected from a number of active OSPF routers connected to the network based on their priorities identifiers and P addresses of network interfaces by means of which they are connected to the network The router uses special protoc
147. eX OS User Manual List identifier command The range of source The range of addresses destination addresses 3 Nominate access lists access list WORD deny permit A B C D M exact match List identifier command Range The requirement for the exact match of a parameter to the range In this case the list identifier is a character expression The range is specified in a format of lt value gt lt mask length gt For example if we need to specify the range of IP addresses from 192 168 12 0 to 192 168 12 255 192 168 12 0 24 is specified For 0 0 0 0 0 range the key word any can be used For example OSPF config access list TestListl deny 192 168 1 0 24 OSPF config access list TestListl permit any While configuring the operators are appended to the end of the list Lists of prefixes are different from access lists so that each operator has a number aside from a range condition Moreover when a check for the parameter to fit into an operator s range is performed one can set up additional condition for the parameter s mask length prefix list WORD seq lt 1 4294967295 gt deny permit A B C D M ge lt 0 32 gt le lt 0 32 gt List identifier Operator s position number Command Range The range of the permitted mask length If a sequential number is not specified the router sets it up automatically by adding 5 to the number of
148. easured input signal quality Error Vector Magnitude It should be as high as possible The recommended level is not less than 21 All parameters including specified by default keep its values the same as they were at the beginning during the whole test Examples lt rf5 0 00179AC2F3E6 This command illustrates the simplest way to start link test It command with all parameters undefined default parameters starts test of a local device with a remote device which have 00179AC2F3E6 MAC address lt rf5 0 00179AC2F3E6 r 24000 This command starts link test with rate parameter 39 Mbps The reply rate parameter will be considered the same lt rf5 0 00179AC2F3E6 a 1l Copyright O 2004 2012 by InfiNet Wireless 63 InfiNet Wireless WANFleX OS User Manual This command starts link test in a sound indication mode when sound signal represents a signal that is received on a local device ltest gt command recommendations When Itest command starts it will show you output information that contains testing results except auto mode You can see command output below Current Maximum Current Average Current Average Current Average F 3 i Estimated incoming signal number of retries number of undelivered number of undelivered i round trip time level in percent packets in percent acks in percent Node7H C Inicat packg bitrate 1800 rt retries acks A A l est amp
149. ecord which follows a current record 2 on match goto lt N gt viewing is continued from the record which number is more or equal N but is not less than current number In order to configure a route map the following command is used in config mode route map WORD deny permit lt 1 65535 gt Copyright O 2004 2012 by InfiNet Wireless 120 InfiNet Wireless WANFleX OS User Manual where WORD route map identifier This identifier is followed by a resulting action and the number of the record If a record with a specified number does not exist it will be automatically created After executing this command CS switched to the mode for editing a selected route map For example RIP gt configure RIP config route map testmap permit 10 RI P config route map After that a condition of match between imported route and current record is specified The following commands are used in config route map mode match address lt 1 199 gt lt 1300 2699 gt WORD match address prefix list WORD match interface WORD match next hop lt 1 199 gt lt 1300 2699 gt WORD match next hop prefix list WORD These commands set matching conditions for the route according to three different parameters destination gateway next hop and interface For every record it is permitted to set a number of different conditions If several conditions are specified they will be conjugated by logical and In match next hop and match address comman
150. ection ooooooccconocccncnnnoocnnonnnrcnnonnnrnnnon nor rcnnonnnrennnnnnrrnrnnnnnrn 99 LAYER 3 COMMAND SET IP NETWORKING cooooooooooooccccccnncccnnonannnnnnnnnanananinnnnnnnnnas 102 Ifconfig command interfaces configuration ooocccoccccnccconocononocnnnnacnnnnonononcnonacnnnncnnnnos 102 Tun command tunnels building cooccccocccnnnccnnnccnnnnnonnnnonononcnnn nono noarnnnrononrcnnnannnons 104 Qm command Q0S Configura a ad 107 Route command static routes configuration ccooocccoccncnoccnnnccnnnnonnnnncnnnconnnnncnonannnonoos 113 O a dealin 114 Getting started conoser e A ane A eae 114 Command language Basic principles cc rere eran eee erie 114 Start Stop Of PRE a I 116 WANFleX OS User Manual Copyright 2004 2012 by InfiNet Wireless InfiNet Wireless 10 11 12 13 14 15 16 17 18 lt Sty tay Recess dela ae Rea ads DD a dde aci ay cunt ia co ry cise a elon OIT 117 RIP CONTIQUIALON ennie Mathis paced de O a E Machina Bethania 118 Route Map OUT Mirian AAA A 120 Authentication Identity check oo ooicnnononccnncnnnconnnnnonccnnonnnrnnnnnnnrrnnnnnnnrennnnnnrrnnennnnreninns 122 TAMELS lt CONTIG UPA ON Ada Aa EnaA 123 Router configuration Vie We eatea tre eee rane AALAGA DANAN EaR 123 Rip command RIP 1 and RIP 2 configuration occcoocconcccnnnnccnnnnononocnnnnnononconnnnacanoninnnns 123 OSPFv2 dynamic routing protocol MOAule oooccoconcocccnnncicccnnnncnnnanonnno ni
151. ed MINT will automatically calculate the cost tcost Target cost of the connection from this neighbor to the current node If not specified MINT will automatically calculate the cost If Icost and tcost parameters are set on a pair of neighbors Icost has a higher priority enable disable delete Self explanatory enables disables or deletes a record in a local database maxrate Target node maximum bitrate in kilobit per second Copyright 2004 2012 by InfiNet Wireless 42 InfiNet Wireless WANFleX OS User Manual setpri addpri This options allows setting increasing the priority of packets passing through to the specified node Setpri parameter is used to change a priority to the value specified in the command When using 1 value a package priority is dropped to the lowest priority Addpri is used to change a priority only in case it is higher than the previous one Note the smaller is the value the higher is the priority So you can only increase priority using addpri parameter note This option allows making some word note description for the specified node Example mint rf5 0 addnode mac 000028BAF234 lip 1 1 1 1 tip 1 1 1 2 mask 255 255 255 252 Icost 120 For easy subscriber nodes definition in the local database of the given node Base Station mint addnode command is updated with two options defgw X X X X and defmask X X X X e defgw X X X X Sets default gatew
152. elated to specific interface addresses then to specific interfaces and then the general ones Individual rules in the tables are ordered according to the same principle from the smallest networks to the biggest ones from the more detailed information to the more general e By default when no filters are specified all routes with their natural metrics are imported and exported e f at least one prohibiting NOIMPORT NOEXPORT filter is enabled all the rest is assumed permitted If at least one permitting IMPORT EXPORT filter is enabled all the rest is assumed prohibited Therefore if you have started with a permitting filter you must continue with permitting filters up to the end Conversely if you have prohibited something only that particular thing will be prohibited elf for a given network a permitting and a prohibiting filter are simultaneously enabled then the prohibiting filter will take priority e Only filters of the most prioritary group applicable to a particular network are effectively applied to that network The filter definition syntax is quite simple it is better understood using examples hereafter Examples Permitting export of all routing information except a narrow network and the default route rip noexport 192 168 9 0 24 rip noexport default rip export all Copyright 2004 2012 by InfiNet Wireless 126 InfiNet Wireless WANFleX OS User Manual Permitting the import of all routing infor
153. en secure protocols and its own implementations have unprecedented number of bugs and errors you should better exclude any possibility for potential malefactors to profit by this security hole ipfirewall add rf5 0 reject tcp from 0 0 to 0 0 135 139 ipfirewall add rf5 0 reject udp from 0 0 to 0 0 135 139 Copyright 2004 2012 by InfiNet Wireless 158 InfiNet Wireless WANFleX OS User Manual This subset of filters protects you quite securely from almost any possible attempt to break in your internal network having Windows NT 95 98 servers and or workstations installed IP fragments The ip_fragment ip_head_fragment and ip_tail_ fragment modifiers are intended for managing a flow of fragmented IP packets For better understanding how you can use them the following considerations should be taken into account e A filter verifying TCP or UDP port numbers never checks IP fragments except the first one in a sequence e f your filter accepts incoming IP fragments a malefactor may use a denial of service attack by flooding you with fragments having different source addresses thus causing memory overflow on your router Therefore to be protected from a possible denial of service attack the only solution would be to prohibit reception of any fragmented packets ipfw add reject all ip fragment from 0 0 to 0 0 This measure certainly strengthens your security don t forget however that a malefactor still may use other me
154. ency channel by scanning all available frequencies When scanning is done it sets the radio interface to operate on the frequency that has less presence of external interference sources While scanning and choosing the best channel the DFS function also takes into consideration the density characteristic of the radio environment This characteristic indicates how much impulse interference was detected on the Copyright 2004 2012 by InfiNet Wireless 99 InfiNet Wireless WANFleX OS User Manual channel during the scan time The density measurement results are added into the system log along with the other DFS scanning information dfs interface_name dfsradar starts DFS with radar detection After choosing the most clear frequency channel the device is listening to radars that may work on the specified frequency In case of detecting the radar it starts frequency selection process again dfs interface_name dfsoff stops DFS on the device dfs interface name freq all frequency_list sets list of frequencies frequency_list parameter that are allowed for choosing by DFS or allows DFS to use all radio interface enabled frequencies all parameter dfs interface_name cot hh mm off allows doing DFS rescanning and choosing the most optimal frequency for using on the daily basis in the defined time that is set by hh mm parameter Off parameter disables this functionalit
155. ential rule number set NEWNUMBER changes the number of the rule to NEWNUMBER remove deletes the rule deny permit sets the decision for the corresponding rule Copyright 2004 2012 by InfiNet Wireless 87 InfiNet Wireless WANFleX OS User Manual src dst vlan iface proto match commands for specifying the lists of acceptable values for the corresponding parameter of the packet setpri addpri prio command allows setting increasing the priority of packets passing through the group Setpri parameter is used to change a priority to the value specified in the command When using 1 value a package priority is dropped to the lowest priority Addpri is used to change a priority only in case it is higher than the previous one Note the smaller is the value the higher is the priority So you can only increase priority using addpri parameter Example switch list MACGROUP1 MACGROUP1 mac add 00 01 02 03 04 05 00 11 12 13 14 15 switch list VGROUP numrange add 10 20 30 40 switch list 1P_NET3845 match add arp net 195 38 45 64 26 ip net 195 38 45 64 26 switch group 5 rule 10 src MACGROUP1 vlan VGROUP match IP_NET3845 deny switch group 5 rule 20 dst MACGROUP1 vlan VGROUP match IP_NET3845 deny switch group 5 permit switch group 1 rule 1 setpri 10 In order to configure a default decision for group interface the following command should be used switch group ID interface IFNAME
156. er If there is no local user account the management interface will be accessible with any credentials even if the AAA authentication is turned on system nolindicators Enables disables LED status indicators on the unit case in order to mask the active device system no fastroute Enables disables the fast routing mode In this mode the router becomes invisible for traceroute network tracing procedures while still performing all routing functions It is not recommended to enable the fast routing mode simultaneously on several devices connected to the same cable Ethernet segment because this may produce a tempest of IP packets system uptime Displays the duration of time elapsed since the system s last reset system OfficialAddress P address Sets the IP address which will be used as a source IP address in all outgoing connections of the unit system version Displays the software version system log on off 1P_ address show clear Manages the system log operation The optional IP_address parameter specifies the UNIX host where the system log is located to which messages are directed under the standard syslog protocol The command has the following options o on display messages on the current console o off stop displaying messages on the console o disable logging on the remote host o show show the system log listing the latest message displayed on the bottom line message time for every message expressed in
157. ersion Portrole Port state interface switch group ID stp priority PRIO This command sets STP priority of a switch where PRIO priority value If priority is not specified then default value 57344 is set When setting priority value one should take into consideration that it will be automatically rounded down to a value divisible by 4096 step 4096 switch group 1D stp forwarddelay DELAY This command sets STP parameter forward delay which determines a time that switch spend in listening and learning states where DELAY time value in seconds If not specified default value is set that is equal to 15 seconds switch group ID stp maxage TIME This command sets STP parameter MAX age which determines time for switch to deliver BPDU packet where TIME value of this parameter in seconds If not specified default value is set that is equal to 20 seconds switch group ID stp port IFNAME priority PRIO This command sets STP switch where IFNAME port interface name PRIO port priority value If not specified default value is set that is equal to 128 When setting priority value one should take into consideration that it will be automatically rounded down to a value divisible by 16 step 16 switch group ID stp port IFNAME cost COST This command sets STP parameter cost of a switch port which determines switch port cost where COST value oh this parameter If not specified default value is se
158. erstand what exactly is done wrong and after loading a new version of software With the y option RESTART command is executed immediately without asking the operator for confirmation This command can be used for the postponed re initialization after certain number of seconds e g restart 300 This option can be useful in case of dangerous manipulations with device s configuration when there is a risk to lose control over the device The system will periodically inform the user about the time left to re initialization by putting the corresponding message to the system log Repeated call of this command will start the countdown from the beginning Restart stop command will cancel a postponed re initialization 7 Ping command The command sends test packets Syntax ping IP size s size in_bytes count c count_packets source S IP Description Sends test packets ICMP_ECHO REQUEST to the given IP address It allows estimating the attainability of a host and the destination response time The command has the following parameters e IP the IP address of the tested host Copyright 2004 2012 by InfiNet Wireless 9 InfiNet Wireless WANFleX OS User Manual e Size s the test packet length within the range of 10 to 8000 bytes optional 64 by default e Count c the number of the test packets optional 5 by default e Source S sets different source address By default the sending interface s address i
159. erval Below tables show rfconfig stat command output for 5GHz and 2 4GHz devices rf stat output for 5GHz devices description Parameter Description Broadcast rate Current bitrate value for Broadcast and Multicast packets on the BS depends upon the speed of the slowest CPE Voice Mode ON OFF value If turned ON the mode of their prioritized processing is turned on Bytes Received Number of received bytes including headers Bytes Transmitted Number of transmitted bytes including headers Packets Received OK Number of correctly received packets Packets Transmitted OK Number of correctly transmitted packets Duplicate Received Number of duplicate packets received due to Copyright 2004 2012 by InfiNet Wireless 32 InfiNet Wireless Total Retries FIFO Overrun FIFO Underrun CRC Errors Excessive Retries Noise Floor Noise Floor Threshold Decrypted frames Decrypted errors Replay drops Aggr Subframe Retries Max aggr frames Max aggr bytes Encrypted frames WANFleX OS User Manual protocol excesses otal number of retries Number of FIFO queues overruns in the radio hen receiving pares of FIFO queues underruns in the radio hile transmitting Number of received packets with CRC errors Number of packets which were not transmitted with maximal number of retries Input noise level Measurement cycle 10 seconds Noise Floor Threshold for Carrier Detect Number of successfully decrypted
160. es Requirement enable to subscriber outgoing calls to gateway Solution nat default_h323 2 Several subscribers reside in LAN a gateway has a public I P address calls are both incoming and outgoing For access from the gateway to the subscribers one should use redirect_port command with specified protocol cs different alias addresses or ports and also directly specify gateway port and address subscriber ports may be specified as well Example subscribers reside in LAN having addresses 10 0 0 98 and 10 0 0 99 gateway resides in Internet having address 123 45 67 89 NAT alias address is 123 45 67 65 It is necessary for the subscribers to make outgoing calls to the gateway and receive incoming calls from the gateway Solution nat redirect_port cs 10 0 0 98 1720 1720 123 45 67 89 nat redirect_port cs 10 0 0 99 1720 1721 123 45 67 89 Gateway configuration should have the following subscribers addresses 123 45 67 65 1720 and 123 45 67 65 1721 respectively 3 Subscriber resides in LAN gets registered on the gatekeer with public IP address and works via gatekeeper In this case there will be enough to specify a command h323_ destination ras gatekeeper _address If the subscribers make registration on standard port 1719 then one can simply enable mode default_h323 Copyright 2004 2012 by InfiNet Wireless 171 InfiNet Wireless WANFleX OS User Manual Example 1 subscriber resides in LAN having address 10 0 0 99 an
161. ess of new firmware distribution an error occurs or link loss the passive unit will stop the upload process and will resend its request after getting an announcement Examples The unit is in the active mode sending announcements about new firmware version If units with newer firmware version are found on the network the upload request will be sent in no less than 7 hours after uninterrupted work of the announcement source mint rf5 0 airupdate active normal The unit is the passive mode waiting for the source of the latest firmware version to work with it during no less than 24 hours mint rf5 0 airupdate passive slow The operator decides to immediately upgrade all the units with new firmware mint rf5 0 airupdate force The unit is not participating in AirUpdate process lt does not send announcements and does not generate requests for upgrades mint rf5 0 airupdate disable Over the air encryption All MINT protocol messages are automatically encrypted This feature is always turned on AES 128 CCMP hardware encryption is used on the device For full data encryption the following command is used mint IFNAME no crypt The command turns on off over the air encryption Encryption has the following features Each node has its own key for outgoing traffic encryption Copyright O 2004 2012 by InfiNet Wireless 50 InfiNet Wireless WANFleX OS User Manual There is no restrictions on the number of nodes t
162. eth0 N IA 9 1 1 0 24 12 area 0 0 0 1 via 192 168 15 1 eth0 N IA 192 168 0 0 24 3 area 0 0 0 1 via 192 168 15 1 eth0 N 192 168 15 0 24 1 area 0 0 0 1 directly attached to eth0 N 1A 192 168 80 0 24 12 area 0 0 0 1 via 192 168 15 1 eth0 N 192 168 151 0 24 1 area 0 0 0 1 directly attached to ethO N IA 192 168 152 0 24 2 area 0 0 0 1 via 192 168 151 10 eth0 N IA 195 38 45 64 26 2 area 0 0 0 1 via 192 168 15 1 eth0 OSPF router routing table R 192 168 151 10 1 area 0 0 0 1 ABR ASBR Copyright 2004 2012 by InfiNet Wireless 145 InfiNet Wireless WANFleX OS User Manual via 192 168 151 10 eth0 R 195 38 45 107 1 area 0 0 0 1 ABR via 192 168 15 1 eth0 OSPF external routing table N E2 192 168 200 0 24 1 7 tag 0 via 192 168 151 10 eth0 OSPF gt This table consists of three parts 1 OSPF network routing table This section includes a list of acquired routers for all accessible networks or aggregated area ranges of OSPF system IA flag means that route destination is in the area to which the router is not connected i e it s an inter area path In square brackets a summary metric for all links through which a path lies to this network is specified via prefix defines a router gateway i e the first router on the way to the destination next hop 2 OSPF router routing table 3 OSPF external routing table E2 flag points to the external
163. etwork ipfw add reject all from 1 1 1 0 24 to 2 2 2 2 Here 24 after the slash means the mask length in number of bits The mask length of 24 corresponds to a C class network with 256 different node addresses Using a colon sign the same command may be equally expressed as follows ipfw add reject all from 1 1 1 1 255 255 255 0 to 2 2 2 2 Copyright 2004 2012 by InfiNet Wireless 155 InfiNet Wireless WANFleX OS User Manual We can go even further stopping all packets sent from the enemy network to any address provided of course that they pass through our router ipfw add reject all from 1 1 1 0 24 to 0 0 Filtering by port numbers Now suppose that we want to authorize everybody to address an smtp service mail agent at the host with IP address 192 5 42 1 It may be done with the following command ipfw add accept tcp from 0 0 to 192 5 42 1 25 The tcp keyword means that the filter will be applied to TCP packets only The IP address of the mail host machine is followed by the port number 25 corresponding to the SMTP service You can use a port list to specify several ports in the same command The first element in a list may be an interval of port numbers specified by its lowest and highest values separated by a colon For example the following command ipfw add accept tcp from 0 0 to 1 1 1 1 900 5000 25 113 will authorize passage of tcp packets sent to the IP address 1 1 1 1 if the destination port numbe
164. exact match of a parameter to the range In this case the list identifier is a character expression The range is specified in a format of lt value gt lt mask length gt For example if we need to specify the range of IP addresses from 192 168 12 0 to 192 168 12 255 192 168 12 0 24 is specified For 0 0 0 0 0 range the key word any can be used For example RIP config access list TestListl deny 192 168 1 0 24 RIP config access list TestListl permit any While configuring the operators are appended to the end of the list Lists of prefixes are different from access lists so that each operator has a number aside from a range condition Moreover when a check for the parameter to fit into an operator s range is performed one can set up additional condition for the parameter s mask length prefix list WORD seq lt 1 4294967295 gt deny permit A B C D M ge lt 0 32 gt le lt 0 32 gt List identifier Operator s position number Command Range The range of the permitted mask length If a sequential number is not specified the router sets it up automatically by adding 5 to the number of the last operator in a list Thus the operator will have the biggest number and will be placed in the end of the list RIP configuration The router can be enabled on the interface in several ways 1 By network specification RIP will be enabled on the interface with network address matc
165. f is specified instead of interface name all interfaces information is printed Command output is a structured list Example 2 gt dhcpd show interface gt INTERFACES eth0 UP lt SUBNET gt 9 1 1 100 255 255 255 0 lt SCOPE gt PHONES 9 1 1 151 9 1 1 200 lt SUBNET gt 192 168 177 12 255 255 255 0 lt SCOPE gt OTHER 192 168 177 10 192 168 177 19 lt SCOPE gt MSOFT 192 168 177 20 192 168 177 22 vlan0 DOWN lt SUBNET gt 192 168 178 1 255 255 255 0 OK From this example it is seen that two network interfaces ethO and vlan0 are served ethO is turned on UP and it has two P subnets To one of the subnets we can see a scope PHONES connected To another subnet OTHER and MSOFT None of the scopes can be connected to vlan0 interface as it was turned off by the administrator DOWN If required it is possible to lock one or several interfaces in this case they cannot be used Command is the following Syntax lock interface lt INTERFACE gt where e lt INTERFACE gt interface name When locking interface all attached scopes will be detached Other scopes cannot be attached to the interface while it is locked Example 2 gt dhcpd show interface e gt INTERFACES ethO UP lt SUBNET gt 9 1 1 100 255 255 255 0 lt SCOPE gt PHONES 9 1 1 151 9 1 1 200 lt SUBNET gt 192 168 177 12 255 255 255 0 lt SCOPE gt OTHER 192 168 177 10 192 168 177 19 lt SCOPE gt MSOFT 192 168 177 20 192 168 177
166. f the packet already had a tag this tag will be retagged to TAG o TAG is not specified This means that the packet stays unmodified o TAG is specified and its value is zero This means that the packet sent through this interface will be untagged if it was previously tagged or sent without any changes if it was not tagged Example switch group 3 add rf5 0 10 eth0 0 Copyright 2004 2012 by InfiNet Wireless 80 InfiNet Wireless WANFleX OS User Manual In this example all packets switched by group 3 will be tagged with VLAN TAG 10 when sending through rf5 0 interface and will be untagged when sent through eth0 interface d All packets destined for the switch are always untagged switch group ID repeater trunk uncoupled fon off This command turns on off the repeater trunk or uncoupled modes In the repeater mode the group switches the packets simply by sending them to all the device s interfaces except the one the packet was received from In the trunk mode the group switches all the packets received through eth interfaces in such a way that when packets are sent to rf interfaces these packets are places in a group with a number corresponding to the packet s VLAN TAG When receiving the packet from rf interfaces trunk group sends these packets to eth interface tagging them with a switch group number this packet was received from If a Ring redundant network is connected to a CORE network in multiple po
