Page 1 GW3300 User Manual Issue: Date: 18 April 2016...
Page 2: Table Of Contents
Configuring the local access with Radius authentication ....... 23 5.10 SSH ...................... 24 5.11 Package dropbear using UCI ..............26 5.12 Certs and private keys ................26 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 2 of 324...
Page 3 Configuring management user password using package options ....69 10.12 User management using UCI ..............69 10.13 Configuring user access to specific web pages ......... 70 11 Configuring an Ethernet interface ............... 71 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 3 of 324...
Page 4 12 Configuring SAToP and CESoPSN ..............87 12.1 What are SAToP and CESoPSN? ..............87 12.2 Clocking ....................87 12.3 Virtual Access proprietary SAToP/CESoPSN protocol extension ...... 88 12.4 Configuration package used ..............88 12.5 Configuring SAToP/CESoPSN ..............89 12.6 Configuring main settings using UCI ............
Page 5 Configuring an IPSec template to use with DMVPN ........214 21.6 IPSec diagnostics using the web interface ..........216 21.7 IPSec diagnostics using UCI ..............216 22 Configuring firewall .................. 217 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 5 of 324...
Page 6 28.2 Creating a GRE connection using the web interface ........281 28.3 GRE configuration using command line ............ 285 28.4 GRE configuration using UCI ..............285 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 6 of 324...
Page 7 Configuration package used ..............320 32.2 Configuring SLA for a router using the web interface ......... 320 32.3 Configuring SLA for a router using the UCI interface ........322 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 7 of 324...
Page 8: Introduction
1: Introduction _______________________________________________________________________________________________________ 1 Introduction This user manual describes the features and how to configure Virtual Access GW3300 Series routers. Designed for managed network providers, GW3300 Series routers provide secure WAN connectivity for internet and private networking environments over 3G or 4G broadband paths and incorporate optional 802.11n WiFi connectivity.
Page 9 Throughout the document, we use the host name ‘VA_router’ to cover all router models. UCI commands and package option examples are shown in the following format: root@VA_router:~# vacmd show current config _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 9 of 324...
Page 10 1.2.4 UCI commands For detailed information on using UCI commands, read chapters ‘Router File Structure’ and ‘Using Command Line Interface’. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 10 of 324...
Page 11: Gw3300 Series Hardware
RS232 for the first port and RS485 for the second port. For more information on using the port in RS485 mode, read the Terminal Server section of this manual. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 11 of 324...
Page 12: Rs232 Mode Pin-Out On The Gw3300
Quad-band EDGE/ GPRS/GSM 850/900/1800/1900 MHz 2.7 WiFi technology • 802.11 a/b/g/n • Dual band 2.4GHz and 5GHz 802.11ndata rate to 300Mbps • At least 20dBm output power • _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 12 of 324...
Page 13: Power Supply
Table 4: RF bands with operating temperatures 2.11 Antenna Up to 7 SMA female connectors: 2 x WiFi • 2 x WAN-1 • 2 x WAN-2 • 1 xGPS, 5V power • _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 13 of 324...
Page 14: Getting Started
If only connecting one antenna, screw the antenna into the MAIN SMA connector. If using multiple antennas, screw the antennas into the relevant SMA connectors. Virtual Access supplies a wide range of antennas. Please visit our website: www.virtualaccess.com or contact Virtual Access for more information.
Page 15: Reset Button
You can use recovery mode to manipulate the config files, but should only be used if all other configs files are corrupt. If your router has entered recovery mode, contact your local reseller for access information. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 15 of 324...
Page 16: Gw3300 Series Led Behaviour
The Ethernet ports have two LEDs: a LINK LED (green) and an ACT LED (amber). When looking at the ports, the LED on the left hand side is the LINK LED, and the ACT LED is on the right hand side. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 16 of 324...
Page 17 Link LED (green) Physical Ethernet link detected. No data is being transmitted/received over the link. ACT LED (amber) Flashing Data is being transmitted/ received over the link. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 17 of 324...