167. face Sets an extra cost for all connections on this interface The value of the parameter is added to the cost automatically calculated by MINT protocol Value of this parameter can only be positive Zero value disables the parameter Example mint rf5 0 extracost 60 Mesh extra cost setting Syntax mint FNAME meshextracost XX meshextracost is configured for the interface Sets an extra cost for all connections of master node with its mesh nodes 500 by default Example mint rf5 0 meshextracost 300 J oin cost setting Syntax mint IFNAME joincost XX Copyright 2004 2012 by InfiNet Wireless 44 InfiNet Wireless WANFleX OS User Manual joincost is configured for the interface Sets the cost of all connections on the interface which were established by means of join 3 by default Zero value disables the parameter Example mint rf5 0 joincost 60 MINT log settings The following command is used to control log settings for MINT protocol mint IFNAME no log detail Three different modes are available No logging nolog option is used Limited logging log option is used The messages on connecting disconnecting neighbors will be put to the system log Detailed logging log detail option is used Along with the messages from limited logging mode messages on changing costs of the routes and changing bitrates in autobitrate mode will be put to the system
168. fault info 6 level is chosen e keepalive TIME sets session activity check duration period in seconds By default server doesn t make activity check 0 value e banner on off shows hide W WANFleX SSH login banner Options for SSH algorithms management e algo list shows a list of all available SSH algorithms for key exchange kex authentification host key data encryption cipher data verification hash and data compression compress e kex algos ALGO LIST allows choosing kex algorithms from the list of algorithms algo list to be used in SSH key exchange process e hostkey algos ALGO LIST allows choosing host key algorithms from the list of algorithms algo list to be used in SSH Server Client authentification process e cipher algos ALGO LIST allows choosing cicpher algorithms from the list of algorithms algo list to be used in SSH data encryption e hash algos ALGO LIST allows choosing hash algorithms from the list of algorithms algo list to be used in SSH data verification e comp algos ALGO LIST allows choosing compression algorithms from the list of algorithms algo list to be used in SSH data compression Copyright 2004 2012 by InfiNet Wireless 13 InfiNet Wireless WANFleX OS User Manual Authentication of SSH Clients By default SSH Clients are authorized by SSH Server after typing a valid password However password authentication may be n
169. ffer state monitoring will start on ports 0 1 and 2 Jitter buffer self tuning will be performed on port 0 if jitter filling deviation on this port is 1 5 milliseconds on port 1 if jitter filling deviation on this port is 15 percent on port 2 if jitter filling deviation on this port is 15 milliseconds ces stat clear Shows ces statistics Optional parameter clear allows to clear statistics ces eth media lt MediaType gt Sets LAN port physical interface properties of an IDU Allowed lt MediaType gt values 100BaseTX fullduplex 100BaseTX halfduplex 10BaseT fullduplex 10BaseT halfduplex auto Auto value by default ces eth bwlimit lt Kbps gt Limits LAN port physical interface speed of an IDU Possible values 10 100000 Measured in Kbps No limit by default O value cancels the limit ces eth stat full clear shows CES module s Ethernet port statistics Optional parameter full allows viewing detailed statistics Optional parameter clear allows clearing statistics When using dual radio devices such as CES Copyright 2004 2012 by InfiNet Wireless 94 InfiNet Wireless WANFleX OS User Manual multihop repeater this command shows the same statistics as ces stat delay command does ces stat command output gt ces stat unit status slave active time 00 06 42 since started 00 00 02 since stat cleared mode el recovery peer 00134676EEAC master settings mode el loopback jitterbuf 40 fr
170. fied MAC address frequency packets received gt the sent to specified MAC address Currant packet length Freq 5260 SIDS 112 p0028ae1d787 DO028ae1d795 NewRWR 0 5 6 14 14 gt 12000 gt 14 14 Number of packets 13 13 lt 18000 gt 38 48 received from each unit 12 12 gt lt 18000 gt 38 48 DO0028ae1d72a NewRWR O 1 Current signal level Current receiving Average packet MAC address Device mnemonic Average signal speed length name level Scan mode The scanning regime is enabled by a muf scan command and provides for deep analysis of radio emission sources within the given network s territory In this regime the device scans the radio spectrum on all frequencies and for all modulation types Information is displayed on any source of irregular non repetitive radio signals To obtain information as complete as possible the scanning process may take significant time Example muffer rf5 0 scan lt the packet sent from specified MAC address gt the sent to specified MAC address Current receiving speed 5280 12000 18 gt 00026F4812EB 5280 24000 14 gt 001195F28E78 5240 24000 34 DOESBGBDAGA N1 5240 6000 40 lt 000E9B68D977 N2 ee ON A Scanned Average signal MAC address Device mnemonic frequency level name Supplementary options for all the above regimes e tXX specifies the duration of time in seconds for which the test regime is enabled 2 minutes by default The value O in this fiel
171. fined bandwidth value e record SEC starts Spectrum Analyzer in the background mode with the specified duration time in seconds The result is stored in the memory till the unit s reset e replay allows viewing the result of the last Spectrum Analyzer scan To terminate the analyzer operation in any of the above modes press lt ESC gt or lt Ctrl C gt 7 Macf command addresses mapping The command is used to map P addresses onto Ethernet MAC addresses Syntax macf MAC address P address Comment macf del N macf dhcp strict reverse simple quiet macf show clear Description The macf command performs static mapping of P addresses to MAC addresses in an Ethernet network It may be useful for service providers when they connect to their network a group of clients such as individual users in an apartment block via one common access unit In this case clients may be tempted to change their IP address to that of a neighbor thus deceiving provider s accounting system Although it is almost impossible to definitely resolve this issue you can make however your life easier by directly mapping the client s assigned IP address to his her MAC address because surreptitiously modifying a MAC address is much more difficult for an average user Every macf MAC address P address command adds a new address pair to the address mapping table macf 102030405060 1 1 1 1 Room123 macf 203040506070 2 2 2 2 Room125 T
172. formats Parameter s format is described in the context help or in the list of commands help command in the following way B A B C D a parameter is set in IP address format Example 192 168 0 15 B WORD a set of characters with no spaces B lt 1 N gt a parameter is set as a decimal number in a range from 1 to N B A B C D M a parameter is set in a format P address subnet mask length Example 192 168 0 0 24 B IFNAME name of a physical network interface Example ethO If a parameter can be written in different formats it will be displayed in round brackets the options are separated by character Example A B C D lt 0 4294967295 gt If a parameter is optional it is put into square brackets Any command may contain no prefix Having this prefix in the command means deleting a corresponding parameter from the configuration Start stop of RIP Start of the RIP router is executed by the following commana Copyright 2004 2012 by InfiNet Wireless 116 InfiNet Wireless WANFleX OS User Manual arip start In order to stop RIP execute the following command in config mode stop daemon clear Example gt arip RIP gt configure RIP config stop daemon If stop command is executed with clear parameter the router will clear its part of the system configuration prior to quitting CS Filters In many participating in the configuration parameters of the router filter
173. gured using the following commands in config if mode 1 Password authentication authentication key AUTH_KEY A B C D where AUTH_KEY password IP address is an optional parameter when individual link configuration is required 2 Cryptographic authentication message digest key lt 1 255 gt md5 KEY A B C D where KEY secret MD5 key IP address of the link in case of individual link configuration lt 1 255 gt a serial number of a secret key Thus for the current link or interface one can configure up to 255 secret keys For packets sending the router will use the latter keys among configured For packets receiving the router will use the key with the same serial number as was used by the sender By setting up authentication parameters one can turn it on by the config if mode commands l null message digest A B C D Copyright 2004 2012 by InfiNet Wireless 141 InfiNet Wireless WANFleX OS User Manual Authentication type null no P address of interface s link authentication obligatory e authentication suppression With no parameter at all a simple password authentication is turned on Virtual links authentication is configured in the same way in config router mode Parameters area A B C D lt 0 4294967295 gt virtual link A B C D authentication key AUTH_KEY area A B C D lt 0 4294967295 gt virtual link A B C D message digest key lt 1 255 gt md5 KEY Type of authenticati
174. h keeptag on off switch resynchronize switch local tag TAG switch trace off on verbose filter pcap expr Copyright 2004 2012 by InfiNet Wireless 76 InfiNet Wireless WANFleX OS User Manual switch stptrace off on switch stpblock off on switch dump WILDCARD MACADDRESS switch igmp snooping dump detail switch igmp snooping Imat Value switch igmp snooping gmi Value switch igmp snooping static add MCAST F_NAME MAC switch igmp snooping static del MCAST F_NAME MAC switch igmp snooping srcip IP switch igmp snooping querier group N source X mcast X Y vlan N start stop clear switch start stop restart destroy dead interval DEAD_INTERVAL strict admin on off switch statistics clear help D switch maxsources MAXSOURCES 0 ATTENTI ON Starting from 1 22 0 firmware version switch is partially incompatible with other firmware versions It is highly recommended to perform firmware upgrade for units working in switch mode Compatibility for MINT protocol and routing is not disturbed Over The Air Firmware Upgrade feature also can be used Wildcard format Wildcards are used in different commands to filter printed information As a difference from standard wildcards in special cases the following characters can be used any number of any symbols or empty any symbol just one Example rf This filter includes the string
175. h list LISTNAME iface mac numrange match add del VALUE dump WILDCARD rename NEWNAME Copyright 2004 2012 by InfiNet Wireless 75 InfiNet Wireless WANFleX OS User Manual file FILENAME flush remove GROUP commands switch group ID add del FNAME TAG 0 switch group ID repeater trunk uncoupled fon off switch group GORUPID up down stream SCI D 0 switch group ID x vlan TAG LIST 0 no bidir switch group ID nvlan on off switch group 1D info INFO_STRING switch group ID setid NEWID switch group ID stp off on dump switch group ID stp priority PRIO default 32768 step 4096 switch group ID stp forwarddelay DELAY default 15 sec switch group ID stp maxage TIME default 20 sec switch group ID stp port IFNAME priority PRIO default 128 step 16 switch group ID stp port IFNAME cost COST default 200000 RSTP 65535 STP switch group ID igmp snooping off on switch group ID order N switch group ID setpri addpri prio deny permit showrules showblack switch group ID dump interface WILDCARD dbdelete MACADDRESS start stop remove switch group ID in trunk I D 0 switch admin group ID 0 RULES commands switch group ID interface FNAME rule NUMBER set NEWNUMBER src LIST dst LIST vlan LIST iface LIST proto LIST match LIST setpri addpri prio deny permit remove CONTROL commands switc
176. hat use outgoing traffic encryption in the MINT network Every three minutes the key is dynamically changed Example mint rf5 0 crypt Learning the network neighbors The following command is used to learn the state of the connections with neighbors mint IFNAME map routes full swg detail m mint no colormap Three options are used The default output is displayed MAC and Name Type of node Receive transmit of current node master slave bitrates MINT interface name Interface rf5 0 Node 64BBESE19CD42 Unknown node Id 36252 Netld 6G Freq 5516 Sid 10101010 autoBitrate 3000990 lt min Secas 1 Active neighbors Id Name Node Level Bitrate Retry Err Options TE PAE a ae OTe EP rx tx rx tx A Mr MS RS ee 36253 Unknown node BBESE19CDS8 14 15 300 3008 6 6 6 6 master Total nodes in area 2 ter Noise floor 94 nodeid Neighbor Neighbors Signal level in dB above Neighbor parameter nodename MAC addresse the noise threshold for node type current bitrate From To Routes The following output is displayed 3 Routes of node 001195EC9E37 Authenticati NOOO1 O0O2SAE1DB8SO via O0028AE1DBSO Cost 90 Zone 1 lt auth elay NO201 001195FD900D via 001195FD900D Cost 90 Zone 1 NO203 001195EC9E37 via O01195EC9E3 Cost 0 Zone 0 MAC addresses of all The neighbor node which Summary cost of Number of hops nodes of MINT network will act as a gateway to the the link tothe to the
177. he comment parameter is a simple description string with no syntax restrictions The current state of the mapping table may be displayed by a macf show or co show command macf show The output is the following macf 1 0020af915099 192 78 64 99 Server macf 2 0020af9150a3 192 78 64 194 Room94 macf 3 0020af9150a4 192 78 64 134 Room57 macf 4 0020af9150a7 192 78 64 174 Admin Copyright 2004 2012 by InfiNet Wireless 71 InfiNet Wireless WANFleX OS User Manual The second column in the above table contains automatically assigned internal numbers which may be used to delete any specific line from the table by a macf del N command The macf clear command clears the mapping table altogether Quiet option allows switching off message logging to the system log The mapping filter may operate in two different regimes In the normal regime all client units whose address pairs are not explicitly specified in the mapping table are treated as usual without any restrictions This is default regime In the strict regime which is enabled by macf strict and disabled by macf strict all packets received from units not described in the mapping table will be discarded If you are remotely configuring a router using telnet make sure when enauing the strict regime that your own workstation is already cited correctly in the mapping table Otherwise you lose control over the router and disabling the strict regime will be only possible thro
178. he more chances this router has to become a designated router for this network If this parameter is set to zero this router will never be selected as a designated router OSPF protocol requires that Link State databases of one area routers should be identical To do that routers exchange LSA information In particular transit networks are used In order to minimize network traffic routers exchange their LSA not directly with each other but using DR and Backup DR BDR BDR is used for backing up DR in case of DR failure BDR selection rules are identical to DR selection rules While Link state database synchronization the routers exchange database descriptions using master slave relationship and broadcast P packets Each packet reception should be acknowledged If acknowledge is not received initiating party makes a series of retransmits OSPF administrator can control periodicity of these retransmits for each interface and or interface s links in config if mode retransmit interval lt 3 65535 gt A B C D This retransmit interval is specified in seconds LSA exchange is performed in the following cases start of the router or its connection to the network link creation after selecting a network designated router after receiving LSA from any other area s router periodically after old database information expiration After receiving updated information about links changes the router initiates its link state database synchron
179. he traffic including transmitted passwords Moreover SSH is a flexible protocol that allows requiring multiple forms of authentication for access and choosing different encryption algorithms For using SSH protocol SSH Server and SSH Client is needed SSH Server accepts connections from client hosts SSH Clients performs their authentification and start serving the authorized clients SSH Client is used for access and management of the remote device InfiNet Wireless devices has built in SSH Server and SSH Client functionality SSH Server sshd command Built in SSH Server SSH daemon configuration is performed using sshd command Syntax sshd window SIZE sshd keepalive TI ME sshd banner on off sshd log level emerg alert crit error warning notice info debug LEVEL sshd algo list sshd kex algos ALGO LIST sshd hostkey algos ALGO LI ST sshd cipher algos ALGO LI ST sshd hash algos ALGO LI ST sshd comp algos ALGO LI ST sshd auth methods AUTH METHODS LIST sshd start sshd stop sshd newkeys sshd pub key sh ow cl ear de lete N Copyright 2004 2012 by InfiNet Wireless 12 InfiNet Wireless WANFleX OS User Manual sshd pub key in stall im port LOGIN PASSWORD HOST FILE COMMENT Description By default the SSH Server is disabled To start stop the server sshd start sshd stop commands are executed When first time started SSH Se
180. hing with the specified network This can be performed by the following command in the config router mode network A B C D M Network is specified by its P prefix and mask Copyright 2004 2012 by InfiNet Wireless 118 InfiNet Wireless WANFleX OS User Manual 2 By interface name RIP will be enabled on the specified interface This can be performed by the following command in the config router mode network WORD where WORD is interface name Example RIP gt configure RIP config router RIP config router network 4 7 8 0 24 RIP config router network rf5 0 RI P config router To cancel RIP on the interfacer use command no network A B C D M no network WORD In some cases not all routers understand multicast requests To solve this problem you can establish a direct link between routers To implement this use the command in config router mode neighbor a b c d a b c d router s neighbor address To cancel link between routers no neighbor a b c d To announce information from other routing protocols use the following command in config router mode redistribute kernel connected static ospf metric lt 0 16777214 gt route map WORD To define criteria according to which a router will announce information from some routing protocol use the command in config router mode distribute list WORD direct ifname where WORD list name direct direction values in or out
181. his server e g using IP A node having a local database of its neighbors or having an access to a remote authentication server can be configured as an authentication relay For this purpose the following command is used mint IFNAME no authrelay The information about authentication relay will be automatically distributed throughout the MINT network Nodes which use remote mode of authentication but both do not have access to the remote server and do not have the information in their local database will use authentication relay in order to obtain the keys of potential neighbors mint IFNAME no snmprelay The information about SNMP relay will be automatically distributed throughout the MINT network Nodes will use remote SNMP services Example 1 Nodes A and B use the same key and can establish a connection with each other in public authentication mode Node A mint rf5 0 key SECRETKEY mint rf5 0 authmode public Node B mint rf5 0 key SECRETKEY mint rf5 0 authmode public Example 2 Nodes A and B have different keys but they can establish a connection with each other using their local databases Node A Copyright O 2004 2012 by InfiNet Wireless 48 InfiNet Wireless WANFleX OS User Manual mint rf5 0 key SECRETKEY mint rf5 0 authmode public mint rf5 0 addnode mac B B B B B B key KEY2 Node B mint rf5 0 key KEY2 mint rf5 0 authmode public mint rf5 0 addnode mac A A A A A A key SECRETKE
182. hough this network will be in configuration inactive link Thus the router obtains an internal link for OSPF system for which a given network is a destination If this network is a physical interface address point to point the router gets an internal link with a router ID destination which is connected on the opposite end of point to point link To cancel internal link advertising use the command no network A B C D M area A B C D lt 0 4294967295 gt In some cases there is a necessity to advertise internal links automatically for the selected network interface It becomes important when P addresses of this interface aliases are created and deleted automatically for example when CPEs are connecting to the BS via radio To implement this use the command in config router mode auto interface FNAME area A B C D lt 0 4294967295 gt In the command an area ID is specified to which networks destinations will be deferred To cancel an automatic links advertisement for this interface use the command in config router mode no auto interface FNAME To define criteria according to which a router will advertise the link use the command in config router mode distribute list WORD out kernel connected static If this filter is not defined the router will advertise all links of the specified type of a system table if they are not dejected by route map configured in redistribute command parameters All links of this ty
183. ification by VLAN ID from and into the wired segment The option can be useful for a Ring or redundant topology network transmitting multiple VLANs when the traffic with certain VLAN IDs is picked up at junction points Copyright 2004 2012 by InfiNet Wireless 81 InfiNet Wireless WANFleX OS User Manual Important When enabling this VLAN tag filter other rules see below do not work Example switch group 5 vlan 5 switch group ID xvlan TAG LIST 0 no bidir This command unlike the vlan TAG LIST 0 rule allows groups to handle also not tagged packets Examples switch list MYNET numrange add 100 200 300 switch group 10 xvlan MYNET switch group 10 trunk on Group N210 would handle packets tagged with VLAN IDs 100 200 300 as well as not tagged packets Not tagged packets will be sent to MINT network with its own group number in this case 10 tagged packets with group numbers concurred with VLAN ID switch list MYNET numrange add 100 200 300 switch group 20 vlan MYNET switch group 20 trunk on Group N220 handles only tagged packets from the MYNET list and transmits them upgrading VLAN ID number to appropriate group and vice versa switch list MYNET numrange add 100 200 300 switch group 30 vlan MYNET switch group 30 trunk off Group N230 handles only tagged packages from the MYNET list and transmits them without changing with the group number 30 switch group ID nvlan on off This comm
184. igured in the format of lt value gt lt mask length gt In order to create or edit an access list in OSPF router the following commands are used in config mode 1 Standard access lists access list lt 1 99 gt lt 1300 1999 gt deny permit A B C D A B C D List identifier Command value Mask of bits Range of values for the parameter This command creates an operator in a standard access list Value and mask define a range criteria for the operator The mask defines those bits of the value which form the range For example in order to specify the range of IP address from 192 168 12 0 to 192 168 255 one should specify the value of 192 168 12 0 and a mask of 0 0 0 255 For the value and mask of 0 0 0 0 255 255 255 255 there is a key word any For example the command OSPF config access list 1 permit 0 0 0 0 255 255 255 255 is equal to the command OSPF config access list 1 permit any Correspondingly for the range which consists of only one address the key word host is used For example the command OSPF config access list 1 permit 192 168 12 150 0 0 0 0 is equal to the following command OSPF config access list 1 permit host 192 168 12 150 2 Extended access lists access list lt 100 199 gt lt 2000 deny permit 2699 gt p A B C D A B C D A B C D A B C D Copyright 2004 2012 by InfiNet Wireless 131 InfiNet Wireless WANFl
185. il 02 01 2003 13 25 37 OK The information about expired leases is saved in the database during 24 hours After 24 hours the record is automatically deleted from the database and the IP address becomes a free address after being lt OBIND gt The server will use lt OBIND gt addresses for other clients if all the scopes which suit new clients ran out of free addresses The server will use the oldest records in boundhistory in the first turn The server will also cancel an address lease after a client s corresponding request Copyright O 2004 2012 by InfiNet Wireless 189 InfiNet Wireless WANFleX OS User Manual Admissibility check for P addresses lease The check is made in order to avoid P addresses conflicts After the server detected the IP address as being free it will perform an admissibility check prior to IP address lease to the client In other words the server makes sure that this IP address is not occupied by any host except may be for the target client itself on the client s interface The server makes ARP requests on the client s interface If no one answered the request may be except for the target client the IP address will be given for a lease This check is performed in any case except for case of virtual interfaces when the check is a client s responsibility If IP addresses conflict is detected this IP address will not be given for a lease The server will attempt to give a nex
186. inks which were announced by transit network and the advertising router was 192 168 45 107 OSPF gt show database network adv router 192 168 45 107 OSPF Router with ID 192 168 151 10 Net Link States Area 0 0 0 0 Net Link States Area 0 0 0 1 LS age 473 Options 0x2 E LS Flags 0x6 LS Type network LSA Link State ID 192 168 15 1 address of Designated Router Advertising Router 192 168 45 107 LS Seq Number 80000001 Checksum 0x9148 Length 32 Network Mask 24 Attached Router 192 168 45 107 Attached Router 192 168 151 1 Net Link States Area 0 0 0 2 OSPF gt Copyright 2004 2012 by InfiNet Wireless 144 InfiNet Wireless WANFleX OS User Manual Filtration objects show access list lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt WORD This command is used to print access lists contents If list identifier is not specified all lists are printed For example OSPF gt show access list IP access list any_network permit any IP access list net200 permit 192 168 200 0 24 Similar commands are used for prefix lists output show prefix list show prefix list WORD Routing table show route This command prints a routing table For example OSPF gt show route OSPF network routing table N IA 1 1 1 1 32 3 area 0 0 0 1 via 192 168 15 1 eth0 N IA 1 1 1 2 32 2 area 0 0 0 1 via 192 168 15 1 eth0 N 4 7 8 0 24 2 area 0 0 0 1 via 192 168 15 1
187. interfaces from LACP configuration the port option is used For example Copyright O 2004 2012 by InfiNet Wireless 60 InfiNet Wireless WANFleX OS User Manual lag 1 port eth1 The following commands are used to manage LACP operation and get the statistics lag N status allows to view the aggregation id the load on each of the parent interfaces and its status lag N migrate lag N migrate allows disallows existing sessions migration between the available parent interfaces in case of the difference in the overload By default migration is allowed lag N balance lag N balance allows disallows load depending dispersion of new coming sessions between the available parent interfaces By default balancing is enabled lag N mode allows to set standard or fast LACP mode In standard mode LACP acts in accordance to the IEEE 802 3ad standard In fast mode LACP uses IW proprietary extension that enhances its speed of response on the link state changes optimizes the overall aggregate system performance and delivers more accurate statistics lag N clear removes the lagN interface from the device configuration lag N loadm shows the load statistics in real time on each of the parent interfaces 5 Ltest radio link test Ltest is a utility for radio link testing It is recommended for using in the antenna alignment process when installing a new radio link or for testing of the existi