Page 18: Factory Configuration Extraction From Sim Card
4: Factory configuration extraction from SIM card _______________________________________________________________________________________________________ 4 Factory configuration extraction from SIM card Virtual Access routers have a feature to update the factory configuration from a SIM card. This allows you to change the factory configuration of a router when installing the SIM.
Page 19: Accessing The Router
The default settings are shown below. The username and password are case sensitive. In the username field, type root. In the Password field, type admin. Click Login. The Status page appears. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 19 of 324...
Page 20: Accessing The Router Over Ethernet Using An Ssh Client
5.4 Accessing the router over Ethernet using a Telnet client Telnet is disabled by default, when you enable Telnet, SSH is disabled. To enable Telnet, enter: root@VA_router: ~# /etc/init.d/dropbear disable root@VA_router: ~# reboot -f _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 20 of 324...
Page 21: Configuring The Password
Web: Password Defines the root password. The password is displayed encrypted via the CLI using the ‘hashpassword’ option. UCI: system.main.password UCI: system.main.hashpassword Opt: password Opt: hashpassword _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 21 of 324...
Page 22: Configuring The Password Using Uci
'$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw option password ‘newpassword’ The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 22 of 324...
Page 23: Configuring The Local Access With Radius Authentication
'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' config pam_auth option enabled 'yes' option pamservice 'sshd' option pammodule 'auth' option pamcontrol 'sufficient' option type 'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 23 of 324...
Page 24: Ssh
5.10.2 SSH access using the web interface In the top menu, click System -> Administration. The Administration page appears. Scroll down to the SSH Access section. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 24 of 324...
Page 25 Web: n/a Defines a banner file to be displayed during login. UCI: dropbear.@dropbear[0]. BannerFile /etc/banner Opt: BannerFile Range Table 10: Information table for SSH access settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 25 of 324...
Page 26: Package Dropbear Using Uci
To access certs and private keys, in the top menu, click System -> Administration. The Administration page appears. Scroll down to the Certs & Private Keys section. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 26 of 324...
Page 27: Configuring A Router's Web Server
To configure the router’s HTTP server parameters, in the top menu, select Services -> HTTP Server. The HTTP Server page has two sections. Main Settings Server configurations Certificate Settings SSL certificates. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 27 of 324...
Page 28: Main Settings
Defines the prefix for CGI scripts, relative to the document root. CGI support is disabled if this option is missing. UCI: uhttpd.main.cgi_prefix /cgi-bin Opt: cgi_prefix Range _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 28 of 324...
Page 29 Enables option to reject requests from RFC1918 IPs to public server IPs (DNS rebinding counter measure). UCI: uhttpd.main.rfc1918_filter=1 Disabled. Opt: rfc1918_filter Enabled. Table 11: Information table for http server basic settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 29 of 324...
Page 30 '0.0.0.0:443' option home '/www' option rfc1918_filter '1' option cert '/etc/uhttpd.crt' option key '/etc/uhttpd.key' option cgi_prefix '/cgi-bin' option script_timeout '60' option network_timeout '30' option config '/etc/http.conf' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 30 of 324...
Page 31 Activation, this must be set to the serial number (Eth0 UCI: uhttpd.commonname MAC address) of the device. Opt: commonname Table 12: Information table for HTTP server certificate settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 31 of 324...
Page 32: Basic Authentication (Httpd Conf)
/etc/shadow or /etc/passwd. If you use $p$… format, uhttpd will compare the client provided password against the one stored in the shadow or passwd database. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 32 of 324...
Page 33: Securing Uhttpd
To get your current LAN IP address, enter: uci get network.lan.ipaddr Then modify the configuration appropriately: uci set uhttpd.main.listen_http='192.168.1.1:80' uci set uhttpd.main.listen_https='192.168.1.1:443' config 'uhttpd' 'main' list listen_http 192.168.1.1:80 list listen_https 192.168.1.1:443 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 33 of 324...
Page 34: System Settings
Configure the router’s web language and style. Time synchronization Configure the NTP server in this section. 6.2.1 General settings Figure 12: General settings in system properties _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 34 of 324...
Page 35 External syslog server IP address. UCI: system.main.log_ip Range Opt: log_ip 0.0.0.0 Web: External system log server port External syslog server port number. UCI: system.main.log_port Range Opt: log_port _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 35 of 324...
Page 36 UCI: system.main.log_type option. Opt: log_type Table 14: Information table for the logging section 6.2.3 Language and style Figure 14: The language and style section in system properties _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 36 of 324...
Page 37: System Reboot
In the top menu, select System -> Reboot. The System page appears. Ensure you have saved all your configuration changes before you reboot. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 37 of 324...
Page 38: System Settings Using Uci
'system' config 'system' 'main' option 'hostname' "VA_router" option 'timezone' "UTC" option 'log_ip' "1.1.1.1" option 'log_port' "514" option time_save_interval_min "10" option conloglevel '8' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 38 of 324...
Page 39: System Diagnostics
Shows the log on an ongoing basis while in the background. This allows you to run other commands while still tracing the event logs. To stop this option, type fg to view the current jobs, then press ctrl-c to kill those jobs. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 39 of 324...
Page 40 /root/syslog.messages Shows end of the events stored flash. root@VA_router:~# tail –f /root/syslog.messages & Shows the log on an ongoing basis. To stop this option, press ctrl-c. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 40 of 324...
Page 41: Upgrading Router Firmware
7 Upgrading router firmware 7.1 Upgrading firmware using the web interface Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab > Backup/Flash Firmware. The Flash operations page appears.
Page 42: Upgrading Firmware Using Cli
To connect to your TFTP server, enter atftp x.x.x.x (where x.x.x.x is the IP of your PC). Press Enter. While in the TFTP application to get the image, enter: get GIG-15.00.38.image _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 42 of 324...
Page 43 To set the next image to boot to the alternative image, enter: vacmd set next image altimage For your configuration changes to apply, you must reboot your router. Enter: reboot _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 43 of 324...
Page 44: Router File Structure
System information is also available from the CLI if you enter the following command: root@VA_router:~# va_vars.sh The example below shows the output from the above command. VA_SERIAL: 00E0C8121215 VA_MODEL: GW0000 VA_ACTIVEIMAGE: image2 VA_ACTIVECONFIG: config1 VA_IMAGE1VER: VIE-16.00.44 VA_IMAGE2VER: VIE-16.00.44 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 44 of 324...
Page 45: Image Files
8.4 Viewing and changing current configuration To show the configuration currently running, enter: root@VA_router:~# va_config.sh To show the configuration to run after the next reboot, enter: root@VA_router:~# va_config.sh next _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 45 of 324...
Page 46: Configuration File Syntax
Table 1: Common commands, target and their descriptions 8.6 Managing configurations 8.6.1 Managing sets of configuration files using directory manipulation Configurations can also be managed using directory manipulation. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 46 of 324...
Page 47: Exporting A Configuration File
In the top menu, select System tab > Backup/Flash Firmware. The Flash operations page appears. Figure 22: The flash operations page Under Backup/Restore select Generate Archive. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 47 of 324...
Page 48: Importing A Configuration File
In the top menu, select System tab > Backup/Flash Firmware. The Flash operations page appears. Figure 23: The flash operations page Under Backup/Restore, choose Restore Backup: Choose file. Select the appropriate file and then click Upload archive. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 48 of 324...
Page 49 –c /etc/config1/ import <paste in config file> <CTRL-D> Note: it is very important that the config file is in the correct format otherwise it will not import correctly. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 49 of 324...