188. intersect these ranges will be concatenated match by context match expressions are identical to expressions lists but should consist of one element the expression itself The expression should be written in PCAP format see tcpdump utility If an expression has spaces it should be put into quotes Keywords add and del add or delete values to the specified list correspondingly VALUE one or several except for match values to be added or deleted from the list Examples switch list my_iface iface add ethO rf5 0 Here a list of iface type is created with a name of my_iface Interfaces eth0 and rf5 0 are added to this list switch list vlans numrange add 10 20 30 40 A range of numeric values are added to a list with a name of vlans and with a type of numrange Values added are 10 the range from 20 to 30 and a value 40 switch list ip mynet match add net 195 38 45 64 26 Copyright 2004 2012 by InfiNet Wireless 78 InfiNet Wireless WANFleX OS User Manual A list expression of match type is created In this case when using filter its effect will cover all types of packets ip arp and T A from 195 38 45 64 26 network switch list ip mynet match add ip net 195 38 45 64 26 In this example a list expression of match type is also created but now only ip packets from 195 38 45 64 26 network will be affected when using filter A source file can be specified for the list The source file should contain the
189. ints STP loops can be formed in the CORE network Thus STP enabled switches may block some of the links Switching groups with uncoupled on parameter blocks the traffic between each other even if they have the same switching group number This does not affect the traffic to come into the wireless network For the incoming traffic intermediate nodes only use the closest uncoupled node This improves the effectiveness of network utilization Example switch group 12 trunk on If trunk group which will provide transmission of multiple VLAN flows in different directions is enabled on device then in trunk option should be used on a subscriber station for exact instruction of what trunk group is the group switch group ID in trunk I D 0 For example if a Group N2100 on a subscriber station is a member of a trunk Group N95 Group N2100 was formed as a result of conversion of VLAN ID N2100 into the Group N2100 subscriber station switch configuration should have the following command switch group 100 in trunk 5 This option allows creating multiple disjoined trunk groups in the same network with the same VLAN flows inside switch group ID vlan TAG LIST 0 no bidir This command defines that the group will switch the packets which are tagged with TAG VLAN tag or with VLAN tags specified is a LIST of numrange type In order to cancel this VLAN filtration TAG should be specified as zero The bidir option enables two way traffic class
190. ireless WANFleX OS User Manual bin addr ADDR short form b ADDR sets source P address of the SSH packets This source IP address substitutes the default sending interface s IP address field of the SSH packets Options for Public key management pubkey new BITS generates new DSS and RSA SSH Client s public keys BITS parameter should be specified as a key size in bits possible values 512 4096 For example the following command generates RSA and DSS 512 bits public keys sshc pubkey new 512 pubkey show shows generated public keys pubkey export LOGI N PASSWORD HOST FILE exports public keys from SSH Client to a file on the remote FTP server Where HOST is an P address of the remote FTP server and FILE is a file name that will contain SSH Client s RSA DSS public keys If login and password are set on the remote FTP server they should be specified as LOGIN and PASSWORD parameters pubkey clear deletes public keys on SSH Client Options for SSH algorithms management algo list shows a list of all available SSH algorithms for key exchange kex authentification host key data encryption cipher data verification hash and data compression compress kex algos ALGO LIST allows choosing kex algorithms from the list of algorithms algo list to be used in SSH key exchange process hostkey algos ALGO LIST allows choosing hostkey algorithms from
191. is a device which should be repaired device a second device on which ERP utility will be run to repair the first device device b Both of the devices should be connected to the same Ethernet segment via their Ethernet interfaces Device b should have no switch local tag lt x gt option configured on its Ethernet interface Procedure 1 On the device b run ERP utility with serial lt n gt option where n is a serial number of the device which should be repaired device a erp serial lt n gt Example erp serial lt 36696 gt ERP will come to hearing mode waiting for device a to reboot 2 Reboot device which should be repaired device a by disabling power and enabling it again For example by disconnecting and connecting again service cable on the DU 3 After device a is rebooted on device b ERP will show Sequence parameter value and serial number of device a Please contact InfiNet Wireless tech support and provide these values 4 In return tech support will give you special ERP code and new password for device a 5 On device b run the following ERP command erp serial lt n gt code lt c gt reset Copyright 2004 2012 by InfiNet Wireless 24 InfiNet Wireless WANFleX OS User Manual where n is a serial number of the device which should be repaired device a and c is special ERP code received fr
192. is not advertised If a resulting action is permit all actions specified in the record are performed for a resulting object Further records viewing is stopped or if specified in the scenario it is resumed depending on the option specified in the scenario 1 on match next viewing is continued from the record which follows a current record 2 on match goto lt N gt viewing is continued from the record which number is more or equal N but is not less than current number Copyright O 2004 2012 by InfiNet Wireless 134 InfiNet Wireless WANFleX OS User Manual In order to configure a route map the following command is used in config mode route map WORD deny permit lt 1 65535 gt where WORD route map identifier This identifier is followed by a resulting action and the number of the record If a record with a specified number does not exist it will be automatically created After executing this command CS switched to the mode for editing a selected route map For example OSPF gt configure OSPF config route map testmap permit 10 OSPF config route map After that a condition of match between imported route and current record is specified The following commands are used in config route map mode match address lt 1 199 gt lt 1300 2699 gt WORD match address prefix list WORD match interface WORD match next hop lt 1 199 gt lt 1300 2699 gt WORD match next hop prefix list WORD These commands set
193. isables off enables on logging of the STP service information into the system log switch stpblock off on Stpblock on command prevents STP frames forwarding in the switch mode when STP support is disabled on the unit To allow STP frames forwarding use stpblock off command Switch MAC address database is a routing table of MAC layer which contains information on how the packet should be delivered to its destination dst Each switching group has an independent database Records in the database are formed automatically based on the source address of the packet which was received by one of the interfaces included into a switching group Moreover the database always contains records corresponding with interfaces included into the switching group These records are called local records Each records has its life span If during this life span none of the interfaces have received a packet with a source address from this record this record is deleted from the database By default life span is five minutes To change this parameter the following command can be used switch dead interval lt DEAD_INTERVAL_IN_SECONDS gt Copyright O 2004 2012 by InfiNet Wireless 89 InfiNet Wireless WANFleX OS User Manual To start stop restart the switch the following command can be used switch start stop restart To clear the switch configuration please use the following command switch destroy To view the sw
194. itch statistics please use the following command switch statistics clear help D The statistics shows the information on forwarded flooded dropped packets and records of the switch MAC address table The clear option clears the switch statistic The help option shows a list of the descriptions of the drooped packets reasons used in the switch statistics command output The following command can be used to view switch stats for each switch group If a switch group ID is specified in the command string the output displays separate packet stats for each VLAN that belongs to that switch group The following command allows setting the maximum allowed number of records in the switch MAC address table switch maxsources MAXSOURCES 0 The default number of records is 5000 When the value 0 is used the number of records is set to minimum possible of 500 Local packets generated by the device itself do not belong to any switch group Therefore by default they are sent into the wired interface eth untagged The following command allows assigning the local packets with a VLAN tag switch local tag TAG The packets not belonging to any switch group will be sent into the wired interface with the VLAN value equal to the value of the local tag parameter And vice a versa packets received via the wired interface and having their VLAN value equal to the local tag parameter will be processed as local
195. itr XXX bitrate Kbps txpwr XXX tx power dBm sid XXX system identifier up to 8 hex digits cap RF capabilities dist XXX distance in kilometers or auto txrt XXX max transmit retries 15 txvrt XXX max transmit retries in voice mode 5 burst burst mode shortgi short guard interval mode noise XXX Noise floor threshold dB 20 pwrctl automatic TPC mode wocd modulation OFDM CCK chntime XXX statistics bcsid A Not all of the radio interfaces have the same set of parameters and options because it depends on the type and standard of the radio module A complete list of parameters available for the specific interface can be displayed using rf ifname command Radio module type and its features list are displayed by rf ifname cap command Description Sets parameters of a radio module specified by the if name name of the radio interface parameter or displays them if executed without any optional parameter Optional parameters are as follows e band XXX this option allows choosing the bandwidth for transmission in MHz Double means 40MHz Full 20MHz half 10MHz quarter 5MHz Units in one PTP or PTM connection must have the same bandwidth Example Copyright O 2004 2012 by InfiNet Wireless 29 InfiNet Wireless WANFleX OS User Manual rf rf5 0 band half e grid B G this option allows creating a customized frequency grid within the license restrictions The frequency grid
196. ization with its neighbors if it s a DR This process does not start right after new information receipt but after a period of time assuming that some more data may come This is made in order to avoid network storms The time for the delay can be configured for every interface link in config if mode transmit delay lt 1 65535 gt A B C D Moreover the router automatically updates link state information with its neighbors Only obsolete information is updated which age has exceeded a specific threshold By default this threshold equals 1800 seconds half an hour and it can be changed using the following command in config router mode refresh timer lt 10 1800 gt The parameter is specified for the OSPF router in general Virtual link is a point to point transit network In this network a neighboring relationship is also established between two routers For virtual links there are similar parameters for neighboring relationship establishment These parameters are configured in config router mode area A B C D lt 0 4294967295 gt virtual link A B C D hello interval lt 1 65535 gt retransmit interval transmit delay Copyright 2004 2012 by InfiNet Wireless 140 InfiNet Wireless WANFleX OS User Manual dead interval To log changes in the adjacency state of the router the following command can be used OSPF config router log adjacency changes detail Using optional detail parameter of the co
197. l be made Example dhcpr add 125 12 100 12 dhcpr 125 12 100 13 dhcpr delete 125 12 100 12 Interface blocking By default DHCP Relay accepts client s requests from all network interfaces If one of the interfaces needs to be blocked not to forward requests from it a special command should be used Syntax dhcpr lock unlock INTERFACE INTERFACE a name of one or several Separated by spaces interfaces Example dhcr lock ethO Copyright O 2004 2012 by InfiNet Wireless 193 InfiNet Wireless WANFleX OS User Manual Logging Syntax dhcpr trace notrace This command enables disables wiring DHCP Relay s service messages to the system log Resetting Syntax dhcpr flush This command clears the DHCP Relay s configurations Using DHCP Relay agent information option In order to identify client s interface when receiving server s replies the relay can use a special DHCP option which he appends to the client s request packet while relaying Not all of DHCP server support this capability DHCP Relay has this option turned off by default A special command can be used to turn this feature on Syntax dhcpr info noinfo Example dhcpr info 19 DHCP Client dhcpc command General Description DHCP client is used for automatic retrieving of different parameters from DHCP server for one or several unit s network interfaces Among the parameters are P address network mask default ga
198. landev ethO up or ifconfig vlan1 1 1 1 1 24 up ifconfig vlan1 vlan 5 vlandev ethO ifconfig vlan1 vlandev ethO Last line in the example cancels the connection between vlan1 logical interface and physical device eth0 Both additional parameters of vlanX interface should be entered in one line as it is shown in the example and if needed one can add a new IP address setup For the normal vlanX interface functioning a physical interface ethO should be in the active state up flag One can enable IEEE 802 1Q in Q support on the unit IEEE 802 1Q in Q allows adding an outer VLAN ID tag to IEEE 802 1Q tagged traffic forming so called double tagged frames thus making it possible to encapsulate multiple wtyk VLANs within one single outer VLAN To configure IEEE 802 1Q in Q VLAN tagging on the unit the linkO option of the ifconfig command is used When this option is enabled the unit s interface terminates the specified outer VLAN ID tag of the incoming doubled tagged traffic and assigns the outer tag to the outgoing tagged traffic Example ifc vlan2 1 1 1 1 24 up ifc vlan2 vlan 2 vlandev ethO linko To display the current configuration of an interface an ifconfig command may be executed with the interface name as the only parameter To see the configuration of all interfaces of the unit use the ifconfig a command 2 Tun command tunnels building The command specifies the parameters of a software tunnel Gene
199. law eer aia rea reads 164 Nat command Network Address Translation cccccccccccccccsceeeeeeeeeseeseaseeseaeeeeeueeeaeeannags 165 General description 165 Commands description comioooicra rr Atar dada 166 NAT and A323 telephony etario 171 SNMP Traps support trapd command eect eee eee teeter eee enrera 172 DHGP Servelsicticciivtiiinai tealucitees a a ads 175 DHCP Server Command Language cccccccoccconnncoccnnnnnoncnnnnnnonnnnonornconnnnnnnnnnnnnrrrannnrrnnnnnnos 175 DHCP relay dhcpr COMMANG s ara aaa a aagi 192 General Description ria aia 192 Commands Descrip ba As 193 WANFleX OS User Manual Copyright O 2004 2012 by InfiNet Wireless InfiNet Wireless 19 20 DHCP Client dhepe command civic o dd ayers is 194 General Description tie adosada 194 OPTIONS a ent daisies ier aa NEE EAA AAA AEA 194 COMMANGS ihrer tri Ten a OR A ERA E E ARA T a eaaa 195 Examples dote doi 195 VRRP server VRRP COMMANd oocccooocccccnnnnccnncnnnconnnnnnornnnonnnrrnnnnnnnrnnrnnnnrenrennnrrnnrnnnareninns 196 General Descrip caca 196 Command descriptio nonim om n a a n 197 OTHER COMMANDS ecooocccoccccncnccnnnonnnn cr nnn cnn nana 202 CO COMMANG eii rd 202 WANFleX OS User Manual Copyright O 2004 2012 by InfiNet Wireless InfiNet Wireless WANFleX OS User Manual Introduction 1 General notes This manual lists the commands of the WANFleX operating system used in the InfiNet Wireless R5000 For device s
200. les qm rules ipstat analyzing For example when creating a Firewall rule one should use local addresses for the private network They will be shown in ipstat module also This command also sets the name of an access list ACL of your private networks which require network address translation All packets with source addresses that are included into the local_acl list are considered as outgoing and are subject to translation Exceptions are the packets going from local_acl to local_acl and packets going from local_acl to the system own addresses All these packets and the rest of the packets are considered as incoming and if they are not reserved to the translated connections pass through without being changed acl add NAT net 192 168 1 0 24 nat local_acl NAT 123 1 1 1 Copyright 2004 2012 by InfiNet Wireless 166 InfiNet Wireless WANFleX OS User Manual In this example we created a list with the only network 192 168 1 0 24 your private network referring to it in local_ acl command and assigning 123 1 1 1 address as a public address for this network You can create several private networks having assigned different public addresses to each of them Translation will be carried out independently It is also possible to receive a public IP address from a DHCP server For example if the provider haven t provided you with a public IP address and you have to obtain it automatically In this case set up DHCP Client on an i
201. ll not be used in this case ipfw add reject all from 0 0 to not ROUTE For the interfaces which have physical MAC addresses in Ethernet standard it is possible to use a value of MAC address with a key word mac At that for the incoming filters one can set only the MAC address of the source and for outgoing only the MAC address of the destination Moreover instead of a numeric value a key word BS can be used In this case the MAC address of the corresponding BS on which the CPE is configured will be used One should keep in mind that the rules which use MAC addresses for the incoming packets will be applied in the first turn and the rules for the outgoing packets will be applied in the last turn Be careful After from and to key words one can use a negative prefix not Its action will spread only on the corresponding address addresses but will not influence the ports if they are used in the command Example ipfw add reject all from mac 0012345678 to 0 0 ipfw addout reject all from 0 0 to mac 0012345678 ipfw add rfl reject all from mac BS to 0 0 ipfw add reject all from 0 0 to not 1 1 1 0 24 Ports list is set as a simple enumeration of ports separated by space bars The first element in the list can be a port couple separated by a semicolon These ports will specify a port values range from the smallest to the biggest inclusively One can specify up to 10 ports in the list The packets which are not a first fragment
202. local_ port a port outgoing messages from which will be processed If the port is not specified the all connections from all ports are processed nat proxy_rule parameter value parameter value This command performs redirection of outgoing packets TCP packets outgoing from LAN to any address with specified port redirected to specified server and port Optionally initial destination address may be included into the packet using several ways Command line consists of word pairs key parameters and its value Allowed parameters type encode_ip hdr encode_tcp_stream no_encode If transparent gateway requires information of initial address and an access port of a new server then it may be done in two following ways e f option encode_ip_hdr specified then original address and port are transmitted in extended IP header fields IP option e f option encode_tcp_stream specified then original port and address are transmitted in a packet before data start in format DEST IP port port portnum Only packets sent to specified port are processed server host portnum Mandatory parameter Specifies server address and port for packet redirection If port not specified then original destination port will be used proto tcp udp If specified then only packets with specified protocol will be processed src I P bits dst I P bits Copyright 2004 2012 by InfiNet Wireless 170 InfiNet Wireless WANFleX OS User Man
203. lticast Router when organizing video systems using IGMP Snooping services IGMP Querier parameters e group N defines a switching group that uses IGMP Snooping services e source X sets source IP address for Multicast packets e mcast X Y sets concrete Multicast Group or a number of groups to be allowed for subscription e vlan N enables transmission of Multicast packets using Vlan The clear option deletes IGMP Querier configuration Sample configuration switch list VGROUP numrange add 10 20 30 40 switch list ALL_VLAN numrange add 0 4095 switch group 5 add eth rf5 0 switch group 5 rule 10 vlan VGROUP permit switch group 5 deny switch group 5 start switch group 15 add ethO rf5 0 switch group 15 rule 10 vlan VGROUP deny switch group 15 rule 11 vlan ALL_VLAN permit switch group 15 deny switch group 15 start switch group 25 add ethO rf5 0 switch group 25 rule 10 vlan ALL_VLAN deny switch group 25 permit switch group 25 start switch admin group 25 switch start Here three switching groups are created Group 5 switches the packets with VLAN tags 10 20 30 and 40 Group 15 switches the packets with any VLAN tag with exception for those switched by group 5 Group 25 is switching all the packets without VLAN tags Moreover group 25 will be used to send the traffic to outer world Copyright 2004 2012 by InfiNet Wireless 92 InfiNet Wireless WANFleX OS User Manual 11 CES
204. lush Flushes all import and export filters rip trace LEVEL Switches the RIP operation into the trace mode The optional LEVEL parameter specifies the detalization level of debug information Allowed values are as follows 1 minimum level of events tracing 2 tracing of received sent packets 3 tracing of received sent packets and their contents 4 tracing of changes in the kernel routing tables Default value for this parameter is 4 rip dump Displays the status of the routing module s internal routing tables and interfaces rip show Displays current RIP setup parameters rip ridhosts Prohibits the export of addresses of point to point local interfaces when there is a network route going to the same network via the same interface This is a specific case of aggregation and allows limiting the number of exported routes rip keepstatic Keeps saved static routes as default routes Sometimes it is useful to specify some routes statically using the route add command This allows configuring the router for the warm start mode the router starts operation immediately after switching power on when dynamic routing tables have not been built yet Typically these static routes are overridden by dynamic routes built by RIP The present command allows keeping static routes in the routing tables as by default routes even after starting RIP operation when other sources of routing information become available Exporte
205. m relative to current bitrates Mint no colormap option enables disables color indication of the command Node s ID Interface name MAC and name of Network logical number Noise threshold Neighbor node current node Node s type in dbm type 1 gt mint map Interface rf4 0 Node OOOESBG8DA6A Node_4 Id 6345 NetId 0 mesh Freq 5260 Sid 10101010 Bitrate 24000 Noise floor 79 3 active neighbors Id Name Node Cost Sig Bitr R E Optigns 06101 Node_2 O00E9B68D977 51 25 23 24 24 0 0 f mesh Common color 22205 Node_3 000F453813F5 Si 20 9 24 24 0 0 mesh Yellow color Yellow color with OE EN red background 0 active lice sed CPE maximum 2 Total nodes in area 4 Neighbor Neighbor Neighbor Costof Signal level in db Receive Number of Number of node ID node name node MAC routesto abouvethe noise Transmit retries errors neighbor threshold for currant bitrates bitrate From To Color indication of mint map command output e Common color identifies neighbor nodes that have acceptable characteristics of a link to the current node e Yellow color identifies neighbor nodes that potentially may have problems with sustainability and quality of a link to the current node In this case link quality can be improved through the change of certain parameters for example lowering bitrates e Yellow color with red background identifies neighbor nodes that have unsatisfactory chara
206. management and configuration a Unix like command line interface is used Every command is having power right after Enter key is pressed However each command lifetime duration is limited within one configuration session In order to save a current configuration config save command is used Several commands can be grouped in one line using character If a wrong syntax line is met in the group the rest of the string is checked anyway and the wrong command is ignored Command name can be shortened unless the ambiguity occurs If your terminal supports VT100 or ANSI standard you can move around the list of recently executed commands using cursor keys Numbered list of these commands can be reviewed by h command Any command from this list can be available using lt NUMBER gt command TAB key performs substring search of recently executed commands Ctrl R combination refreshes the command string if its content was disturbed by system messages The command executed with no arguments prints a short hint about its keys parameters and syntax Context help can be obtained by printing in any position of the line 2 IP address format Many commands of the operating system require specification of P addresses In OS WANFlex the P addressees may be specified in traditional numeric format Optionally the mask may be specified either by its bit length the specified number of leading bits in the mask are set t
207. manages the whole process The server daemon sniffs the network traffic captures the requested packets and passes them to the client side that process and analyze the captured packets The IW device supports RPCAP protocol and has a built in RPCAP server daemon It can be enabled and configured using the rpcapd command described below Syntax rpcapd user USERNAME key PASSWORD add del change rpcapd port PORT maxconn MAXCONNECTIONS start stop rpcapd buffersize SND_BUFFER_SIZE rpcapd trace notrace rpcapd show s SOURCENAME rpcapd clear Copyright 2004 2012 by InfiNet Wireless 162 InfiNet Wireless WANFleX OS User Manual Description To start stop the RPCAP server daemon use the following command rpcapd port PORT maxconn MAXCONNECTIONS start stop When started without any arguments rpcapd start it sets the default RPCAP port value 2002 and unlimited number of allowed client connections To specify another values port and maxconn parameters are used The following command adds deletes changes a username and password to be used by the client to connect to the RPCAP server rpcapd user USERNAME key PASSWORD add del change When used without specifying the action i e without add del and change the command adds a new user or changes the existing user with the same username If no user is configured in the system the RPCAP