Page 50: Using The Command Line Interface
9: Using the Command Line Interface _______________________________________________________________________________________________________ 9 Using the Command Line Interface This chapter explains how to view Virtual Access routers' log files and edit configuration files using a Command Line Interface (CLI) and the Unified Configuration Interface (UCI) system.
Page 51 0 Jul 3 11:37 usr lrwxrwxrwx 1 root root 4 Jul 16 2012 var -> /tmp drwxr-xr-x 4 root root 67 Jul 16 2012 www _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 51 of 324...
Page 52 444 S -ash 374 root 344 R ps ax 375 root 400 S /bin/sh /sbin/hotplug button 384 root 396 R /bin/sh /sbin/hotplug button 385 root [keventd] _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 52 of 324...
Page 53: Using Unified Configuration Interface (Uci)
<config>.<section>[.<option>]=<name> revert <config>[.<section>[.<option>]] Options: -c <path> set the search path for config files (default: /etc/config) -d <str> set the delimiter for list values in uci show _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 53 of 324...
Page 54 Renames the given option or section to the rename <config>.<section>[.<option>]=<name> given name. Deletes staged changes to the given option, revert <config>[.<section>[.<option>]] section or configuration file. Table 17: Common commands, target and their descriptions _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 54 of 324...
Page 55 To show the configuration ‘tree’ for a given config, enter: root@VA_router:/# uci show network network.loopback=interface network.loopback.ifname=lo network.loopback.proto=static network.loopback.ipaddr=127.0.0.1 network.loopback.netmask=255.0.0.0 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 55 of 324...
Page 56 9.2.4 Display just the value of an option To display a specific value of an individual option within a package, enter: root@VA_router:~# uci get httpd.@httpd[0].port root@VA_router:~# _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 56 of 324...
Page 57 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 57 of 324...
Page 58: Configuration Files
9.3 Configuration files The table below lists common package configuration files that can be edited using uci commands. Other configuration files may also be present depending on the specific options available on the Virtual Access router. File Description Management...
Page 59 It is important to note that identifiers and config file names may only contain the characters a-z, A-Z, 0-9 and _. However, option values may contain any character, as long they are properly quoted. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 59 of 324...
Page 60: Management Configuration Settings
10.2 Monitor Monitor is a Virtual Access proprietary tool, based on SNMP protocol, to monitor wide networks of deployed routers. The router will be configured to send information to Monitor, which is then stored and viewed centrally via the Monitor application. This includes features such as traffic light availability status, syslog and SLA monitoring.
Page 61: Autoload Packages
In the top menu, select Services ->Autoload. The Autoload page has two sections: Basic Settings and Entries. Click Add to access configuration settings for each section. Figure 25: The autoload settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 61 of 324...
Page 62 Notifies activator sequence is complete. Opt: RemoteFilename $$ ini Request configuration $$ img Request firmware Note: $$.vas should always be requested last. Table 18: Information table for autoload _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 62 of 324...
Page 63: Autoload Using Uci
'core' 'main' option 'Enabled' "yes" option 'StartTimer' "10" option 'RetryTimer' "30" option 'NumberOfRetries' "5" option 'BackoffTimer' "15" option 'BootUsingConfig' "altconfig" option 'BootUsingImage' "altimage" config 'entry' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 63 of 324...
Page 64: Http Client: Configuring Activation Using The Web Interface
To configure HTTP Client for Activator, in the top menu, click Services -> HTTP Client. The HTTP Client page has two sections: Basic Settings and Advanced Settings. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 64 of 324...
Page 65 Opt: SecureDownload Disabled. Advanced settings Web: ActivatorDownloadPath Specifies the URL on Activator to which the client should send requests. UCI: httpclient.default.ActivatorDownloadPath /Activator/Sessionle ss/Httpserver.asp Opt: ActivatorDownloadPath Range _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 65 of 324...