208. matching conditions for the route according to three different parameters destination gateway next hop and interface For every record it is permitted to set a number of different conditions If several conditions are specified they will be conjugated by logical and In match next hop and match address command a filtration object is specified number or name number or name of access list or prefix list name In this case the condition will be satisfied if a corresponding route s parameter belongs to the specified filtering list according to the rule corresponding to the list type In match interface command a network interface name is specified to which a route link belongs If a route matches to all record s rules one can set values for route metric and or metric type for a link which if formed from this router using commands in config route map mode set metric lt 0 4294967295 gt set metric type type 1 type 2 The next step for the record s behavior after all conditions are matched by the route can be configured using one of the following commands on match goto lt 1 65535 gt on match next Configuration example OSPF gt configure OSPF config access list AnyNetwork permit any OSPF config access list net200 permit 192 168 200 0 24 OSPF config route map mapForConnected permit 10 OSPF config route map match address net200 OSPF config route map set metric 7 OSPF config route map route map mapForConnecte
209. mation except that of private networks from the address block 10 0 0 0 8 rip noimport 10 0 0 0 255 0 0 0 rip import all Several networks may be specified on the same command line rip noexport 192 168 9 0 24 192 168 10 0 24 192 168 20 0 24 A route metrics value may be explicitly specified in exporting importing filters rip import 192 168 9 0 24 metric 5 rip export 192 168 9 0 24 metric 7 Furthermore you can specify relative metrics change for a route when it traverses the given node In the following example original metrics values of all routes will be incremented by 2 rip export all metric 2 Example of decrementing metrics values rip import default metric 1 When specifying relative metrics change the resulting value shall never become less than 2 or more than13 Normally a network address specified in a filter defines the correspondent network with all its subnetworks corresponding to longer masks If however a filter needs precise address value the exact keyword shall be used For example the filter rip noimport 10 0 0 0 255 0 0 0 prohibits the import of the 10 0 0 0 network and of any its subnetwork 10 XXX XXX XXX while the filter rip noimport 10 0 0 0 255 0 0 0 exact prohibits the import of the 10 0 0 0 network only the import of the subnetworks is permitted To delete a filter the del keyword is added after specifying the addressing information rip noexport 192 168 9 0 24 del 7
210. max etx up avg uar ava amp max ctx7 up avg uar avg rtt 13 13 7 7 9 0 3 3 1 11 11 7 7 a a a a I 5 0 13 13 7 7 070 3 3 1 11 11 1078 a a a a 1 13 13 3 5 070 1075 1 11 11 13710 a a a a 1 S 1 13 13 16 8 a a 10 6 1 11 11 7 9 a a 7 1 1 5 2 13 13 16 9 070 avs i 11711 13 10 076 ari l 5 1 12 13 13 10 a a 7 5 1 10 11 16 11 a a 071 I 5 3 12713 16 11 070 3 5 1 11 11 19 12 a a Q 1 I 5 5 12713 19712 a a 1075 1 11711 13712 a a 3 1 I 5 3 12713 10711 070 avs I 11 11 10 12 070 Q 1 5 141 12 13 16 12 ara 074 I 11711 13 12 a a 071 I 5 3 12713 10712 070 074 l 11 11 3 11 a a a a I 5 9 12713 16 12 a a 073 1 12712 13 11 a a a a I 5 5 12713 13712 070 7 4 1 11712 13 11 a a 3 1 I 5 2 12713 10712 aa 073 1 12712 7 11 ara a a 1 5 1 12 13 21 12 a a 073 1 12712 16 11 a a a a 15 3 12 13 19 13 070 773 l 12712 13711 a a 3 1 1 5 6 12 13 10 13 2 8 073 1 12712 7 11 070 a a I 5 1 Node7 1 gt Local device statistics Remote device statistics Itest output when using align parameter Unicast test to 000ESE1DFSE1 via rf5 0 with no priority packet size 1024 reply size 1024 align tx antennas local 0 remote 1 rt retries up undelivered packets ua undelivered acks A Hr on local remote est ant amps rt avg up avg ua avg ant amps rt avg up avg ua avg rtt Ano SA ee ee ee ee ee 14 43 00 0 0 6 e e e 44 15 08 0 0 6 e e e 6 6 The difference of this output from the standard one is that ant amps column is used instead of
211. mber of packets that means that you might have an interference source on the selected frequency For normally operating link the percentage of repeated packets should not exceed 10 It is extremely important to obtain a permanent zero value for the average number of repeats per packet If the value is not zero that means that the link is NOT working properly and requires further improvement e f total percentage of repeated packets and the percentage of packets that were repeated at least once are close to each other that might mean that you have got a permanent source of interference Otherwise it means that a strong interference source appears from time to time breaking your signal e Concerning the fact that statistics module outputs the information for each MAC address separately you can reveal the problem for some specific unit on the wireless network The muffer stat command shows the statistics only from registered devices To view statistics type the following command muffer stat To reset all counters please type muffer stat clear Copyright 2004 2012 by InfiNet Wireless 69 InfiNet Wireless WANFleX OS User Manual Spectrum Analyzer mode The Spectrum Analyzer mode is enabled by a muf sensor command and provides deep analysis of radio emission sources In this mode the device scans the radio spectrum on all available frequencies Information is displayed on the screen in a visual digital format To obtain inform
212. meters vlan N any ACL dot1lp N swg N ether X any dscp N tos N prf are classifiers that allows analyzing VLAN ID 802 1p priority switch group number SWitchGroup packet type EtherType and also ip_tos field for having DSCP label value or IP precedence Prf classifier enables filtration of the traffic outgoing from PRF interfaces One can specify several VLAN IDs using ACL list see ACL command description Any option of the vlan and ether classifiers enables the filter to accept all tagged packets regardless of their VLAN ID or packets of any EtherType correspondingly Proto field sets some particular P protocol which is used for the filter Possible values tcp udp icmp arp all or a numeric value of the protocol Optional field modifiers can be used to set up some additional packet parameters which are going to be described below in this document Mandatory key word from separates proto and modifiers fields from the destination address endpoint Key word to separates source address from destination address Endpoint defines either source address or destination address The exact syntax of endpoint fields depends upon proto field value If proto has a value of either all or icmp than endpoint contains the address information If proto is set as udp or tcp than endpoint contains the address information and an optional ports list Address information is an IP address with a mask optional IP address should
213. mission tx are functioning and there were no restarts for them Copyright 2004 2012 by InfiNet Wireless 95 InfiNet Wireless WANFleX OS User Manual jitter buffer shows current state of jitter buffer Immediate buffer filling correspond 7 769 milliseconds delay which deviate from operator set value 8 by 0 231 milliseconds Minimum recorded value of this parameter since statistic clearing is 6 953 ms maximum 8 406 ms packets shows that 39523 CES over WLAN packets were processed altogether total current receiving speed of such packets is 500 packets per second 100 valid means that all 500 expected packets per second were received without mistakes R bit a number of packets having R bit set in check word CESoPSN L bit a number of packets having L bit set in check word CESoPSN late a number of packets which come too late for restoring synchronization lost a number of lost packets out of order a number of packets which were received out of order underrun a number of filling frames which were sent into physical port because jitter buffer was empty overrun a number of discarded packets because of repletion of jitter buffer invalid sequence a number of discarded packets because of considerable ordinal number deviation from expected value duplicate a number of duplicates of received packets malformed a number of packets which size didn t corresponds to expected ces stat delay clear Show
214. mitted for those IP addresses and ranges of IP addresses that are mentioned in permitting accept filters even if those filters are created for other types of packets Packet filtering rules syntax Syntax setpril addpri N accept reject rpfilter pass log vlan N any ACL dotlp N swg N ether X any dscp N tos N prf f pcap filter expression PROTO from not ADDR PORTs to not ADDR PORTs PROTO all tcp udp icmp arp proto NUMBER Description Below is a description of the syntax rules for creating packet filters Most attention is given to the syntax itself but still filter usage questions are described either A generic form of the filter description is given above in the Syntax paragraph Optional field interface defines the name of the network interface to which the filter is going to be applied Interface name depends upon the router model and can be eth0 or rf5 0 for specifying Ethernet interface or radio interface correspondingly If thy interface parameter is set the filter will be applied only to those packets which are received or transmitted through this interface Setpri addpri parameters allow setting increasing priority for a packet when a packet is treated by the filter Setpri parameter is used to change a priority to the value specified in the command If empty value is used setpri a package priority is dropped to the lowest priority Addpri is used to change a pri
215. mmand enables logging of all state changes i e it registers every step the neighboring routers take to establish the adjacency state Authentication I dentity check In order to prevent an unauthorized connection of the routers to OSPF system the system has an identity check for protocol s packets Currently the router has two different options for identity check authentication Password authentication All packets sent to the network should have a corresponding value in a 64 bit OSPF authentication header data field The value is a 64 bit password not encrypted Simple password authentication is vulnerable for passive attacks sniffing because broadcasting is used and the packet has a password in an explicit form Cryptographic authentication For each OSPF packet a key is used while generation and check of message digest signatures which are added to the end of OSPF packet Digital signature is built based on MD5 algorithm Digital signature is based on one way function using OSPF packet and a secret key As a secret key is never send over the network in a clear form this gives a protection from passive attacks By default the router does not have any authentication null authentication Authentication can be configured individually for each interface s link or for the interface including virtual link and or individually for every area to which the router is connected For interfaces authentication parameters are confi
216. mple mint rf5 0 poll start ub 250 Wireless subscriber stations isolation mode Syntax mint IFNAME no replicate ACL This feature allows you to do isolation of wireless subscriber stations from direct exchange of information with each other in switching mode Copyright O 2004 2012 by InfiNet Wireless 39 InfiNet Wireless WANFleX OS User Manual If mint noreplicate option is enabled on the base station then the traffic entering into a wireless network from wired segment of a subscriber station and coming to the base station from this subscriber station won t be transmitted back to the wireless segment by the base station He may return to the wireless segment only through an external wired switchboard connected to the base station The direct exchange is allowed by default mint replicate In addition ACL list of num type may be specified acl add ISOLATE num N1 N2 with a list of switching group s numbers for which you should enable or disable the listed feature for all by default wired segment of a subscriber station Inside a wireless network nodes d This feature applies only to traffic entering a wireless network from the are all accessible to each other at all times Switching to automatic bitrate control mode Syntax mint IFNAME no autobitrate DB Enables disables an automatic speed management mode In autobitrate mode every device controls the connection paramete
217. mple sntp start e stop Stop the process of time synchronization Example sntp stop Parameters The parameters can be set using any sequence with or without the command itself e server Using server parameter you can set the IP address of your NTP server Example sntp server 9 1 1 1 e interval Using interval parameter one can set the time value in seconds defining client s periodicity of NTP server requesting 3600 by default Example console gt sntp interval 5000 e debug This parameter enables disables printing of debugging information packets in the system log of WANFleX OS Example sntp debug on sntp debug off Copyright 2004 2012 by InfiNet Wireless 22 InfiNet Wireless WANFleX OS User Manual 17 Date command Date and time management This command shows or sets the date and time in WANFleX system While setting the date and time not only kernel clock is being changed but hardware clock changes its value either if the device supports this feature Syntax date cclyy mm dd HH MM ss cc Century is added before Year yy Year in abbreviated form i e 89 for 1989 05 for 2005 mm Month in numeric form 1 to 12 dd Day 1 to 31 HH Hour 0 to 23 MM Minute 0 to 59 SS Second 0 to 61 59 plus maximum two leap seconds Example date 200402100530 04 Tue Feb 10 05 30 04 2004 date Tue Feb 10 05 30 10 2004 18 Erp command Emergency Repair Procedure ERP Emergency Repair Proce
218. ms of short packets Burst enabling relates to a radio interface as a whole and means only that you want to use this mode in this device but the BURST protocol can only work for destinations where it is also enabled at the other end and only if MINT protocol is used at both sides Burst enabling does not induce any changes in the work of other devices in the network The BURST protocol reaches its maximal efficiency on high throughput point to point backbone links Some statistics about BURST protocol operation can be viewed by using the muf stat command e shortgi enables the short guard interval mode Using short guard interval allows the device to increase its throughput by reducing the time interval between symbols being transmitted However this may significantly increase the intersymbol interference and thus cause a higher errors rate Copyright 2004 2012 by InfiNet Wireless 31 InfiNet Wireless WANFleX OS User Manual To disable type shortgi Enabled by default e noise XXX sets Noise Floor Threshold for radio interface Measured in decibel By default Noise Floor Threshold is 20 dB Noise Floor Threshold is defined as a positive shift relative to the current level of noise which is measured by a device The unit begins data transmission only when there are no signals in the air that have signal level higher than Noise Floor Threshold See Noise Floor and Noise floor Threshold values with rf I FNAME stat
219. n Syntax dhcpd interface lt INTERFACE gt reservation lt CLIENT_ID gt option lt OPTION NAME gt lt OPTION_VALUE gt where e INTERFACE name of the interface where client s CLIENT ID reservation is created If this interface did not have a reservation for this client this command will automatically create this reservation and will add it to the options set Interfaces reservations are required for specific settings for the client no matter from what scope the client is getting his address lease Interface reservation is different from scope reservation in two parameters e Does not define a fixed P address for the client Thus it takes for the server to dynamically define from which scope and which IP address is to be given to the client e Allows changing client s class If Class 1D option is defined for the interfaces reservation the class will be changed for the option s value when a client from this reservation sends a request It becomes necessary when DHCP client does not send its class Creating interface reservation does not contradict with scope reservation for the same client 3 Scope divisions Syntax dhcpd scope lt SCOPE_NAME gt option lt OPTION NAME gt lt OPTION VALUE gt 4 Interface divisions Syntax dhcpd interface lt INTERFACE gt option lt OPTION NAME gt lt OPTION_VALUE gt 5 Server divisions Syntax dhcpd option lt OPTION_NAME gt lt OPTION_VALUE gt Of course there is
220. n additional security measure it makes sense to block all packets with source address from the loopback network 127 0 0 0 ipfw add rf5 0 reject all from 127 0 0 0 8 to 0 0 Filtering TCP connections TCP IP clients normally use port numbers between 900 and 5000 inclusive leaving port numbers below 900 and above 5000 for servers The following pair of filters will bar access to your servers for any outside clients assuming that all communications between your network and the external world pass through the rf5 0 interface ipfw add rf5 0 accept tcp from 0 0 to 0 0 900 5000 ipfw add rf5 0 reject tcp from 0 0 to 0 0 The first of these filters accepts packets from external sources to ports from 900 to 5000 on the inner network hosts normally assigned to internal clients The second filter rejects all the rest Unfortunately this is not enough Some internal servers may be assigned port numbers within the 900 to 5000 range and the above filter set would allow access to those servers for external clients The problem consists in restricting external access to your servers having such port numbers while leaving them open for internal access One of the possible solutions is to reject any attempt from an external client to establish a TCP connection with an internal server The tcp_connection modifier makes it possible to do ipfw add rf5 0 reject tcp_connection from 0 0 to 0 0 900 5000 Copyright 2004 2012 by InfiNet Wireless 157
221. n and work until the given address is deleted by DHCP server Hereafter some possible scenarios of using different filtering options 1 Flat model All workstations of the client s local network are directly connected to the Ethernet interface of the CU client unit In this case the simpliest filtering may be used possibly with the strict option enabled macf MAC address P address strict 2 If an intermediate router is installed between a client unit and the client s LAN then reverse strict or reverse simple modes may be used with P addresses of all authorized workstations being directly listed in the mapping table while the MAC address is always that of the intermediate router Copyright 2004 2012 by InfiNet Wireless 72 InfiNet Wireless WANFleX OS User Manual 3 If several LANs are connected to the same client unit each through an intermediate router then the simple or reverse strict modes may become the most useful with MAC addresses of all those intermediate routers being listed in the mapping table 8 Sppp command PPP over synchronous links maps El frames ports 0 main 1 sub onto network interfaces ppp0 pppl Syntax sppp v ifname enable disable options Description e ifname name of network interface ppp0 ppp1 e enable disable attach or detach PPP interface to El framer SPPP protocol may work in the following modes e Cisco HDLC e PPP Point to Point Protocol according to RFC 1661
222. n establishment TCP IP packet then the filter is skipped 8 If the ip_option modifier is specified but the packet has no options with possible exception for NO OP or EOL options then the filter is skipped 9 1f the ip_recroute_option modifier is specified but the packet has no related options then the filter is skipped 10 If the ip_misc_option modifier is specified but the packet has no IP options with possible exception for record route timestamp NO OP or EOL options then the filter is skipped 11 If the value in the proto field of the filter is udp or tcp and the source address in the filter contains a port list then if the packet is neither the first nor the only fragment or if the source port in the packet does not match any port specified in the filter then the filter is skipped 12 If the value in the proto field of the filter is udp or tcp and the destination address in the filter contains a port list then if the packet is neither the first nor the only fragment or if the destination port in the packet does not match any port specified in the filter then the filter is skipped 13 Otherwise i e if none of the above conditions has caused skipping the filter then the packet is treated in a way specified by the disp field of the filter Copyright 2004 2012 by InfiNet Wireless 151 InfiNet Wireless WANFleX OS User Manual Special filtering rules for ARP packets B ARP packets will always be per
223. n phase for far end Example sppp ppp0 enable mode ppp proto none Sets ppp mode without authentification In the below example ppp0 interface has authentification mode chap both for near end and far end and ppp interface has not authentification mode for far end sppp ppp0 enable mode ppp proto chap sppp ppp0 myname local mysecret secret sppp ppp0 hisname remote hissecret secret sppp ppp1 enable mode ppp myproto chap hisproto none sppp pppl myname local mysecret secret e no rechallenge Enables disables repeated authentification mode during the operational phase This feature is necessary for some incorrect chap protocol implementations Example sppp ppp0 norechallenge 9 Arp command ARP protocol Implementation of Address Resolution Protocol Syntax arp view IP arp add IP MAC auto proxy arp del IP all proxy arp freeze arp proxyall ACL Description Copyright 2004 2012 by InfiNet Wireless 74 InfiNet Wireless WANFleX OS User Manual in Ethernet it allows to transform IP destination address into its 48 bit Ethernet address for packet forwarding over LAN In common case ARP works automatically making address resolution as it is necessary But there are some cases when ARP tables should be corrected manually and arp command solves this problem The command has several forms arp view IP Displays ARP records for P address Displays all ARP records if address is not specified arp add
224. name Clear statistics for instance default ipstat Available options are collector Paddress port Set collector address agent Paddress Set agent address default 0 0 0 0 maxpacket size Set maximal datagram size default 1500 interval number Set statistics recieve interval in seconds default 5 datagrams number Set datagrams per statistics interval default 100 rawheader on off Sends original ipV4 headers default off debug on off Puts debug output to log default off version v Display Version Description Sflow protocol for monitoring computer networks It is commonly used by Internet Providers to capture traffic data in switched or routed networks Sflowagent command allows configuration of Sflow agent on the device sflow sta rt starts Sflow agent sflow sto p stops Sflow agent sflow wi pel stops Sflow agent and clears its configuration sflow add instance name adds statistics gathering component if name parameter is not specified then ipstat component will be used sflow del instance name deletes statistics gathering component if name parameter is not specified then ipstat component will be used sflow stat name shows statistics for a component if name parameter is not specified then ipstat component will be used Command output Parameter Description Total flow records Number or records delivered from Instance
225. nd then vlan is processed first qm chN clear Cancels the N th logical channel current specification making its number free for another specification qm add out num ifname chN pass rule Specifies one or more rules for accepting incoming packets at the channel N When used with optional parameter out addout it specifies the rules for outgoing packets Rules are specified using the same syntax as in the ipfw command Optional ifname parameter specifies the device s interface through which a packet shall arrive for being accepted at the specified channel All rules specified on a device constitute a numbered list a rule is added at the end of this common list at the moment when it is specified for some channel and then may be moved to another position see below To display the list of all rules with their numbers use the config show command The optional num parameter may be used to explicitly specify the number of the new filter in the list Each packet arriving to the device is checked against the set of rules in the order of their enumeration until a rule is found which the packet satisfies or until the end of the list of rules is encountered Once such a rule is found the packet is directed to the channel corresponding to the rule without checking it against the remaining rules in the list if not using pass parameter Therefore the order of rules is very important for correct dispatching of packets among ch
226. ned data rate limitation making it flexible when the total bandwidth of this service class is not fully used the extra bandwidth may be granted to such channel thus exceeding its predefined data rate limit up to full load of the class When there are several such channels competing for extra bandwidth it is equally divided between them See examples below A Exception on the H02 platform if there are several channels competing for extra bandwidth of their parent class the bandwidth is divided between them proportionally to their respective predefined data rate limits e ceil N determines how much of the total bandwidth of the parent class L can be used by the channel when the class bandwidth is not used entirely Measured either in kilobits per second or per cent ceil N of the parents class total bandwidth To disable the parameter set its value to 0 e ceilprio N sets priority for the channel that is used when interface bandwidth can be used by several channels There are 17 priorities from O the highest to 16 the lowest Default value is O therefore when setting another value it is possible only to lower the priority e latency N determines the maximum time for the packets to stay in the channel If a packet is waiting in a queue of the channel more than this time then it is discarded Measured in milliseconds To disable set the parameter to 0 e pri P Sets priority level of the specified channel 0 16 Sm
227. nfigure the corresponding Roaming Profile on the unit mint rf5 0 profile 1 freq auto mint rf5 0 roaming enable Please refer to the Frequency roaming chapter for detailed description The unit will work on the same frequency as the DFS Master unit Copyright 2004 2012 by InfiNet Wireless 101 InfiNet Wireless WANFleX OS User Manual IV Layer 3 Command Set IP Networking 1 fconfig command interfaces configuration The command is used to set and view the configuration of the unit s network interfaces Syntax ifconfig IFNAME info TEXT up to 72 chars address netmask delete alias up down mtu N linkO link1 link2 media MediaType vlan TAG vlandev FParent ifconfig a MediaType 1000BaseFX fullduplex 1000BaseFX halfduplex 1000BaseTX fullduplex 1000BaseTX halfduplex 100BaseTX fullduplex 100BaseTX halfduplex 10BaseT fullduplex 10BaseT halfduplex auto Description The command allows setting and viewing the configuration of the unit s interfaces specified by their ID numbers The command has the following parameters e IFNAME specifies the name of an interface to see all the unit s interface names the ifconfig a or netstat i commands may be executed e info allows adding a text note of up to 72 characters to the interface configuration e address specifies the P address assigned to the interface May be specified as o P ad