Page 66: Httpclient: Activator Configuration Using Uci
10.1.83.37:80 httpclient.default.SecureFileServer=10.1.83.36:443 10.1.83.37:443 httpclient.default.ActivatorDownloadPath=/Activator/Sessionless/Httpserver. httpclient.default.SecureDownload=no httpclient.default.PresentCertificateEnabled=no httpclient.default.ValidateServerCertificateEnabled=no httpclient.default.CertificateFile=/etc/httpclient.crt httpclient.default.CertificateFormat=PEM httpclient.default.CertificateKey=/etc/httpclient.key Httpclient: Activator configuration package options example root@VA_router:~# uci export httpclient package httpclient config core 'default' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 66 of 324...
Page 67: User Management Using Uci
Web: n/a Specifies web access permissions for the user. Note: webuser will only work if linuxuser is set to Enabled. UCI: management_users.@user[x].webuser Disabled. Opt: webuser Enabled. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 67 of 324...
Page 68: Configuring The Management User Password Using Uci
The new password will take effect after reboot and will now be displayed in encrypted format through the hashpassword option. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 68 of 324...
Page 69: Configuring Management User Password Using Package Options
User management using package options root@VA_router:~# uci export management_users package management_users config user option enabled ‘1’ _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 69 of 324...
Page 70: Configuring User Access To Specific Web
The user can view flash operation page only. To specify monitor widgets only, enter: listallowed_pages 'monitor/<widgetname>' Example widget names are: dhcp, arp, 3gstats, interfaces, memory, multiwan, network, openvpn, routes, system, ipsec, dmvpn, tservd. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 70 of 324...
Page 71: Configuring An Ethernet Interface
To create and edit interfaces via the web interface, in the top menu, click Network -> Interfaces. The Interfaces overview page appears. Figure 27: The interfaces overview page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 71 of 324...
Page 72: Virtual Access
11.2.2 Interface overview: creating a new interface To create a new interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 28: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 72 of 324...
Page 73 'Bring up on boot', 'Monitor interface state', Override MAC address, Override MTU and 'Use gateway metric' Physical Settings Bridge interfaces, VLAN PCP to SKB priority mapping, Firewall settings Assign a firewall zone to the interface _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 73 of 324...
Page 74 Web: IPv6 gateway Assign given IPv6 default gateway to this interface (optional). UCI: network.<if name>.ip6gw Opt: ip6gw Table 22: Information table for LAN interface common configuration settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 74 of 324...
Page 75 UCI: network.<if name>.metric Opt: metric Range Table 23: Information table for common configuration advanced settings 11.2.3.3 Common configuration: physical settings Figure 30: The Common configuration physical settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 75 of 324...
Page 76 11.2.4 Interface overview: IP-aliases IP aliasing is associating more than one IP address to a network interface. You can assign multiple aliases. 11.2.4.1 IP-alias packages Package Sections Network alias _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 76 of 324...
Page 77 UCI: network.<alias name>.netmask Opt: netmask Web: IPv4-Gateway Defines the gateway for the IP alias. UCI: network.<alias name>.gateway Opt: gateway Table 26: Information table for IP-Alias general setup page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 77 of 324...
Page 78 Figure 35: The DHCP Server settings section The DHCP Server configuration options will appear. The DHCP Server is divided into two sub sections – general setup and advanced. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 78 of 324...
Page 79 Opt: leasetime Range Table 28: Information table for DHCP server general setup page 11.2.5.3 DHCP Server: advanced settings Figure 37: The DHCP server advanced settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 79 of 324...
Page 80: Interface Configuration Using Uci
The configuration files are stored on /etc/config/network, /etc/config/firewall and /etc/config/dhcp root@VA_router:~# uci show network ….. network.newinterface=interface network.newinterface.proto=static network.newinterface.ifname=eth0 network.newinterface.monitored=0 network.newinterface.ipaddr=2.2.2.2 network.newinterface.netmask=255.255.255.0 network.newinterface.gateway=2.2.2.10 network.newinterface.broadcast=2.2.2.255 network.newinterface.vlan_qos_map_ingress=1:2 2:1 network.ethalias1=alias network.ethalias1.proto=static network.ethalias1.interface=newinterface network.ethalias1.ipaddr=10.10.10.1 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 80 of 324...
Page 81 'newinterface' option proto 'static' option ifname 'eth0' option monitored '0' option ipaddr '2.2.2.2' option netmask '255.255.255.0' option gateway '2.2.2.10' option broadcast '2.2.2.255' list vlan_qos_map_ingress '1:2' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 81 of 324...
Page 82 …… config dhcp option start '100' option leasetime '12h' option limit '150' option interface 'newinterface' To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 82 of 324...
Page 83: Configuring Port Maps
Eth3 assigned to switch port B Eth3 assigned to switch port C Eth3 assigned to switch port C Table 30: Information table for Interface Port Map page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 83 of 324...
Page 84: Interface Diagnostics
Link encap:Point-to-Point Protocol inet addr:10.33.152.100 P-t-P:178.72.0.237 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:23 errors:0 dropped:0 overruns:0 carrier:0 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 84 of 324...
Page 85 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7710 errors:0 dropped:0 overruns:0 frame:0 TX packets:535 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:647933 (632.7 KiB) TX bytes:80978 (79.0 KiB) _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 85 of 324...
Page 86: Route Status
Destination Gateway Genmask Flags Metric Ref Iface 192.168.100.0 255.255.255.0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 86 of 324...
Page 87: Configuring Satop And Cesopsn
CESoPSN is an abbreviation for “Circuit Emulation Services over Packet Switched Network”. It is defined in IETF RFC5086 and is currently supported on Virtual Access router models fitted with ALL, X.21 or E1/T1 interfaces. It is used to carry an analogue leased line, an X.21 interface, an E1 timeslot or a group of E1 timeslots over a packet...
Page 88: Virtual Access Proprietary Satop/Cesopsn Protocol Extension
12.3 Virtual Access proprietary SAToP/CESoPSN protocol extension To compensate for packet loss in the network, Virtual Access implemented a proprietary extension to SAToP/CESoPSN. When enabled, a copy of the previous packet payload is added to the end of the packet. With the help of this mechanism it is possible to overcome the loss of single packets.
Page 89: Configuring Satop/Cesopsn
Note: the Blackbox tab only appears if Blackbox is configured on your router. Figure 41: SAToP/CESoPSN basic settings Figure 42: SAToP/CESoPSN blackbox settings Figure 43: SAToP/CESoPSN advanced settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 89 of 324...
Page 90: Configuring Main Settings Using Uci
Enables the use of the TOS field in the IP header. UCI: cesopd.main.tos_enabled Disabled. Opt: tos_enabled Enabled. Web: TOS Value Note: before changing this value, consult with Virtual Access support. UCI: cesopd.main.tos_enabled Decimal value of the TOS field in the IP Opt: tos_value header.
Page 91: Configuring Port Settings Using The Web Interface
The web interface for port settings is divided into 5 sections: Basic, Advanced, E1, Dual X.21 and ALL. Note: for E1 CESoPSN, a port represents a timeslot or group of timeslots. Figure 44: CESoPSN basic port settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 91 of 324...
Page 92 12: Configuring SAToP and CESoPSN _______________________________________________________________________________________________________ Figure 45: CESoPSN advanced port settings Figure 46: CESoPSN E1 port settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 92 of 324...
Page 93 12: Configuring SAToP and CESoPSN _______________________________________________________________________________________________________ Figure 47: CESoPSN dual X.21 port settings Figure 48: CESoPSN ALL port settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 93 of 324...
Page 94 Opt: rtp_header_enabled Disabled. Enabled. Web: Enable Packet Redundancy Enables a Virtual Access proprietary CESoPSN protocol extension, which can help to overcome packet loss. See the section ‘Virtual UCI: Access proprietary CESoPSN protocol extension’ for more cesopd.[port].va_prop_payload_redundan information.