228. ng radio channel It allows Real time monitoring of signal levels retries and errors in the radio link thus making it possible to increase the quality of the link by antenna re alignment device re location or upgrade of the wireless system Radio link throughput testing Syntax Itest IFNAME target r rate reply_rate s packet_sizel reply_sizel default size 1024 max 1794 b send as broadcast p priority set priority 0 to 16 a I r m enable audiomonitor local amp r remote amp m min local remote amp auto 1 r m like a but run in background and autostart on boot align L R MIMO antenna alignment mode L R local remote tx antenna 0 1 or V H Copyright 2004 2012 by InfiNet Wireless 61 InfiNet Wireless WANFleX OS User Manual evm display Error Vector Magnitude tu seconds unidirectional throughput test tb seconds bidirectional throughput test load N m k limit throughput to N m Mbps k Kbps mint do throughput test through MINT Itest key PASSWORD Itest stop noauto stop all running tests noauto cancel test on boot Itest disable enable disable enable Itest Description FNAME radio interface on which testing will be performed target MAC address of a target device on the other side of a tested radio link r rate reply_rate sets bitrates for transmitting test packets from the l
229. ngs listed above no timers basic Router configuration view To review RIP configuration there are several commands in the basic mode of CS show access list This command shows information about access lists show memory This command shows information about memory usage show rip This command shows current RIP configuration Viewing Information about timers filters version interfaces on which RIP is enabled show route This command lists route table 6 Rip command RI P 1 and RI P 2 configuration The command is used to configure the router for using RIP 1 and RIP 2 protocols Syntax rip IFNAME v1 v2 in Jout vlin vlout v2in v2out ag subag rip IFNAME peer ADDR MASK MASKLEN del rip static NET MASK GATEWAY Export import filters Copyright O 2004 2012 by InfiNet Wireless 123 InfiNet Wireless WANFleX OS User Manual rip INTERFACE noJexport nolimport NET MASK MASKLEN exact all default metric N pref N rip INTERFACE no export noJimport NET MASK MASKLEN del The routing module supports two versions of the Routing Information Protocol RIP 1 and RIP 2 The rip command is used to set up the module for using these routing protocols Description rip start rip stop rip restart Starts terminates restarts operation in RIP mode To save the current state of the routing module in the flash memory use the config save command rip f
230. nnnncnononnnoninnnnannnnns 23 19 AAA access control using RADIUS server ccceceecseceeeceeeeeeeeeeeseeeeeeeeeeseeeeeaeeetsneeeeneeeeed 25 20 icense ea a ant 26 DV NN 26 22 MAMA A ARNO A A TA ASAAN 27 23s CO O ae 27 III LAYER 2 COMMANDS SET PHY AND MAC ccccccccccsssnssseeeeeeeeeeennnnsseeeeeeeeeeeonanas 29 1 Rfconfig command Radio interface configuration cccccseeeceeeeeceeeeeeeeeeesueeesueetsneeeeneess 29 2 MINT mint command scion vives aa isis 35 General Desc A acc nea a AAA 35 General commands description cece ee eee eer eran nee ered aerate ana eeeee ana eeeetaga 37 JOINING Nena ces cit a ad See lav eee EA A Penta Shae aaa eh ee 45 PSeudoiradio Interracial A a tied Steed ead and et 46 Nodes authentication cciaceneea eee E eee be a eee 47 Automatic over the air firmware UPQrade ccc ttrt ttnt rttr EEEE E EEEE EEEE EEEE 49 Copyright 2004 2012 by InfiNet Wireless InfiNet Wireless Do E E 10 11 12 13 SU nse Oe a ee Over the air encryption id ela eee 50 Learning the network N iGhbOIs cece ee eee ee ean e arena neat e ana eeeetaaa 51 Continuous signal levels MONItOFING ce eee eerie erie 54 Frequency FOAMING ierann sed dare AAA ARE an 54 Remote command management cc ieee eeeer ead 56 Trace CAM ave ee Aes A A GN a A 57 On Demand ROUTING pa ee seed Hedonic titi 57 Upgrading current RMA network to MINT
231. no nnrorcn nn narcnnnnnos 127 Getting Started stands a A A A AAE 127 Command language Basic principles eee narnnnnn nn 128 Start Stop of OS Esa A A A A 130 Route den tii oe Maa neds 130 A a do a 131 Link state advertisement inermis nonnina Dent biene ea ene 132 E ee 136 OSPF SSA casaca arista ARA A AAA 136 Adjacency Neira a ii 139 Authentication Ldentity Check das 141 Router running Configuration VIEW ooocoooococccnnncoocnnnnnconnnnnnconnnnonnnnnnnnnnnnrnnnonanrnnnnnncannnnns 142 Netstat command Network statistics ooooccocincnncnnccnnonanonaconinano ron anoronoronacnronanorananon 147 Ipfw command IP Firewall c ccccccccseccceseeeeeeeceeeeeeeeeeeeeeeeeeeeeeeeesesseseesneeeeaeeetsnsetsaegss 148 Generaldescriptio ieena sinana a al 148 Packet filtering rules a 150 Packet filtering rules Maxicine Nees 152 Examples of packets filteridg ooooooononicnnconoccnnnonorncnnnnnarnnnnn nr rnnnn non A Aa AAA 155 Loadm command load Meter o oo occoccnccnnccnannninano nan ann non ononanono nano ro ttnan errun unnur nacnrananon 160 Bpf command Berkeley Packet Filter oooccooccincccccncoconoccnnnornnonaconononononcnnnrononarcnnnoos 161 RPCAP Remote Packet Capture cccccececeseeccseseeeeeeeeeesesseeeeeeeseesneeeeaeeeesnseeeneeenseeetsges 162 Snmpd command SNMP dae Mon cccccsececceeeceeeeeeseeeeeeeeeeseeeeeneeeeseeeesaeeeeeesetsaseesaees 163 Td command Telnet daemons ii A vat veda ve
232. ntax mint IFNAME trace MAC Trace command allows viewing information about node by its MAC address its status ID name cost number of hops This command also shows information about cost optimal pass to the node at the current time gt mint rf4 0 trace 000435003745 Interface rf4 0 node 001794C2F434 BD6_4 0 id 60 master Information about node Node 000435003745 info with Mac 0004350037AB Status node ID 149 Name TFP14 9 2 4g PRF Cost 185 Hops 6 Backtrace route path 00149 0004350037AB Cost 185 Zone 00141 000435FF90A8 Cost 182 Zone 00131 000435FFAF12 Cost 92 Zone Pass to the node 00139 000435002876 Cost 89 Zone 00059 000435007BAB Cost 83 Zone 00051 00179AC2F4EF Cost 80 Zone TFP14 9 2 4g PRF TPF14 1 2 4g MNG13 1 2 4g mon MG13 9 2 4g PRF MGS PRF MGS 4 1 rl ENURBA Next hop OO1L79AC2F4EF MG5_4 1 On Demand Routing On Demand Routing ODR protocol is a structure of the MINT protocol It provides dynamic routing capabilities in stub networks without the use of any routing protocol The main advantage of using ODR is the increase in the available bandwidth of your network by eliminating the service traffic of a separate routing protocol whilst still maintaining dynamic routing functionality The ODR protocol propagates IP prefixes on the Layer 2 using the MINT protocol ODR is applicable only for stub networks of the hub and spoke topology when all nodes s
233. nterface configuration Any node of the network can be set up as a roaming leader Roaming leader will define required radio frequency parameters of the wireless network Roaming leader also works with a fixed radio interface parameters however its radio parameters configuration is transmitted over the network in special packets so every node of the network knows whether it is connected to the roaming leader or to the network that has a roaming leader If the network has several roaming leaders their parameters should be identical Roaming leader also supports DFS and Radar Detection features if a special license is installed for selected countries Other network nodes can use roaming in order to search for the roaming leader or the network having a roaming leader roaming enable The search is implemented by switching between different sets of radio parameters that are defined in profiles Each profile contains a fixed set of radio interface parameters which are set on each iteration of the search Heuristic search algorithm can quickly evaluate general air media parameters and chooses the profile which defines the most suitable network The multiBS option enables the slave node to constantly check the link quality and try to find another BS if the quality become worse When the option is disabled then if the link breaks the node will firstly try to reconnect to the same BS regardless of the link quality Profile parameters e freq
234. nterface of the router by using the dhcp IFNAME option For example nat local_acl NAT dhcp eth0 You can also use exclude DSTACL option to specify a list destination P addresses networks to be excluded from NAT In order to enable disable delete a record for the private network in the configuration use the corresponding parameters from the command syntax For example nat local_acl NAT delete nat maxlinks NUM This command set the maximum number of supported connections 1000 by default The system automatically observes all the connections and dynamically destroys all unnecessary connections according to their type and time of activity However when using different network scanners there is a possibility that current number of connections will increase enormously or until there is a free space in the RAM Using this command one can avoid this situation to happen In the case when the number of current connection exceeds the threshold set the system will put the warning into the system log and restrict new connection establishment until the situation becomes stable When connections number will decrease the corresponding message will be put into the system log and a normal work will be resumed Generally it is enough to run NAT nat enable This command enables NAT module to start NAT according to specified rules Example ifconfig null0 123 1 1 1 32 up rip start to start dynamic routing for public IP acl add NAT
235. o STOP This column displays the reason of the problem Possible reasons are o Configuration conflict This situation occurs if different VR s with the same interface have the crossovering P addresses lists o IP Address list is empty no P addresses are specified o Interface has no primary IP address interface does not have primary IP address or it has been deleted o Interface is down interface that VR is built on is in the down state Copyright 2004 2012 by InfiNet Wireless 201 InfiNet Wireless WANFleX OS User Manual V Other commands 1 Ctl command The command enables managing the unit s built in heater optional Syntax ctl heater threshold on off no log threshold heater enable temperature 15 1 Description The InfiNet Wireless units can be supplied with a built in heater to enable their operation in very low temperatures and arctic conditions Such units also has a built in sensor for the inside temperature Ctl command executed with no additional parameters shows the current temperature inside the unit in Celsius Ctl heater threshold command sets a threshold for the temperature under which the built in heater is turned on The range of the threshold temperature varies between 15 and 1 degrees Celsius For example ctl heater threshold 10 Ctl heater on off command turns on or off the heater ctl heater on Log option enables registering heater operati
236. o 1 the remaining bits are reset to 0 or numeric value The IP address 0 0 denotes all possible P addresses Therefore the possible formats to specify P addresses are nn nn nn nn no mask is used nn nn nn nn N N is the bit length of the mask nn nn nn nn XXx XXX XXX XXX XXX XXX XXX XXX iS the numerical value of the mask Example The 192 168 9 0 24 address describes the network address 192 168 9 0 and the mask with leading 24 bits on The same set of addresses may be denoted as 192 168 9 0 255 255 255 0 Copyright 2004 2012 by InfiNet Wireless 4 InfiNet Wireless WANFleX OS User Manual II General Purpose Command Set 1 Help command The command displays system commands information Syntax help Description This command displays the list of all the device s commands It is executed automatically if the user types an unknown command 2 System command The command is used to review and update system parameters Syntax system arguments Command arguments e system name system_name Assigns new user name specified by system_name parameter If the parameter is not specified the current system name will be displayed Example system name revolution e system location string_describing_system_location Optional character string describes the system location used in SNMP protocol Example sys location On the Carlson s rooftop e system user lt user name gt Assigns a name under which the
237. o get into config if mode for the particular interface the following command is used interface FNAME Example OSPF gt configure OSPF config interface ethO OSPF config if cost 4 192 168 15 1 OSPF config if In cost command an P address is specified which is assigned to the interface in a subnet which is connected to this subnet If this parameter is not specified every link for this interface will have a specified cost metric regardless from the destination subnet OSPF system areas OSPF protocol has an ability to join adjacent networks and hosts into special groups This group along with a router that has a link to one any of the networks included into the group is called an area In each area an independent copy of OSPF is functioning That means that each area has its own database and a corresponding graph A router that is configured to advertise only internal links is called an internal router IR A router connected to networks in more that one area is called area border router ABR A router that advertises its link to external destinations redistribute command is called AS Boundary Router ASBR Copyright 2004 2012 by InfiNet Wireless 136 InfiNet Wireless WANFleX OS User Manual Each area is assigned a unique identifier area id An area with area id equal to zero is called a backbone of OSPF system OSPF backbone area always includes all ABR Backbone area is responsible for routing informati
238. o parameter auto XX Auto mode is recommended e When exact device s geographical coordinates are known e g using GPS you can specify their values in the sys gpsxy command and set the distance parameter as auto on all devices including the Base Station In this case devices will automatically adjust their settings selecting an optimal value for the distance parameter Base Station will calculate the distance to the remotest subscriber and each subscriber will calculate the distance to the Base Station If the subscriber has the link coordinates information it will use this information otherwise it will use the distance parameter value got from the Base Station If the distance parameter is set to 0 radio module will use default settings e txrt XXX this parameter sets the maximum number of repeat requests transmit retries to be done when sending unicast packets 15 by default e txvrt XXX this parameter sets the maximum number of repeat requests for data packets excluding voice packets in voice mode 5 by default The maximum allowed value is 64 Voice mode is turned on automatically when VolP traffic appears e burst enables the BURST protocol burst disables the BURST protocol support Enabled by default The BURST protocol consists in grouping several short packets with the same destination address on a radio link into larger packets thus cardinally decreasing the response time for applications generating strea
239. ocal device and toward it This parameter is optional There are two situations when this parameters are not configured o Local device is tested with its neighboring node i e we can view remote device and tx rx bitrate values for it in a mint map command output In this case tx rx bitrate values from mint map command output are taken for rate and reply rate parameters o Local device doesn t consider remote device as a neighboring node In this case rate and reply rate parameters will be equal to minimal possible bitrate of the local device for current bandwidth for example 13 Mbps for 20 MHz bandwidth 6 5Mbps for 10 MHz 3 25 Mbps for 5 MHz S packet_size reply_size establishes test packet size from the local device and toward it Test packet size by default is 1024 bytes Maximal possible test packet size is 1810 bytes b transmitting broadcast test packets a I r m enabling sound indication mode AudioMonitor AudioMonitor is intended to be used while preliminary link establishing and antenna alignment procedure in order to obtain the maximum signal level from the remote side When having AudioMonitor plugged into the console port of the device with headphones plugged in the sound signals will be sent to the headphones The AudioMonitor or the console cable must be plugged in when the device is powered off No return packets state on the testing device input no link with described testing mode turned on is
240. ols which parameters should be identical for the neighbors These parameters are B hello interval B dead interval By default hello interval equals 10 seconds dead interval equals 40 seconds To modify these parameters for any network interface use the following commands in config if mode dead interval lt 1 65535 gt A B C D hello interval lt 1 65535 gt A B C D The value of the parameter is specified in seconds IP address defines P address of a specific link if you need to configure this particular link optional parameter If this IP address is not specified the parameter will be applied to the network interface Note that in order to creating adjacency relationship between two routers these parameters should be equal One of the routers connected to the network is automatically selected to be a designated router DR judging by three parameters If a link priority is specified Copyright 2004 2012 by InfiNet Wireless 139 InfiNet Wireless WANFleX OS User Manual for the router it acts as a major criterion for DR selection If priority is not set only router id and IP address affect the selection To set up router s priority for the interface one can using the following command in config if mode priority lt 0 255 gt A B C D Alike previously mentioned parameters the priority can be set either to every link on the interface individually or to the interface as a whole The bigger the priority t
241. om VR list Syntax vrrp IFNAME VRID delete IPADDRESS Command deletes specified IP address from VR list Copyright 2004 2012 by InfiNet Wireless 199 InfiNet Wireless WANFleX OS User Manual Deleting VR P addresses list Syntax vrrp IFNAME VRID flush Command deletes all P addresses from VR list Example vrrp eth0 10 flush VRRP authorization According to RFC 2338 VRRP server supports two authorization modes 1 Simple text password 2 1P Authentication Header Enabling these authorization schemes can be done using the following commands vrrp IFNAME VRID password PASSWORD vrrp IFNAME VRID key PASSWORD Experience shows that neither of two VRRP authorization methods can provide absolute VR security This fact was described in the later RFC 3768 version 10 Security Considerations VRRP does not currently include any type of authentication Earlier versions of the VRRP specification included several types of authentication ranging from none to strong Operational experience and further analysis determined that these did not provide any real measure of security Due to the nature of the VRRP protocol even if VRRP messages are cryptographically protected it does not prevent hostile routers from behaving as if they are a VRRP master creating multiple masters Authentication of VRRP messages could have prevented a hostile router from causing all properly functioning routers from going into backup
242. om tech support 6 Reboot device a again 7 ERP utility will reset login password and configuration on device a to default use any characters as default login and password 8 Login to device a with any non blank username and password and issue the following command config save 9 Login device a with a serial number as a user name and a new password that was received from tech support To change IP address on Ethernet interface of a device a from device b without login to device a erp serial lt SERIAL gt ip lt address gt mask lt mask gt ifup 19 AAA access control using RADI US server AAA module allows access control configuration on the device using remote RADIUS server Syntax aaa options command where commands are start start service stop stop service where options are auth ipl port secret identifier RADIUS server parameters address Server IP Address secret shared secret identifier NAS Identifier this option can be repeated remove ipl port Remove RADIUS server debug on off on off debug output Description AAA start stop commands enables disables AAA module operation Options e auth ip port secret identifier sets parameters to access remote RADIUS server where ip port IP address and port of a RADIUS server secret password to access the server identifier NAS Network Access Server ID e rem
243. on authentication mode md5 authentication key chain LINE where LINE name of the secret MD5 key To configure the key which name is specified in LINE parameter use command in config mode RIP config key chain WORD RIP config keychain key lt 0 2147483647 gt RI P config keychain key key string LINE where WORD key chain name lt 0 2147483647 gt key ID LINE secret md5 key Copyright 2004 2012 by InfiNet Wireless 122 InfiNet Wireless WANFleX OS User Manual Timers configuration RIP protocol has several timers User can configure those timers values by timer s basic command The default settings for the timers are as follows The update timer is 30 seconds Every update timer seconds the RIP process is awakened to send an unsolicited Response message containing the complete routing table to all neighboring RIP routers The timeout timer is 180 seconds Upon expiration of the timeout the route is no longer valid however it is retained in the routing table for a short time so that neighbors can be notified that the route has been dropped The garbage collect timer is 120 seconds Upon expiration of the garbagecollection timer the route is finally removed from the routing table The following command in config router mode allows the the default values of the timers listed above to be changed timers basic update timeout garbage The no timers basic command will reset the timers to the default setti
244. on distribution between other non backbone areas Backbone area should be contiguous but it does not always imply a physical adjacency backbone connections can be organized using virtual connections ABR models OSPF router supports four models of ABR 1 cisco a router will be considered as ABR if it has several configured links to the networks in different areas one of which is a backbone area Moreover the link to the backbone area should be active working 2 ibm identical to cisco model but in this case a backbone area link may not be active 3 standard a router has several active links to different areas 4 shortcut identical to standard but in this model a router is allowed to use a topology of connected areas without involving a backbone area for inter area connections Details on cisco and ibm models differences can be found in RFC3509 A shortcut model allows ABR to create routes between areas based on the topology of the areas connected to this router but not using a backbone area in case if non backbone route will be cheaper ABR model is selected using the following command in config router mode abr type cisco ibm shortcut standard If you want to use shortcut routes non backbone for inter area routes you can use the following command in config router mode area A B C D lt 0 4294967295 gt shortcut default enable disable Three models define a usage of a specified area for routes
245. on events for the sensor in the system log To disable logging a nolog option is used Copyright 2004 2012 by InfiNet Wireless 202
246. on settings area A B C D lt 0 4294967295 gt virtual link A B C D authentication message digest null Authentication type can be specified for the whole area to which a network belongs and a link by means of which OSPF packets are received If authentication is turned on for both interface and the area the interface authentication type will be used In order to configure authentication type if it was disabled for interface link one can configure authentication type for the area using a command in config router mode area A B C D lt 0 4294967295 gt authentication message digest If message digest option is not specified simple password authentication will be enabled for the area As was mentioned before area authentication type is applied only if interface s authentication was totally disabled However interface s authentication parameters will be used To turn on area authentication use the following command in config router mode no area A B C D lt 0 4294967295 gt authentication Router running configuration view To review current running configuration of the router there are several commands in the basic mode of CS In any mode of CS there is a command show running config This command shows a current router s configuration The configuration is shown as list of commands which brought the router to its current state Example OSPF gt show running config Current configuration inte
247. ones The local tag parameter is also called a Management VLAN as it makes the device access and configuration possible only via the defined VLAN This command switch keeptag on allows keeping the tag for the packets destined to the device itself and received via the wired interface eth Off by default switch strict admin on off By default the device in switch mode process the packets that is destined to it itself regardless of the switch group they belong to switch strict admin off However by using switch strict admin on command one can force the device to accept such packets when they come in the admin group only Copyright 2004 2012 by InfiNet Wireless 90 InfiNet Wireless WANFleX OS User Manual switch igmp snooping dump detail This command allows to see a list of IGMP hosts which are subscribed on Internet Protocol multicast group Switch igmp snooping dump command output Interface on which Multicast Router is discovered IGMP group mode ExtInf 2 gt switch igmp snooping dump Mcast Routers If eth0 MCAST Group Gatewa Last Reporter Mode Age 239 255 0 128 If rf5 Mac 000435108379 91 191 225 118 EXCLUDE it AN If 5 8 Mac 000435108379 _917191 225 118 EXCLUDE 16 icast i i Multicas Gateway to which Clients P address from Time spent from the address Multicast packets the last IGMP Report last IGMP Report are sending Parameter detail allows
248. ority only in case it is higher than the previous one Note the smaller is the value the higher is the priority So you can only increase priority using addpri parameter Disp field abbreviated from disposition sets an action which is going to be held in case of this filter operation Possible values are accept or reject If accept value is set the packet will go through the filter Using reject value means that the packet will be filtered After the action value one can set an optional parameter log accept log or reject log this will lead to the system log update in case of the filter operation Module ipfw added with filter rpfilter reverse path filter This filter ensures that the sender of the package is accessible via the interface through which package it received in the system If the filter fails the packet processing continues if not fails the packet is destroyed This filter can be inserted into the list of rules first ipfw add rpfilter all from 0 0 to 0 0 One more possible value for disp field is pass This value allows a packet to pass a rule executing the related actions of this rule and continue with other rules in the list Example ipfw add pass log tcp from 0 0 to 0 0 Copyright 2004 2012 by InfiNet Wireless 152 InfiNet Wireless WANFleX OS User Manual When a packet will face this rule it will continue moving further with other rules Information about the packet will be logged Para