Page 95 Specifies the TE/NT mode of the local end of the E1 interface. UCI: cesopd.[port].e1t1_end For CESoPSN this should be defined for first port only. Opt: e1t1_end _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 95 of 324...
Page 96 UCI: cesopd.[port].dce N/A for E1 and ALL. Opt: dce Disabled. Enabled. Web:FIFO IRQ Level Specifies the FIFO IRQ Level. Note: before changing this value, consult with Virtual Access UCI: cesopd.[port].fifo_irq_level support. Opt: fifo_irq_level Specifies the IRQ level. Range 1-5. Web:Bit reverse Enables reverse bit order of TDM data.
Page 97: Configuring Port Settings Using Uci
12: Configuring SAToP and CESoPSN _______________________________________________________________________________________________________ Web:Driver Poll Interval Specifies the driver poll interval in milliseconds. Note: before changing this value, consult with Virtual Access UCI: cesopd.[port].tdm_intvl_ms support. Opt: tdm_intvl_ms Specifies the poll interval. Range 1-10. Table 34: Dual X.21 port settings...
Page 98 'ttyU0' ……. <generic port options> ……. option e1t1_end '1' option e1t1_line_code '1' option e1t1_framing '2' option e1t1_impedance '1' option e1t1_timeslot '1' option e1t1_protocol '0' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 98 of 324...
Page 99: Cesopsn Diagnostics
To view the SAToP/CESoPSN configuration, enter: root@VA_router:~# # uci export cesopd package cesopd config cesopd 'main' option log_severity '5' option enable '1' config port 'Port1' option enable '1' option devname 'ttyLC0' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 99 of 324...
Page 100 12.9.1 cesop show config To show the currently running configuration, enter: root@VA_router:~# cesop show config Main Config ----------- enable nodaemon log_severity tos_enabled tos_value : 16 blackbox_enabled _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 100 of 324...
Page 101 : 100 packetization_latency rx_jitter_buffer_enabled rx_jitter_buffer_size_ms : 16 app_bit_reverse app_rx_shift va_prop_payload_redundancy_enabled: 0 devname : ttyU0 local_loopback rate ext_clock fifo_irq_level bit_reverse dte_tt_inv dce_tclk_inv dce_rclk_inv x21_clk_invert x21_data_delay x21_use_vco _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 101 of 324...
Page 102 Rx CESoPSN Header L-Bit Rx CESoPSN Header R-Bit Rx CESoPSN Header M-Bits Rx TDM Payload [55][D5]... Tx CESoPSN Header L-Bit Tx CESoPSN Header R-Bit Tx CESoPSN Header M-Bits _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 102 of 324...
Page 103 1468766480 Bytes received 1468766480 Transmit failures Receive failures SAToP/CESoP statistics ------------------- Rx: header errors Rx: packets lost Rx: lost packets recovered Rx: TDM payload length errors _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 103 of 324...
Page 104 The output provided by cesop show debug is intended for Virtual Access support technicians and therefore the interpretation of the output produced by cesop show debug command is not explained here.
Page 105 Receive address errors SAToP/CESoP statistics ------------------- Rx: header errors Rx: packets lost Rx: lost packets recovered Rx: TDM payload length errors Tx: TDM payload length errors _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 105 of 324...
Page 106 If enabled, the blackbox records instances of packet loss or the late transmission and reception of packets. The information stored in the blackbox can help Virtual Access support analyse problems such as excessive jitter and packet loss. The information in the blackbox is intended for Virtual Access technicians and therefore, the interpretation of the output produced by cesop blackbox show command is not explained here.
Page 107 0 rxCrcErr 0 rxLengthErr 0 rxAborts 0 12.9.8 cesop clear usbcard stats To reset the E1 card statistical counters, enter: root@VA_router:~# cesop clear usbcard stats USB card stats cleared _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 107 of 324...