249. ormally this address must be assigned to any physical interface of the router Infinet router has at least two physical interfaces Ethernet eth and radio rf Usually the system is linked to ISP s backbone networks via radio interface and ISP s backbone is built using private internets So what is the physical interface to assign the public IP It may be assigned using alias name to any physical interfaces or to virtual interface null0 ifconfig null0 123 1 1 1 32 up More than that sometimes one can avoid public IP assignment to physical interfaces at all The procedure goal is to provide public IP accessibility from Internet But this may be done using static routing All packets routed to this public address will get into your LAN Link with the physical interfaces is not necessary NAT module will perform conversion before packet forwarding enough packets entering into the router If the provider gave you a small block of address e g 123 1 1 0 30 you can assign the whole block on nullO e g ifconfig null0 123 1 1 0 30 and use these addresses For example in this case you can use the first address 123 1 1 0 as an alias_address and the rest for the packets redirection on the local machines using nat redirect_xxx see below or for other public addresses for other private networks NAT module is designed in such a way so the original source and destination addresses are used this is important when creating firewall ru
250. ot enough to provide the needed security level InfiNet Wireless devices have several built in SSH authentication methods that are managed by sshd pubkey and sshd auth methods commands Sshd pubkey command allows enabling public key based authentification of SSH Clients In the Public key authentication mode SSH Server authorize SSH Client bypassing password login procedure This mode is enabled automatically once a public key of the SSH Client is cached in SSH Server s registry To upload SSH Client s public key into the SSH Server registry from a remote FTP server use the following command sshd pubkey import LOGI N PASSWORD HOST FILE COMMENT Where HOST is an IP address of the remote FTP server and FILE is a file containing SSH Client s RSA DSS public key in OpenSSH or SSH2 format If login and password are set on the remote FTP server they should be specified as LOGIN and PASSWORD parameters in the command syntax COMMENT parameter allows adding a comment to the public key entry in the SSH Server list of clients public keys By default a comment with clients IP address or FTP P address from where the key was obtained is added The other way to cash SSH Client s public key in the SSH Server registry is to perform a password authentification of the SSH Client and then type the following command on the SSH Server sshd pubkey install COMMENT By doing this SSH Server will save
251. ove ip port removes information about a RADIUS server from the configuration of the unit Copyright 2004 2012 by InfiNet Wireless 25 InfiNet Wireless WANFleX OS User Manual e debug on off enables disables AAA module service information system log Whenever the debug mode is activated on a device that uses AAA access authentication via the remote RADIUS server the authentication debug info is displayed on the local console to verify the settings The output has the following parameters Parameter Description Request id Internal unique id of the request Type Request type i e AccessRequest UserName The user name sent to the RADIUS server UserPass The password sent to the RADIUS server 20 License 21 Dport This command manages operations with a license file on the device Syntax license options options are install lt url gt install new license export lt url gt export current license to external server Show show license info lt url gt ftp login password host file Description Install option uploads license file into the device from a remote server using FTP Export option downloads license file from the device to a remote server using FTP Show option displays license information on the screen File name is the name of the file containing the information transferred The file name shall be specified in full in the format of the remote
252. ows for visually inspecting statistics collection process in real time Detail option switch on detailed ip statistics gathering including ports and protocols information Bytes total_bytes option sort ipstat output according to the number of transmittered bytes in the moment bytes transmitted for the whole period This is the script for the reliable device statistics receiving with rsh command usage usr bin perl w for my Sstat do Ssitarc system esm e 30 m l zot A AE ipa fixit dev null if int stat 0 sleep 5 while ime stat 0 do Sete syscem esm e 30 m l zot IWR IP ipe izge gt Sitelt o amo y if int stat 0 sleep 5 while int stat 0 do Sstat system rsh t 30 n L root IWR_IP ips fixclear gt dev null if int stat 0 sleep 5 while int S stat 0 systen Uest stat uns gt Si al yde Y A sleep 300 14 Sflowagent Sflow Agent Sflow Agent is a realization of a standard Sflow protocol agent Syntax Copyright O 2004 2012 by InfiNet Wireless 18 InfiNet Wireless WANFleX OS User Manual Available commands are sta rt Start Sflow agent sto p Stop Sflow agent wi pe Stop Sflow agent and clean all configuration add instance name Add instance default ipstat del instance name Delete instance default ipstat stat name Show statistics for instance default ipstat cl earstat
253. pe are advertised as external type links with metric type 1 or 2 External Typel 2 Information about external links is spread all over OSPF domain not only in the area Stub areas are an exception to which the information about external links is advertised as default gateway through the area border router ABR of the area Two types of metric differ in a way that metric type 1 is a metric which is commensurable with inner OSPF links When calculating a metric to the external destination the full path metric is calculated as a sum of a path metric of a router which had advertised this link plus the link metric Thus a route with the least summary metric will be selected If external link is advertised with metric type 2 the path is selected which lies through the router which advertised this link with the least metric despite of the fact that internal path to this router is longer with more cost However if two routers advertised an external link and with metric type 2 the preference is given to the path which lies through the router with a shorter internal path If two different routers advertised two links to the same external destimation but with different metric type metric type 1 is preferred WORD access list identifier to which destination of system routing table should respond Value and type of a metric for external links can be defined in route map In this case a type and value of a metric can be defined depending on route p
254. pokes are connected only to a hub node An example of the hub and spoke network is a simple Point to Multipoint network where each subscriber station has the only wireless connection to the Base Station To set a unit as a hub the following command is used mint IFNAME odr hub To set a unit as a spoke mint IFNAME odr spoke connected ACL kernel ACL Where connected option allows announcing P addresses networks set on the spoke s own interfaces Kernel option allows announcing static routes set with the route add command Also one can specify a list of P addresses and networks in the command using Access Control List ACL Please see the Access Control List description in the corresponding chapter of this manual To show the current state of the protocol and established connections the following command is used mint FNAME odr show Copyright 2004 2012 by InfiNet Wireless 57 InfiNet Wireless WANFleX OS User Manual To disable the on demand routing on the unit the following command is used mint FNAME odr disable Upgrading current RMA network to MINT Attention t is recommended to study MINT technology features and test your basic configuration skills on the test devices before complying this instruction It is also recommended to consider principles of new network building in advance wil it be mesh or point to multipoint network how and what routing will be used
255. r remote_port_range This command redirects incoming packets for specified port to other address and other port Argument proto may be tcp udp ras or cs In case of ras and cs address modification is performed according to H 323 local_ addr local_ port_range P address and port of the local host which the traffic will be redirected to public_addr public_port_range public IP address and port of the device The port ranges local_ port_range and public_port_range should be of the same size If you are using several pairs of public address private network it is recommended to specify the exact public address Parameters remote_addr and remote_port_range may be specified for more exact definition of incoming packets packets only from specified source and port will be allowed If remote_port_range is not specified then its range should coincide with range of public_port_range nat redirect_port tcp 192 168 1 5 23 7777 Copyright 2004 2012 by InfiNet Wireless 168 InfiNet Wireless WANFleX OS User Manual In this example all incoming tcp connections to port 7777 will be redirected to host 192 168 1 5 port 23 telnet nat redirect_port tcp 192 168 1 4 2300 2399 123 1 1 2 3300 3399 All incoming tcp packets with public_port_range 3300 3399 and destination address 123 1 1 2 will be redirected to 192 168 1 4 Port mapping is 1 to 1 i e 3300 gt 2300 3301 gt 2301 For example RC server is running on client
256. r in the list ipfw del num Removes a filter from the appropriate list The filter to be removed is specified by its number num which can be seen using the ipfw list command ipfw mov num1 num2 Changes the filter s number in the list from num1 to num2 ipfw rearrange N Renumbers all the filter rules with the given increment default is 5 ipfw quiet The ipfw quiet command disables registration of rejected packets Registration is enabled by default and re enabled by ipfw quiet command Packet filtering rules Hereafter we give detailed description of how packets are treated by packet filters Every packet entering a router passes through a set of input filters or blocking filters Packets accepted by the input filter set are further processed by the IP layer of the router kernel If the IP layer determines that the packet should go further and not landing here it hands the packet to the set of outgoing filters or forwarding filters Copyright 2004 2012 by InfiNet Wireless 150 InfiNet Wireless WANFleX OS User Manual Information on packets rejected by any filter is displayed on the operator s terminal and the packets themselves are discarded without any notice to their sender A packet advancing through a set of filters is checked by every filter in the set from the first one till the end of the set or until the first matching filter The algorithm is as follows 1 1f the filter set is empty the packet is
257. r is within the 900 to 5000 interval including both extreme values or is equal to 25 smtp or 113 ident All the subnetworks of the inner network including the inner host address belong to the same network or group of network Suppose that we know for certain that there may not be any host in the outer network having an address within the inner network s address range Therefore any packet received from the rf5 0 interface of a router running ipfirewall hence from the outer network but having the source address within the inner network s address range must be discarded It is done by the following command ipfw add rf5 0 reject all from innerhost 16 to 0 0 Unlike the filters in the previous examples this filter will be applied to packets arriving through the rf5 0 interface only Packets arriving through any other interface will not be discarded in this example the inner network is supposed to be of the B class As an additional measure it may be useful to reject packets having a source address from within the loopback network 127 0 0 0 ipfw add rf5 0 reject all from 127 0 0 0 8 to 0 0 IP spoofing has been widely used in the Internet as an aggression method For additional information see CERT summary CS 95 01 and also summaries on the CERT WWW site It is important to consider that a malefactor may use IP spoofing for breaking in your network despite an obvious fact that he will never receive any reply See e g CER
258. r priority queue For example 4 package from queue with priority 1 1 package from the queue with priority 2 8 packages from queue priority 1 1 package from the queue with priority 3 QM_PRIO_BUSINESS8 0 BE Best Effort no priority 1 BK Background no priority 2 Spare QM_PRIO_BUSINESS1 3 EE Excellent Effort QM_PRIO_QOS3 4 CL Controlled Load QM_PRIO_VIDEO 5 VI Video QM_PRIO_VOICE 6 VO Voice QM_PRIO_NETCRIT 7 NC Network Control For example the unit is configured automatically prioritize packets labeled with IEEE 802 1p priority The node receives a package labeled with IEEE 802 1p priority 6 VO Voice The node will assign him QM_PRIO_ VOICE priority and in accordance with the priorities scheme this package will be processed before packets with other priorities Attention Real prioritization within MINT network is conducted by priority given by the option pri N DSCP label is transparently transmitted through MINT in any of its modes 802 1p priority is transparently transmitted only in switch MINT mode If necessary when leaving MINT network dotlp and dscp parameters can be assigned by the operator QoS Manager allows enough flexibility for prioritizing and remapping traffic see examples below Examples qm ch1 max 64 qm add eth0 ch1 all from 0 0 to 0 0 When used on a client unit sets the data rate for outgoing traffic at 64 Kbit s limit qm ch1 pri 5 qm add ch1 all from 1 1 1 0 24
259. ral Description Copyright O 2004 2012 by InfiNet Wireless 104 InfiNet Wireless WANFleX OS User Manual Tunnels are used to merge two remote and physically not connected networks into one logical structure Tunnels are widely used to create corporate networks or the so called virtual private networks VPN several remote offices connected to the network through the same or different providers are connected to the company headquarters or to each other by tunnels thus forming one corporate structure Common IP address space and registration accounting policy can be used throughout the whole VPN based corporate network independently of network provider s used Tunnels also solve the problem of using common transport media in a public network so that different clients could be provided with services by several providers It means that a client can be connected by a tunnel to a specific provider to be serviced by that provider irrespective of the client s connection point to a common transport network a There are several approaches to build tunnels One of these IP into IP Encapsulation described in RFC 2003 is implemented in OS WANFleX This technology is used for example in Cisco Systems routers and is a subset of the IPSEC protocol supported by several operating systems Within this approach tunnels are implemented as point to point P2P links between two endpoint routers The whole data stream through such a link
260. ransmitted via the network By default this regime is disabled When subag option is enabled the routing module tries to assemble aggregate in a bigger block several blocks of routing information pertaining to different small subnetworks and arriving from different sources to the same router interface When ag option is enabled the same is done for class C natural networks Aggregation is extremely useful in routing nodes located between two independent parts of your network or at the border with an external network For example a client s router on the border between the client s LAN and a provider network can use aggregation if the client has been assigned a whole IP address block for his sub networks You should be careful with the route aggregation For example it is A better to avoid using it in ring networks where not all of the hosts support this mode or static routing is used on some of them In this case it may happen that one group of sub networks will appear aggregated in one routing path and separated in another Naturally when choosing the route the most specific one with the longest mask will be used that could be undesirable rip static NET MASK GATEWAY metric XX This command is eliminated starting from 3 31 version One must use route add command instead All rip static commands that exist in the configuration are automatically transformed to route add commands Export import filters Enabling expo
261. requency gt Set center frequency MHz see wifi FNANE cap for a list of supported frequencies power lt power gt Set Tx power mW see wifi IFNANE cap for a list of supported values antenna lt antenna gt Select antenna see licence show for allowed antenna types pass lt key gt Set authentication key Key format ascii hex lt string gt auth lt type gt Select authentication type see wifi IFNANE cap for supported auth types wpa encrypt lt type gt Select WPA encryption type see wifi IFNANE cap for supported encryption types different encryption types can be combined with comma as delimiter auth server lt address gt Set authentication server address Use lt host gt lt port gt lt secret gt format for the address acct server lt address gt Set accounting server address Use host gt lt port gt lt secret gt format for the address debug radius onjoff Enable disable RADIUS conversation debugging hidden on off Enable disable hidden AP mode wme on off Enable disable Wireless Multimedia Extensions QoS isolation on off Enable disable client stations isolation rsn preauth on off Enable disable RSN WPA2 pre authentication mcast rate lt rate gt Set multicast packets bitrate acct interval lt iterval gt Set interim accounting update interval in seconds where commands are cap Show IF capability status Show status of IF stations
262. rface eth0 interface eth1 interface lo0 Copyright O 2004 2012 by InfiNet Wireless 142 InfiNet Wireless WANFleX OS User Manual interface null0 interface tun0 network point to point router router id 195 38 45 107 network 1 1 1 1 32 area 0 0 0 0 network 4 7 8 0 24 area 0 0 0 1 network 192 168 15 1 24 area 0 0 0 1 network 195 38 45 107 26 area 0 0 0 0 area 0 0 0 1 virtual link 192 168 151 10 end OSPF gt Neighbors show neighbor A B C D detail As a parameter one can specify P address of a network interface link which state and neighbors list is to be shown If this parameter is not specified the command shows a summary information for all interfaces Example OSPF gt show neighbor Neighbor ID Pri State Dead Time Address Interface 9 1 1 8 1 Full DROther 00 00 32 1 1 1 2 tun0 1 1 1 1 192 168 151 1 1 Full DR 00 00 32 192 168 15 10 eth1 192 168 15 1 192 168 45 116 1 Full DR 00 00 32 192 168 45 116 eth0 192 168 45 107 192 168 151 10 1 Full DROther 00 00 39 192 168 151 10 VLINKO OSPF gt Table columns B Neighbor ID neighbor router id B Pri priority B State current state status This parameter may be of the following value o Init This state means that a Hello packet was recently received from a neighbor with whom a 2 way connection is not yet established o 2 Way A two way connection is established between two routers Starting from here an adjacency relationship is initiated O ExStart The fi
263. rocess show Show running system information stop stop OSPF config interface IFNAME Interface s name OSPF config interface ethO OSPF config if authentication Enable authentication on this interface authentication key Authentication password key cost Interface cost dead interval Interval after which a neighbor is declared dead description Interface specific description end End current mode and change to root mode CTRL C exit Back to WANFleX command shell CTRL D hello interval Time between HELLO packets help Print command list message digest key Message digest authentication password key network Network type no Negate a command or set its defaults priority Router priority retransmit interval Time between retransmitting lost link state show Show running system information transmit delay Link state transmit delay OSPF config if After quitting CS using exit command or Ctrl D CS stays in the last active mode Commands may have different parameters Commands parameters are specified in several formats Parameter s format is described in the context help or in the list of commands help command in the following way Copyright 2004 2012 by InfiNet Wireless 129 InfiNet Wireless WANFleX OS User Manual B A B C D a parameter is set in IP address format Example 192 168 0 15 B WORD a set of characters with no spaces B lt 1 N gt a parameter is set as a decimal number in a range from 1 to
264. rs independently amplitude of the received signal number of ARQs on transmitting errors SNR on the opposite side etc and chooses such transmitting speed which provides necessary conditions for a reliable work with minimum number of ARQs and losses Speed values can be different for each direction but it will be optimal When no autobitrate is used transmitting speed will be set according to the setting of bitr parameter of rfconfig command When autobitrate is used transmitting speed will be automatically adjusted according to current link conditions The ranges of speed will be in between the setting of bitr parameter in rfconfig command maximal speed and minbitrate parameter see below If no minbitrate is specified the minimal RF interface speed will be taken as a lowest possible transmitting speed Minimal transmitting speed for autobitrate mode can be set with a help of the following command mint IFNAME minbitrate BITRATE Example mint rf5 0 autobitrate mint rf5 0 minbitrate 9000 DB option influences the autobitrate function sensitivity Autobitrate can be forced to set a higher bitrate mint IFNAME autobitrate lt number in dB gt even if the signal level is lower than expected on the specified number of dB Or not to set a higher bitrate mint IFNAME autobitrate lt number in dB gt till the signal level won t become higher than expected on the specified number of dB To di
265. rst step in adjacency relationship establishing which sets up master slave relations O Exchange In this state a router fully describes its link state database by sending packets to ts neighbor O Loading A state in which link state database synchronization happens i e a request for new information is sent to the neighbor Copyright O 2004 2012 by InfiNet Wireless 143 InfiNet Wireless WANFleX OS User Manual O Full This state means that neighboring relationship is established and list state database is synchronized o Current status may be of the following values o DR the router is selected to be a designated router o Backup the router is selected as a backup designated router o DROther the router is neither DR nor BDR B Dead Time the time left for neighbor acknowledgement packet B Address neighbor s P address B Interface interface link through which information with neighbor is exchanged If option detail is specified in the command the information on neighbors is shown in the detailed way Database show database The command shows a summary table with a database contents LSA show database asbr summary external network router summary A B C D adv router l A B C D Type of link advertisement for review Link destination Router id which link which advertisements are to advertisements be reviewed are to be reviewed For example a database has to be viewed for the l
266. rt import filters allows the system administrator to limit the distribution of the routing information and force some changes in the properties of routes built Copyright 2004 2012 by InfiNet Wireless 125 InfiNet Wireless WANFleX OS User Manual Filters are combined in groups each group consisting of 4 tables Export NoExport Import Nol mport There are 3 different groups of filters Filters for specific interface addresses The INTERFACE parameter is of the form int ADDR In this way it is possible to define a filter for any specific interface address if there are several addresses aliases assigned to the interface Example rip int 10 2 3 4 export all Filters for the whole interface The INTERFACE parameter contains then the interface name A filter applies to the whole interface that is to all its alias addresses Example rip ethO export all Filters for the protocol as a whole The INTERFACE parameter is then not used as such a filter applies to the whole protocol on all interfaces Example rip export all Export and NoExport tables list the networks that respectively must or must not be exported from the router Similarly Import and Nolmport tables list the networks that respectively must or must not be imported to the internal tables of the router When specifying filters the following is to be noticed e Filters are ordered from less to more general First are considered filters r
267. rval Al NT Copyright O 2004 2012 by InfiNet Wireless 196 InfiNet Wireless WANFleX OS User Manual password key PASSWORD preempt on off owner on off learn on off track off default PADDRESS MASKLEN Command description Server start stop Syntax vrrp start stop The command starts stops VRRP server Example vrrp start Creating Virtual Router VR Syntax vrrp IFNAME VRID add PADDRESS MASK MASKLEN The command creates virtual router on IFNAME interface with VRID identifier VRID is a number in 1 255 range Also the command adds IP address specified as a parameter to the list of VR IP addresses None of VR IP address should coincide with the primary IP address of interface it has been created on VRRP server allows creating several VRs for one network interface but lists of their P addresses should not crossover Example vrrp eth0 10 add 9 8 7 6 24 VR start stop Syntax vrrp IFNAME VRID start stop Command starts stops this router in a specified VR Example vrrp eth0 10 start Setting router priority Syntax vrrp IFNAME VRID priority PRIO own Copyright O 2004 2012 by InfiNet Wireless 197 InfiNet Wireless WANFleX OS User Manual The ccommand sets the priority of the specified router in VR Priority value varies in 2 255 range Router priority is considered in the procedure of selecting a main router selec
268. rver generates DSS and RSA Host Keys to be used for public key based authentication of the SSH Server Compulsory Host Keys re generation is possible at any time by typing sshd newkeys command When started SSH Server accepts authorization requests from SSH Clients Access to the device via SSH protocol may be limited by using ACLOCAL access control list When ACLOCAL list is configured on the device SSH Server rejects all connection attempts from SSH Clients with IP address or networks that are not present in the list More information about ACLOCAL list can be achieved in Access Control Lists section of this manual The following SSH Server options are available for management e window SIZE allows changing SSH Server internal receiving window size in bytes SSH Server window size defines maximum allowed bandwidth for SSH Client SSH Server data channel By default SSH Server window size is 24576 bytes e log level emerg alert crit error waming notice info debug LEVEL allows choosing logging levels of the SSH Server service information that will be written into the system log to manage system log please use sys log command Different levels of logging can be chosen by emerg alert crit error warning notice info debug parameters or specified by the number of the needed level from 0 to 7 using numeric LEVEL parameter By de
269. rver traffic tracking messages are sending cap shows list of AP s capabilities Copyright 2004 2012 by InfiNet Wireless 98 InfiNet Wireless WANFleX OS User Manual status shows AP status stations shows information on all client stations of the AP Stations command output Measured maximum Client station Signal level from throughput to client Additional connection MAC address clent station station information 1 gt wifi wifi statidws l Statlion list ADDWESS IDLE RSSI RATE TPUT PROB INFORMATION ELEMENTS 00 13 02 19 d3 a7 0 39 24M 14 1 99 9 WPA WME Time passed after last Maximum Probability of packet exchange between possible bit rate packet delivery client station and AP ms Sample configuration WiFI remote AP configuration wifi wifi0 ssid IW wifi wifi0 freq 2432 wifi wifi0 power 63 wifi wifid antenna diversity wifi wifi0 auth WPA PSK wifi wifi0 pass SecretHotspot wifi wifi0 wpa encrypt RC4 wifi wifi0 syslog on 13 Dfs Dynamic Frequency Selection This command is used to configure DFS Dynamic Frequency Selection function of a radio interface Syntax dfs interface_name dfsradar dfsonly dfsoff dfs interface_name freq all frequency_list dfs interface_name cot hh mm dfs interface_name scansec lt seconds gt Description dfs interface_ name dfsonly starts DFS on the device In DFS mode device is selecting the most interference free frequ
270. ry intermediate node Every trace result contains the IP address of an intermediate node and the response time in milliseconds of every attempt In addition it may contain some special symbols corresponding to specific reply codes of the ICMP protocol e Port unattainable e IN Network unattainable e H Node host unattainable e P Inappropriate protocol e F Too long packet Copyright 2004 2012 by InfiNet Wireless 10 InfiNet Wireless WANFleX OS User Manual e IX Access to a node is administratively restricted filter proxy etc e No reply 10 Webcfg Web interface support Web interface support module Syntax webcfg start stop webcfg lang en ru fr it cn Description This command enables disables Web interface support on the device Web interface allows easy graphical device configuration with the help of a Web browser Example webcfg start Default web interface locale can be set by using the lang key with the webcfg command Current locale set includes English Russian French Italian and Chinese locales 11 Rshd command Remote Shell RSH remote shell protocol support module Syntax rshd enable disable RemoteUSER RemoteHOST LocalUSER rshd start stop flush Description The built in RSH server makes it possible remote command execution using the rsh program Identification is based on using privileged TCP ports and a list of authorized hosts By default the
271. s DHCP client after getting a lease of IP address from DHCP server In accordance with DHCP the client is obliged to check received P address if there are any other network devices with the same IP address For higher reliability DHCP client sends a series of such request with 1 4 second interval If arp requests number is not specified for all of the interfaces including absence of default value for this parameter DHCP client sends 16 requests O t onJoff This option turns on off sending debug information to the system log The option is not attached to any specific interface Commands O start starts DHCP client on a specified interface O stop stops DHCP client on a specified interface O delete stops DHCP client on a specified interface and clears all the options O dump shows current status of DHCP client Examples dhcpc a 5 dhcpc 1 DHCP_SERVERS etho0 start dhcpc a none k key qwerty rf5 0 start This configuration sets the number for ARP requests of 5 For eth0 interface the list of allowed DHCP servers is specified in DHCP_SERVERS ACL The client is started for ethO interface For rf5 0 interface none option is set for the number of ARP requests Thus rf5 0 will send 16 ARP requests Also DHCP client on rf5 0 interface will use qwerty as authorization key dhcpc dump The command prints current status of DHCP client ID I face IP address mask Gateway address ServerlD Lease exp 0 1 ethO 192 16
272. s a Single Clock Domain It is the customer s responsibility to feed the CES containing device with TDM ports all of which are timed by the same clock source Syntax ces start ces stop ces clear ces unit lt addr gt ces mode el t1 line internal loopback recovery ces ports lt list gt ces frames lt N gt ces maxjitter lt N gt ces adjust now auto clear lt list gt ces stat clear ces stat delay clear ces eth media lt MediaType gt ces eth bwlimit lt Kbps gt ces eth stat full clear MediaType 100BaseTX fullduplex 100BaseTX halfduplex 10BaseT fullduplex 10BaseT halfduplex auto Copyright 2004 2012 by InfiNet Wireless 93 InfiNet Wireless WANFleX OS User Manual ces start Starts a process which controls CES module If there are pre configured ports TDM data transfer begins ces stop Stops a process which controls CES module ces clear Clears ces configuration ces unit lt addr gt Sets IP address of CES module and reserves the corresponding network with the 24 mask IP addresses of this network are used for ODU to CES module communication Default value 169 254 1 100 169 254 1 0 24 network is reserved ces mode el t1 line internal loopback recovery Sets CES module mode e1 t1 type of interface El or T1 line internal loopback recovery synchronization mode line input frequency of port O is used as an output frequency for all ports in
273. s are used Filters are represented by two classes of objects B Access lists access list B Prefixes lists prefix list Access lists consist of a set of operators Each operator consists of a range of P addresses and deny or permit command The range of addresses is set as lt value gt lt mask for insignificant bits gt The object to be filtrated has its basic parameter in the same format IP address subnet etc To make a decision whether the object corresponds with a list each operator from the list is consequently applied to the basic parameter of the object until this parameter satisfies the condition When a right condition is met the decision is made according to the record in the command of the operator deny or permit In RIP router there are three types of access lists B Standard Is identified by numbers 1 99 or 1300 1999 and is used to analyze one parameter of filtration object B Extended Is identified by numbers 100 199 or 2000 2699 and is used to analyze two parameters of filtration object for example source address and destination address B Nominate Identical to Standard but is identified by a name not number Moreover operators are configured in the format of lt value gt lt mask length gt In order to create or edit an access list in RIP router the following commands are used in config mode 1 Standard access lists access list lt 1 99 gt lt 1300 1999 gt deny permit A B C D A B C
274. s like rf5 0 rf5 0 etc 1 gt switch group 1 dump eth Bridge group 1 normal READY STARTED Interfaces ethO F eth1 F rf5 0 F Total records 5 DST MAC L Int GateWay MAC GT Cost UsCNT Dead HashC 001111144693 eth0 000000000000 0 3987 300 1 000435018822 eth0 000000000000 0 0 0 1 000435118822 eth1 000000000000 0 0 0 1 Copyright 2004 2012 by InfiNet Wireless 77 InfiNet Wireless WANFleX OS User Manual This filter displays group statistics for all Ethernet interfaces List configuration commands Syntax switch list LISTNAME iface mac numrange match add del VALUE dump WILDCARD rename NEWNAME file FILENAME flush remove Lists are used as a set of acceptable values for rules Each list must have a unique name and must be of one of the types iface mac numrange match List name may consist of letters and digits List name should not start with a digit List name is case insensitive Command parameters LI STNAME list name If list name contains spaces it should be put in quotes iface list type which consists of network interfaces names mac list type which consists of a set of MAC addresses numrange list type that consists of a set of ranges of positive integer numbers The range of numbers is specified as lt min gt lt max gt The range may consist of one number if lt min gt lt max gt If a range of numbers is added to existing list and two ranges values
275. s put in the source address field of the packets Using the S option any other IP address SourceAddress may be substituted for this default address Example ping 192 168 1 1 size 20 count 7 8 Telnet command Use telnet protocol to enter a remote host Syntax telnet P address Description Sets up a connection with a remote host specified by the IP address in the terminal emulation mode The telnet command uses transparent symbols stream without any intermediate interpretation therefore the terminal type is defined by the terminal from which the command has been executed To interrupt the terminal emulation session press Ctrl D 9 Tracert command The command trace attainability of an P node Syntax tracert s SourceAddress HostAddress Description Traces the packet transmission path up to the IP node host specified by the HostAddress parameter The command sends packets to the specified host assigning different values to the time to live field in their IP headers and analyzes ICMP TIME_EXCEEDED indications coming from different routers along the path to that host By default the sending interface s address is put in the source address field of the packets Using the s option any other IP address SourceAddress may be substituted for this default address Tracing is limited to a path with maximum 30 intermediate IP nodes Trace packets are 36 bytes long The trace procedure makes 3 attempts for eve
276. s statistics on incoming CES packets delays at ODU s radio interface Optional parameter clear allows to reset statistics When using dual radio devices such as CES multihop repeater this command shows statistics on passing CES packets delays Minimum configuration of Infinet Wireless devices with 4 E1 T1 ports Master Device rf rf5 0 freq 5200 bitr 36000 sid 10101010 txpwr 18 mint rf5 0 start ces mode el loopback ces ports 0 123 ces start Slave Device rf rf5 0 freq 5200 bitr 36000 sid 10101010 txpwr 18 mint rf5 0 start ces mode el recovery ces start In this example frequency radio power and sid are configured on Master device MINT starts List of ports is appointed And CES over WLAN mode starts with default settings interface type el synchronization mode loopback On a Slave device frequency radio power and sid is configured MINT starts Interface type el and synchronization mode recovery is set Other settings Copyright 2004 2012 by InfiNet Wireless 96 InfiNet Wireless WANFleX OS User Manual except ces adjust will be received from Master device CES over WLAN mode starts 12 WiFi Wi Fi AP configuration The command is used to configure remote Wi Fi AP Syntax wifi IFNAME options command where IFNAME are WiFi Interface name for example wifi0 where options are name lt string gt Set optional interface name ssid lt string gt Define Service Set Identification freq lt f
277. sable the autobitrate mode the following command is used mint rf5 0 fixedbitrate In the fixedbitrate mode the actual bitrate is set with the bitr parameter of the rfconfig command Copyright 2004 2012 by InfiNet Wireless 40 InfiNet Wireless WANFleX OS User Manual mint IFNAME ratefall 0 8 command allows influencing autobitrate mechanism in the following way it sets upper bitrate index threshold below which errors and retries checks are not performed just energetic ability to upper bitrate is taken into consideration Bitrate indexes are from 1 to 8 and correspond with bitrates available on the device s radio interface to see bitrate list use rf rfX cap command 0 ratefall s value cancels the command Example mint rf5 0 ratefall 4 Setting the connection factor Syntax mint IFNAME autofactor 1 5 This command sets the sensitivity of the device to establish a connection with a candidate via its radio interface The more the autofactor value is the better should be the characteristics of the radio channel between the device and the candidate for establishing a connection Default value is 3 Setting signal levels thresholds Syntax mint IFNAME loamp XX hiamp XX loamp This option sets the minimal signal level for the neighbor Signal level is measured in dB above the noise threshold for the current bitrate If the level gets lower than specified value the connection wi
278. scope name to which we add excludes e START_IP and END _IP starting and ending addresses of an exclude Exclude s range should not intersect or belong with any of previous excludes assigned to this scope Exclude s range should belong to the scope To delete an exclude one should do the following Syntax dhcpd scope lt SCOPE_NAME gt delete exclude lt START_IP gt This command s parameters are identical to the command for exclude configuration besides the fact that here one can specify only starting address of an exclude to be deleted Attention When executing command dhcpd scope lt SCOPE_NAME gt set range lt START_IP gt lt END_IP gt excludes which were created before range changing and which stop satisfying conditions described above will be deleted automatically Clients class filter CLASSI D Scope of addresses has clients class filter If a client in its request submits its class a server is able to give an IP address only from those scopes which are connected to client s interface and which have client s class specified in their class filter Class filter is a set of client vendor class id from which it is allowed to give a lease for P addresses from the scope In order to create a class filter for a scope one should add one or more client vendor class id To add a client vendor class id to the scope the following command is used Syntax scope lt SCOPE_NAME gt add classid lt CLIENT_ CLASS I
279. server and DHCP client can occur only within one network physical network If DHCP server is connected to another network the direct dialog cannot take place However the router which logically connects two networks with DHCP client and DHCP server can have a special software running DHCP Relay Agent DRA DRA retranslates DHCP packets including broadcast packets from DHCP clients to DHCP server and back Data exchange between DRA and DHCP server is performed using unicast packets only Thus DRA and DHCP must know each other s P addresses starting from their configuration stage For this purpose DHCP server has virtual interfaces In fact DHCP server virtual interface is a physical network interface placed in DRA As DHCP does not know this interfaces Copyright 2004 2012 by InfiNet Wireless 190 InfiNet Wireless WANFleX OS User Manual subnets sets one should specify these subnets while virtual interfaces configuration To create virtual interface use the command Syntax add virtual interface lt VIFNAME gt lt GATEWAY gt lt GWIFNAME gt Where e VIFNAME name of the DHCP server s virtual interface e GATEWAY P address of DRA which has a corresponding physical interface e GWI FNAME name of DRA s interface that performs retranslation of DHCP packets to DHCP clients If the symbol is used as GWIFNAME parameter DRA is allowed to use all its interfaces to retranslate DHCP packets After exe
280. server daemon will d reject any connections For using Null Authentication scheme you should add a user with empty user and key parameters rpcapd user key The following command allows specifying the internal buffer size of the daemon for sending the captured packets to the client application rpcapd buffersize SND_BUFFER_SIZE The default buffer size is 32Kb The following command enables disables writing daemon debug output to the unit s system log rpcapd trace notrace The following command allows viewing all the currently active connections rpcapd show s SOURCENAME Parameter s allows viewing the BPF filter of the connection with the specified device s interface name SOURCENAME To clear the configuration and stop the daemon use the following command rpcapd clear 13 Snmpd command SNMP daemon SNMP protocol version 1 and 3 daemon Syntax snmpd user NAME add set pass PASSWORD sec urity noAuthNoPriv authNoPriv authPriv acclessRights readOnly readWrite cla ss guest admin privpass PRIVPASS proto des aes128 snmpd user NAME del ete snmpd comm unity NAME snmpd nodebug debug prox trap stat mibs user cryp pack time flow snmpd vldisable vlenable Copyright 2004 2012 by InfiNet Wireless 163 InfiNet Wireless WANFleX OS User Manual snmpd start stop snmpd clear Description This command enables disables th
281. server s file system IP address is the P_address of the remote server Examples li export ftp fto_login ftp_password 192 168 145 1 license file li show Syntax dport BAUD Description Copyright 2004 2012 by InfiNet Wireless 26 InfiNet Wireless WANFleX OS User Manual This command sets a bitrate of the console port Available values are 9600 19200 38400 57600 115200 Bit sec Default value is 38400 Bit sec 22 Mem Syntax mem Description This command show statistics for allocated device memory network buffers queues and drops on interfaces Command output is described in the picture below Sample command output Total memory Free memory Allocated memory bytes bytes in bytes and percentage Maximum 4 gt men t used memory Ma lloc stts Total 59926496 Free 38223200 Allocated 21703296 lt 36 21 gt bytes a hax 21717536 36 24 Number of Number of Number of requests Number of Number of requests for requests for for memory size requests for clear memory allocation memory allocation memory release change memory allocation requests denies ls l malloc 61312 free 75270 realloc 15584 calloc 15731 miss 0 Number of network Number of network Number of network buffers buffers allocated to buffers allocated to data packet headers 582 mbufs 4 se 579 mbu ocated to data 3 ufs allocated to packet headers 577 9000 mapped pages in use enn bytes allocated to network 7 in use
282. set by the operator using a route add command e 1 pseudostatic route set as a result of a rip static command e L the route points to a directly connected host for such a route an APR request may be performed e C when using this route more specific routes may be created e g using the L flag si parameter displays the information on each network interface in the system Name y Network Address Opkts Oerrs 100 32768 Link 0 0 0 0 100 7 127 0 0 1 0 0 D 0 etho 5 Link O 53 3 54 92477 0 80180 0 ethd 500 10 1 0 32 27 5 9 D 3 0 rfn 1500 Link 0 5a 3 55 242 j 0 rfo 1500 3 0 3 0 r o 1500 J 0 jel 3140 0 rfo 1500 3 1 24 30 3 1625 324249 9055 348140 0 9 pfw command IP Firewall General description IP Firewall is a mechanism of filtering packets crossing an IP network node according to different criteria System administrator may define a set of incoming filters addincoming and a set of outgoing filters addoutgoing The incoming filters determine which packets may be accepted by the node The outgoing filters determine which packets may be forwarded by the node as a result of routing Each filter describes a class of packets and defines how these packets should be processed reject and log accept accept and log Packets can be filtered based on the following criteria e Protocol IP TCP UDP ICMP ARP e Source address and or destination address and port numbers for TCP and UDP e The ne
283. shortcutting in shortcut mode B Default this area will be used for shortcutting only if ABR does not have a link to the backbone area or this link was lost B Enable the area will be used for shortcutting every time the route that goes through it is cheaper B Disable this area is never used by ABR for routes shortcutting Stub areas Some of the areas may be defined as stub areas It is used for the area which has either a single ABR or several ABR but route selection does not depend on external destination address The information about external link to OSPF system is not sent to stub areas by ABR Instead ABR advertises a default gateway to the stub area with a route coming through this ABR The area can be configured as a stub area using the command in config router command area A B C D lt 0 4294967295 gt stub no summary no summary option is specified if it is not necessary to advertise a summary ads of other area s links to this area Backbone coherence Virtual links In general OSPF protocol requires a backbone area area 0 to be coherent and fully connected l e any backbone area router must have a route to any other Copyright 2004 2012 by InfiNet Wireless 137 InfiNet Wireless WANFleX OS User Manual backbone area router Moreover every ABR must have a link to backbone area However it is not always possible to have a physical link to the backbone area In this case between two ABR one
284. sid ABCDE mint rf5 0 profile 2 freq 5960 sid ABCDE disable mint rf5 0 profile 3 freq auto sid DEAD mint rf5 0 roaming enable Remote command management Remote command management allows one MINT node to perform commands on one other or all MINT nodes in the network Options e rcmdserver disable enable disables enables remote control management mode enable by default e guestKey STRING guest key Guest key allows to perform read only commands on the node e fullKey STRING full key Full key grants full access to the node all commands can be performed e node ADDR all Mac address of the destination node or access to all MINT nodes e peer performs commands only on the nodes that is connected to the given device directly e self performs commands also on the device itself e cmd CMD file URL command to be performed on the remote unit or root to a command txt file by ftp e key KEY access key e quiet disables writing replies from remote devices to a system log Syntax mint IFNAME rcmd node ADDR all peer self cmd CMD file URL key KEY quiet mint IFNAME rcmdserver disable enable guestKey STRING fullKey STRING Samples mint rf5 0 rcmd node all cmd co sh mint rf5 0 rcmd node all file ftp_ name ftp_pswd 192 168 100 21 1 txt Copyright 2004 2012 by InfiNet Wireless 56 InfiNet Wireless WANFleX OS User Manual Trace command Sy
285. state However having multiple masters can cause as much disruption as no routers which authentication cannot prevent Also even if a hostile router could not disrupt VRRP it can disrupt ARP and create the same effect as having all routers go into backup Copyright O 2004 2012 by InfiNet Wireless 200 InfiNet Wireless WANFleX OS User Manual VRRP server state output Syntax vrrp dump Command displays VRRP server current state Example vrrp dump VRRP interface ID Prio Alnterval Master IP STATE Time Stop reason eth0 010 2000 001 192 168 135 450 BACKUP 0 0 0 3 000 VRRP server state is printed in a table consisting of following columns VRRP interface 1D displays VR in IFNAME VRID form Prio displays the priority of the router in a specified VR If owner mode is enabled a letter o is also printed Alnterval displays set keep alive messaging interval Master IP displays primary IP address of MASTER router STATE displays router s current state o MASTER o BACKUP o STOP If specified router has self learning mode enabled small I is printer before the state name for example IBACKUP Time displays time period during which the route is in STATE mode The period is represented in DAYS HOURS MINUTES SECONDS 000 form Stop reason the router stops operating in specified VR if current situation forces it to do so for a specific VR router it changes its state t
286. t be zero if this value is not zero then the radio link couldn t be exploit 5 Number of undelivered acks value in ua columns must be zero if this value is not zero then the radio link couldn t be exploit If this value is constantly not less then 50 then most probably distance parameter is set with a wrong value If radio link distance is more than 20 km then long mode must be enabled ALL described parameters must be observed in the both Local and Remote sections of the Itest command output Radio link bandwidth test Bandwidth meter Bandwidth meter is used to test the following radio link characteristics speed in kilobits per second speed in packets per second number of retries and errors Use the following ltest command options for testing e tu seconds Unidirectional test packets are transmitted only from the current side to the specified address target option e tb seconds Bidirectional test packets are transmitted in both directions Packet size by default 1536 bytes to change packet size use s option Seconds parameter allows setting test period 5 seconds by default Maximum value is 60 seconds load N m k option allows setting a limit on the maximal tested channel bandwidth By default N parameter is measured in Megabits per second If k parameter is specified then in kilobits per second for example 10m 10 Mbps 500k 500 Kbps mint option
287. t free IP address If eventually there is no free IP address left the server looks into boundhistory for the client s interface If this step failed the server puts this client into a database of unleases Unleases Clients to which DHCP server failed to give an IP address for a lease are put to a special list unleases The records in this list are saved for 15 minutes if a client does not repeat an attempt to get a lease Each record in the list consists of the following fields 1 Name of a network interface from which a client s request for a lease was received client s interface 2 Client s identifier 3 Client s class identifier 4 Host name To view the list use the following command Syntax dhcpd show unleases lt SUBSTR gt where e SUBSTR a substring for a partial list view When executing a command the server will print only those records which fields contain the substring one of the fields Substring is case sensitive If is specified as a substring the full list is printed Example 1 gt dhcpd show unleases gt UNLEASES 1 ethO 1D 01 00 C0 DF 10 AF 69 MSFT 5 0 wad OK Virtual interfaces After their start DHCP clients send broadcast request in order to get an IP address lease As a client at this time does not yet have an IP address the server also uses broadcast packets to communicate with a client It is known that broadcast packets are not routed and thus the dialog between DHCP
288. t in the network After executing one or several td enable RemoteHOST commands remote Telnet access becomes only possible from the explicitly specified P addresses one host specified per each td enable command up to 10 hosts enabled simultaneously To retire from a remote host a previously granted access authorization a td disable command with its IP address shall be executed Finally a td flush command fully clears the current telnet daemon configuration Examples td enable 195 38 44 1 td enable 195 38 44 11 td start 15 Nat command Network Address Translation Network address translation according to RFC1631 Syntax nat command arguments General description NAT allows solving to the certain extent the problem IPv4 address space exhausting It means that several computers in the given LAN may connect to Internet via the same public IP address NAT module receives outgoing IP packets modifies sender s IP address to the public IP address and forwards it to Internet Sender s IP address is modified in such a way that it is possible to identify the sender when IP packet is received on the LAN incoming interface and to forward the IP packet to the initial sender NAT module is similar to natd and libalias from FreeBSD As it s known rfc1918 some part of the Pv4 address space is reserved for using in so called private IP networks private internets 10 0 0 0 10 255 255 255 10 8 prefix 172 16 0 0 172 31 255
289. t that is equal to 200000 for RSTP 65535 for STP Example switch group 1 add eth0 rf5 0 switch group 1 stp priority 36864 switch group 1 stp on switch group 1 start Copyright 2004 2012 by InfiNet Wireless 85 InfiNet Wireless WANFleX OS User Manual In this example switch group group 1 is configured STP protocol support is enabled and STP switch priority is set to 36864 for this group switch group ID igmp snooping off on This command disables enables IGMP snooping function for the switching group Example switch group 1 igmp snooping on switch group ID order N The logic of assigning switch groups to packets is the following e Groups are run over in the order of their appearance in a configuration e The first group that is suitable for a packet is chosen and the process is stopped The command sets the order in which the concrete group will be run over during the assigning process switch group ID setpri addpri prio This command allows setting increasing the priority of packets passing through the group Setpri parameter is used to change a priority to the value specified in the command When using 1 value a package priority is dropped to the lowest priority Addpri is used to change a priority only in case it is higher than the previous one Note the smaller is the value the higher is the priority So you can only increase priority using addpri parameter Example s
290. t the router configuration Syntax config show save clear config import export login password host file Description e show Displays the current configuration of the system Any change of the system parameters may be immediately viewed using the config show command The optional parameter may contain a selection of WANFleX commands abbreviated to their initial letters as shown in the following examples only those system parameters will then be displayed which relate to the commands selected Examples co show route rip will display parameter configuration for route command and RIP protocols co show r rip will display parameter configuration for all commands starting with r except rip save Saves the current system configuration in the router s flash memory for subsequent permanent use All modifications to the system parameters if not saved by this command are valid only during the current session until the system reset e clear Clears resets to default configuration in device flash To take effect device should be rebooted without saving the configuration e export import Saves the router configuration on a remote server and reloads it from a remote server The information is transferred using FTP The name of the file to or from which the information is transferred The file name shall be specified in full in the format of the remote server s file system Example config export user secret 1
291. target node target node target node Full A combination of neighbors and routes modes Swg This option is used when switching groups are created in MINT network It shows in which switching groups neighbor nodes are included Copyright 2004 2012 by InfiNet Wireless 51 InfiNet Wireless WANFleX OS User Manual node442 gt mint map swg Interface rf4 0 Node OM1195PE8278 NODE1 S11 Id 1250 Netld O master gt polling gt Freq 5320 Sid 10101010 autoBitrate 54000 Noise floor 94 ae GROUP 1 sent dynamic Cin trunk 1000 Switching OB0435FFB9IAD K11 CPE 4 0 1 hops Cost 68 alive 5 roups j _ GROUP 2 sent O lt dynamic gt Cin trunk 1000 poi 00179A22F4E2 Nil 1 hops Cost Si alive 4 neighboring nodes GROUP 3 z sent lt dynamic gt Cin trunk 1000 M00E9B92EB96 si 1 hows Cost 51 alive 4 GROUP 1000 sent lt Ctrunk gt Cin trunk 1000 000435FFB9IAD K11 CPE 4 0 1 hops Cos 000E9B92ED96 si 1 hops Cos 001 79A22F4E2 Nii 1 hops Cos t 68 Calive 5 t 51 lt alive 4 gt t Si alive 4 gt Parameters e detail shows the following information for each link with a neighboring node distance do the neighboring node in kilometers load on receive transmit in Mbps on receive transmit in packets per second link Cost main IP address of the neighboring node e m shows I O signal levels relative to minimal receive transmit bitrate Without
292. tatus ces itterStatus ospfNBRState ospfVirtNBRState ospfl FState ospfVirtl FState ospfConfigError linkEvent trapdColdStartEvent snmpdAuthenticationF ailureEvent syslog Description To start stop SNMP Trap agent on the device please use the following command trapd start stop The following command adds an SNMP server address to the SNMP configuration trapd dst addr x x x x PORT GROUPNAME ITYPENAME Where x x x x is the server s IP address The optional parameter PORT defines the server s UDP port port 162 is used by default The optional parameter GROUPNAME defines the groups of traps to be sent to the server The optional parameter TYPENAME allows to define or exclude exact traps to be sent to the server Copyright O 2004 2012 by InfiNet Wireless 173 InfiNet Wireless WANFleX OS User Manual Multiple SNMP servers can be set in the configuration Example trapd dst 192 168 1 1 trapd dst 192 168 1 100 The above commands will enable sending SNMP traps from the device agent to the SNMP servers with P addresses 192 168 1 1 and 192 168 1 100 To delete an SNMP server IP address from the configuration use sign as shown in the command syntax Example trapd dst 192 168 1 1 You can view the allocated SNMP servers their P addresses and the defined traps groups for each server by using the following commana trapd map Agent s own IP address which is set
293. tem cpu Indicates current CPU load in percent system no pager Enables disables page splits in the console output system search seconds This command forces all indication to blink for the one type devices search By default this mode turns off after 10 seconds system serialCD no log no trap Sets the reaction to appearance disappearance of Carrier Detect CD signal on the diagnostics port console log option enables this event to be written into the system log trap option enables SNMP trap messages generation The message of CD signal disappearance has an oid of 1 3 6 1 4 1 3942 0 103 The message of CD signal appearance has an oid of 1 3 6 1 4 1 3942 0 104 In order to send SNMP messages you need to run trapd service using trapd command see trapd command The current remote log IP address if any may be saved in the configuration file using the config save command 3 Set command time zone settings The command is used for time zone settings manipulations Starting from 3 36 version of firmware Do not support automatic summer winter time switching Syntax set TZ TIMEZONE Example set TZ EST 5EDT M4 1 0 2 M10 5 0 2 Copyright 2004 2012 by InfiNet Wireless 7 InfiNet Wireless WANFleX OS User Manual set TZ EKT 5 For more details on time zones please visit en wikipedia iki Time_zone 4 Config command configuration manipulations This command is used to view save export and impor
294. ter With this if master turns polling on mesh node breaks all its connections with other nodes but the master except join connections If master node drops off or turns marker access off mesh node restores its connections with its neighbors if these connections existed e SLAVE Can only connect to the node with master type When connection is lost the device attempts to restore the connection to the master node Slave node can work with master node using marker access in a classical point to multipoint topology Example mint rf5 0 type master Copyright 2004 2012 by InfiNet Wireless 37 InfiNet Wireless WANFleX OS User Manual Setting the node mode Syntax mint IFNAME mode mobile nomadic fixed The command sets the mode of the node The mode is defined by the application of the node for the network Modes description e Fixed The network node has a fixed allocation and never moves and never is switched off This is a infrastructure node of the network Nomadic Node may change its physical allocation but all the data transmitting is made when the node is not moving or moving very slowly Mobile The node may move and exchange data while moving Example mint rf5 0 mode nomadic Setting node sequential number Syntax mint IFNAME nodeid NUMBERID The command sets the sequential number for the node By default it is set equal to the device s serial number The number may be spe
295. ternal internal frequency generator is used loopback input frequency of each port is used as an output frequency for the port recovery frequency is restored from CES over WLAN packet flow ces ports lt list gt List of port numbers divided by gaps Example ces ports 0 2 3 ces frames lt N gt Number of TDM frames for one CES over WLAN packet Number of packets per second which are being sent for each port depends on this parameter Valid values are for E1 any value from 1 to 25 and from 26 to 44 for T1 any value from 1 to 33 and from 34 to 60 ces maxjitter lt N gt Maximum expected jitter for given link Valid values are from 1 to 200 but not less than the option frames divided by 8 ces adjust now auto clear lt list gt Parameters of jitter buffer self tuning now jitter buffer self tuning will be executed once auto jitter buffer self tuning will be executing automatically and continuously auto clear stops automatic self tuning lt list gt list of values format lt port gt threshold where threshold sets threshold for current jitter filling deviation from given maxjitter value It can be a number may be fractional to three decimal places in milliseconds or a percentage for example 45 After exceeding the threshold jitter buffer self tuning procedure will be started for given port Threshold default value is 50 Example ces adjust auto 0 1 5 1 15 2 15 In this example jitter bu
296. teway etc DHCP client management is implemented via dhcpe command Syntax dhcpc options IFNAME commands IFNAME name of the network interface to which options and commands are referred Options Options define working parameters of DHCP client on a corresponding interface or these options defaults if no interface name is specified For each option special values can be specified none and default Option value none means this parameter absence for this interface even though default value of this parameter exists Option value default means the absence of a specific parameter value meaning that only default option exists With this default parameter value is applied if specified Default option value is not displayed in DHCP client configuration Copyright 2004 2012 by InfiNet Wireless 194 InfiNet Wireless WANFleX OS User Manual O none default ACLNAME acl ACLNAME sets the list of IP addresses of DHCP servers from which the client is permitted to receive parameters Here ACLNAME the name of access control list see acl command If specified list is not configured in the system this acl does not exist DHCP client will be able to receive parameters from any DHCP server O k none default key KEYVALUE sets authorization key DHCP authorization is in accordance with RFC 3118 Authentication for DHCP Messages o a none default NUMBER sets the number of repeated arp requests which send
297. th a neighbor will be lost Default value 2 hiamp This option sets the minimal SNR for a new neighbor Signal level is measured in dB above the noise threshold for the current bitrate If neighbor s signal level is equal or higher than a specified value the node will consider this neighbor to be a candidate Default value 6 Example mint rf5 0 loamp 2 Setting ATPC thresholds Syntax mint IFNAME tpcmin dB tpcmax dB tpcadj dB This command allows controlling ATPC automatic transmit power control function behavior ATPC function is enabled disabled by rf lt interface gt pwrctl command see rfconfig command description e tpcmin dB This option sets the minimal transmit power level in dB ATPC function is allowed to set on the radio interface Copyright O 2004 2012 by InfiNet Wireless 41 InfiNet Wireless WANFleX OS User Manual e tpcmax dB This option sets the maximal transmit power level in dB ATPC function is allowed to set on the radio interface e tpcadj dB This option influences the optimal power level to be set on the radio interface by the ATPC function The ATPC can be forced to set higher tpcadj lt number in dB gt or lower tpcadj lt number in dB gt power levels compared to the values it estimates itself Creating local nodes database Syntax mint IFNAME addnode defgw X X X X defmask X X X X mint IFNAME addnode mac X X X X X X key STRING note STRING
298. thods of aggression e g by simply pelting you with any packets or with useless e mail messages Moreover rejecting all incoming fragmented packets may hamper your normal work Consider the following example The maximum possible IP packet length is usually circa 1500 bytes but it may be less or more on different network segments Even those packets which have not been sent fragmented by their source may have become fragmented somewhere on their way to destination because they have encountered a network segment with more severe packet length limitation Even the newest protocols for defining the maximum possible IP packet length along any given route are not always bringing guaranteed result because IP packets from the same source are progressing independently through the network and may take different routes Therefore fully prohibiting reception of fragmented packets may hinder temporarily or permanently normal operation of some applications communicating with some hosts If you decide to authorize incoming fragmented packets then one of the first filters to apply could be ipfw add accept all ip_tail_ fragment from 0 0 to 0 0 The above filter accepts all incoming fragments except the first fragments of their respective packets Such an authorization is not harmful for your security with the exception of a denial of service attack because the first fragment of a packet bearing the main information about the whole packet will be
299. ting At that the router with the greatest priority becomes the main one Priority of 255 has a special meaning It shows this router will be the main within specified VR The main router with such a priority owns all of VR s P addresses Example vrrp eth0 10 priority 200 Owner mode Syntax vrrp IFNAME VRID owner on off In owner mode the router owns all of VR s P addresses regardless its priority l e even if this route is a slave at the moment VR s P addresses are in the lists of network interface P addresses on which VR is created At the same time these addresses stay in a passive mode l e the router will not reply on these addresses until it takes the functions of the main router Owner mode is enabled by default Example vrrp eth0 10 owner off Inheritance mode Syntax vrrp FNAME VRID preempt on off If inheritance mode is disabled the router regardless its priority would never take the functions of the main router while there are other operating routers in VR Inheritance mode is enabled by default Example vrrp eth0 10 preempt off Network Prefix Monitoring mode Syntax vrrp IFNAME VRID track off default PADDRESS MASKLEN If Network Prefix Monitoring mode is enabled the VRRP module checks the availability of a route to the specified IP network IPADDRESS MASKLEN or the default route default If the routing entries disappear from the system tables the devi
300. tort including negligence strict liability or otherwise and whether based on this agreement or otherwise even if advised of the possibility of such damages To the extent permitted by applicable law in no event shall the liability for damages hereunder of Infinet Wireless or its employees or agents exceed the purchase price paid for the product by purchaser nor shall the aggregate liability for damages to all parties regarding any product exceed the purchase price paid for that product by that party except in the case of a breach of a party s confidentiality obligations International Regulatory nformation This equipment has been tested and found to comply with the limits for a Class B digital device Copyright 2004 2012 by InfiNet Wireless 2 Hereby InfiNet Wireless declares that this equipment is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC The CE Marking on this equipment indicates compliance with the following This device conforms to Directive 1999 5 EC on Radio Equipment and Telecommunications Terminal Equipment as adopted by the European arliament And Of The Council Copyright 2004 2012 by InfiNet Wireless 3 InfiNet Wireless WANFleX OS User Manual Table of contents l INTRODUCTION 2 cccccccceseennnseeeeeeeeeeeennnaaseeeeeeeeeeoonaaaseeeeeeeeeoonnnaaseeeeeeseeononanasseeeeeseeoes 4 E GONEFANNOtES Ii eea n e deaa e a ee 4 25 P2dddress O
301. twork interface it arrived on e Whether the packet is a TCP IP connection request a packet attempting to initiate a TCP IP session or not e Whether the packet is a head tail or intermediate IP fragment e Whether the packet has certain IP options defined or not e The MAC address of the destination station or of the source station Copyright O 2004 2012 by InfiNet Wireless 148 InfiNet Wireless WANFleX OS User Manual Below figure illustrates how packets are processed by the filtering mechanism of the router Packets addressed to this node Packets addressed to Incoming packets other nodes Incoming filters Outgoing filters Packets starting from this node There are two classes sets of filters prohibiting reject and permitting accept Furthermore a filter may be applied to all inbound packets or only to packets arriving via a specific interface Each received packet is checked against all filters in the order they are put in the set The first filter that matches the received packet determines how the packet will be treated If the filter is an accept filter the packet is accepted otherwise it is rejected If the packet matches no filter in the set or if the set is empty the packet is accepted A The rejected packet will be discarded without notification to the sender Filters are defined using the ipfw command For example a command ipfw add reject all from 192 168 5 3 to 192 168 11 7
302. ual Non mandatory parameter Specifies source destination net subnet for packet redirection Example nat proxy_rule proto tcp port 80 server 123 1 1 1 3128 In given example all outgoing LAN TCP packets destined for port 80 will be redirected to provider proxy server nat del rule_number Deletes the rule numbered by rule_number NAT and H 323 telephony Subscribers and gatekeepers use several H 323 protocols We are interested in two RAS registration admission status used for subscriber registration on the gatekeeper and to monitor subscriber status CS call signaling used by subscribers for signaling established for a specific call Both these protocols described H 225 0 standard Well known system configurations includes the following examples 1 A subscriber resides in LAN and a gateway has a public P address Subscriber calls are outgoing only For setting subscriber access from LAN to the gateway one may use h323_ destination rule using CS protocol If the gateway accepts call incoming to 1720 well known port there will be enough to include default_h323 mode Example 1 Subscriber resides in LAN with address 10 0 0 99 gateway is in Internet with address 123 45 67 89 Requirement enable to subscriber outgoing calls to gateway Solution nat h323_destination cs 123 45 67 89 10 0 0 99 Example 2 Subscriber resides in LAN with address 10 0 0 99 gateway or several gateways in Internet with unknown address
303. uency packets received Current packet length Freq 5260 SIDS 112 S10 56 lt 14714 gt 12000 gt 14 14 20 42 lt 13713 gt lt 18000 gt 38748 30 14 lt 12712 gt lt 18000 gt 38 48 Number of packets received from each unit Current signal level Current receiving Average packet Average signal speed length level MAC MAC2 MAC3 MYNET modes These regimes perform MAC addresses analysis to estimate the number of clients with different MAC addresses and the efficiency of their utilization of the air link The analysis is carried out for all MAC addresses at the frequency previously specified by rfconfig command MAC option allows carrying the air link analysis in MAC MAC2 MAC3 MYNET modes for the specified MAC address The mac mode checks only data packets while in the mac2 mode the link level ACK messages sent by protocol support devices are also taken into account whenever possible Compared to mac2 mode mac3 mode also includes calculation of impulse noisy signals It shows number of detected pulses their average signal level and pulses per second information Copyright 2004 2012 by InfiNet Wireless 67 InfiNet Wireless WANFleX OS User Manual Finally the mynet mode performs the radio testing taking into account only packets from within the given network Example muffer rf5 0 mac2 The picture below shows the output mac2 regime Scanned Total number of lt the packet sent from speci
304. ugh the router s diagnostics port In both regimes when a packet is discarded by the filter this fact is accompanied by a warning message on the screen and registered in syslog To prevent an avalanche of faulty registration packets only the first attempt to deceive the system from the group of similar ones is registered The MAC filter algorithm consists of two steps In the normal mode default 1 First the table is searched for the MAC address of a packet being checked 2 If the MAC address is found then the received IP address is checked for correspondence with that found in the table The reverse mode enabled by reverse option and disabled by reverse swaps the above two steps 1 First the table is searched for the IP address received 2 Then the MAC address received is checked against that from the table In both regimes the parameter with which the search starts is a search key and cannot appear in the table more than once If the simple option is enabled only the first step of the above algorithm is executed If the address searched for is found in the mapping table then the packed is normally handled by the router Otherwise the packet will be discarded regardless of whether the strict option is enabled or not the second address is not checked With dhcp option enabled macf filter is automatically supplemented with addresses issued by local DHCP server These records are not stored in a permanent configuratio
305. ut before or after sign Description qm classL max N This command creates a service class L It is used for dynamic bandwidth allocation between different channels The max N option defines the total bandwidth of the class that will be limited to a given value thousands bps To delete the class qm classL clear You can create a hierarchy of service classes where a parent class is used for the dynamic allocation of its bandwidth between its subsidiary classes To do this ceil N ceilprio N parent N parameters are used The use of ceil N ceilprio N parameters is the same as in qm chN command parent N parameter defines parent class for the current class where N is a value of a parent class Copyright 2004 2012 by InfiNet Wireless 107 InfiNet Wireless WANFleX OS User Manual qm chN max N 0 ceil N 0 ceilprio N 0 latency N 0 pri P no strict pps N 0 to addr vlan N 1 dscp N 1 dotlp N 1 classL clear This command defines a logical channel N N 1 200 with properties specified by one or more command options as follows e max N sets maximum data rate for the channel in Kbit s Value range from 10 to 100000 It is also possible to set it in per cent max N of the parent class total bandwidth If set to 0 cancels any speed limitation for the channel e classL assigns service class L to the channel This additional parameter relates to the above defi
306. uter world all pass through the rf5 0 interface the following filter set will provide for proper interaction between your internal DNS server and external DNS servers while rejecting any other UDP traffic ipfw add accept udp from 0 0 53 to 0 0 53 ipfw add rf5 0 reject udp from 0 0 to 0 0 Though it may appear an easy task in reality it is very difficult to establish more open UDP access policy without creating large security holes If in particular you decide to authorize your internal clients accessing external UDP servers then you should take into account the following considerations the list is far from exhaustive If you have NFS servers these are traditionally using the UDP port 2049 TCP versions of NFS servers also use the port number 2049 which may possibly be protected by the tcp_ connection modifier see examples above Some RPC portmapper implementations have grave security problems Be very careful when authorizing external access to your internal portmapper resource at TCP or UDP port 111 Be also very careful in your choice of source and destination ports to authorize You might be tempted to authorize external packets arriving from some port numbers you know If you do always remember that a malefactor can easily send any TCP IP or UDP IP packets with any combination of source ports and addresses replacing his own ones Some Microsoft LAN Manager services use UDP As Microsoft has a visceral enmity against op
307. where A B C D is a network address M network mask and R R R R is a gateway IP address e text text string 254 characters maximum User defined options can be defined for different divisions scope and scope reservation interfaces and interface reservation server Example dhcpd start dhcpd useroption Room Numbers code 199 type n16 dhcpd scope TEST option Room Numbers 123 156 432 To delete a User Defined option use the following command dhcpd delete useroption lt NAME gt Copyright 2004 2012 by InfiNet Wireless 188 InfiNet Wireless WANFleX OS User Manual Address Time Any IP address lease is limited by the time specified in Address Time option If a client which was given a lease does not extend it within Address Time period the server will cancel the lease The value of this time may be defined by the client but it should not exceed its maximal value The maximal time of a lease is set up in Address Time of one of the divisions to which this client is applied If a server does not have this option defined the maximal time will be set to 120 seconds In case if a client does not request Address Time parameter the server will give a lease for a maximal time according to the scheme described above A client who received a lease confirms it periodically The periodicity is usually equal to the half of Address Time As an acknowledgement to the lease prolongation the server resends configuration parameters
308. witch group 1 addpri 15 switch group ID deny permit This command permits or denies processing and sending out the packets which belong to this group switch group 1D showrules This command displays detailed information about the group s classification rules including the hits counter for each rule switch group ID showblack This command displays the list of MAC addresses that are blocked due to the indeterminacy of their owner Copyright O 2004 2012 by InfiNet Wireless 86 InfiNet Wireless WANFleX OS User Manual Rules configuration commands Rules are used for the following purposes e Selecting an appropriate switching group when packet is received through eth interface Packet will be switched only by that group to which rules it fully satisfies e When packet is chosen by the switching group and group decides whether this packet needs to be sent through one of the interfaces The packet will only be sent if it satisfies the rules of this interface The rules consist of rules list and a decision by default deny permit Each rule consists of a sequential number condition and decision deny permit While going through the list the switch checks whether a packet matches the rule If it matches the rule the decision set for this rule is applied to the packet Otherwise the list of rules is viewed further Rules are taken according to their sequential number in ascending manner If a packet does not match to
309. y dfs interface_name scansec lt seconds gt sets the time that is spent on scanning each available frequency in seconds By default 6 seconds DFS default operational characteristics e Channel occupation time 24 hours e Scanned time 6 seconds for each available frequency e Listening to the Radar on the chosen frequency 1 minute DFS Master Slave configuration DFS Master is a unit that process actual frequency selection and radar detection functions DFS Slave is a unit that does not choose the frequency itself but follows DFS Master s frequency settings For example in PTP link one unit should be configured as a DFS Master and another one as a DFS Slave It is strongly recommended to set as a DFS Master the unit that is working in worthier interference conditions To set a unit as a DFS Master example 1 Seta unit as Master mint rf5 0 type master 2 Configure it as a Roaming Leader mint rf5 0 roaming leader Please refer to the Frequency roaming chapter for detailed description 3 Start DFS if not already started dfs rf5 0 dfsonly The unit will perform DFS functions and send the chosen frequency information to the DFS Slave devices To set a unit as a DFS Slave example 1 Seta unit as Slave mint rf5 0 type slave Copyright 2004 2012 by InfiNet Wireless 100 InfiNet Wireless WANFleX OS User Manual 2 Co
Download Pdf Manuals
Related Search