Page 108 To view the bit error rate test status and statistical counters, enter: root@VA_router:~# cesop show bert stats Bit Error Rate Test Status -------------------------- BERT Sync Bit errors Bit rate 64000 bps Elapsed time 23 seconds _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 108 of 324...
Page 109 12: Configuring SAToP and CESoPSN _______________________________________________________________________________________________________ 12.9.13 cesop clear bert stats To reset the bit error rate test statistical counters, enter: root@VA_router:~# cesop clear bert stats bert stats cleared _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 109 of 324...
Page 110: Dhcp Server And Dns Configuration (Dnsmasq)
In the top menu, select Network -> DHCP and DNS. The DHCP and DNS page appears. There are three sections: Server Settings, Active Leases, and Static Leases. Figure 49: The DHCP and DNS page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 110 of 324...
Page 111 UCI: dhcp.@dnsmasq[0].rebind_domain multiple servers should be entered with a space between them. Opt: list rebind_domain No list configured. Range Table 36: Information table for general server settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 111 of 324...
Page 112 Defines local host’s files. When using UCI multiple servers should be entered with a space between them. UCI: dhcp.@dnsmasq[0].addnhosts Opt: list addnhosts Table 37: Information table for resolv and host files section _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 112 of 324...
Page 113 Defines the filename of the boot image advertised to clients. This specifies BOOTP options, in most cases just the file name. UCI: dhcp.@dnsmasq[0].dhcp_boot Opt: dhcp_boot Table 38: Information table for TFTP settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 113 of 324...
Page 114 Defines whether to uses IP address to match the incoming interface if multiple addresses are assigned to a host name in UCI: dhcp.@dnsmasq[0].localise_queries /etc/hosts. Opt: localise_queries Enabled. Disabled. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 114 of 324...
Page 115 Opt: dnsforwardmax Range Table 39: Information table for advanced settings 13.2.5 Active leases This section displays all currently active leases. Figure 53: The active leases section _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 115 of 324...
Page 116 Web: IPv4 Address The IPv4 address specifies the fixed address to use for this host.. UCI: dhcp.@host[0].ip Opt: ip Table 41: Information table for static leases _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 116 of 324...
Page 117: Configuring Dhcp And Dns Using Uci
2.2.2.2 dhcp.@dnsmasq[0].rebind domain=tes.domain dhcp.@dnsmasq[0].enable_tftp=0 dhcp.@dnsmasq[0].tftp_root=/tmp/tftp dhcp.@dnsmasq[0].dhcp_boot=boot.image _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 117 of 324...
Page 118 '/tmp/tftp' option dhcp_boot 'boot.image' option filterwin2k '1' option nonegcache '1' option strictorder '1' list bogusnxdomain '1.1.1.1 ' list bogusnxdomain '2.2.2.2' option port '53' option dhcpleasemax '150' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 118 of 324...
Page 119: Configuring Dhcp Pools Using Uci
'dhcp' 'lan' option 'interface' 'lan' option 'start' '100' option 'limit' '150' option 'leasetime' '12h' option ignore _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 119 of 324...
Page 120: Configuring Static Leases Using Uci
You can assign fixed IP addresses to hosts on your network, based on their MAC (hardware) address. root@VA_router:~# uci show dhcp.mypc dhcp.mypc=host root@VA_router:~# uci show dhcp.mypc dhcp.mypc.ip=192.168.1.2 dhcp.mypc.mac=00:11:22:33:44:55 dhcp.mypc.name=mypc _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 120 of 324...
Page 121 '00:11:22:33:44:55' option name 'mypc' This adds the fixed IP address 192.168.1.2 and the name "mypc" for a machine with the (Ethernet) hardware address 00:11:22:33:44:55. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 121 of 324...
Page 122: Configuring Static Routes
Configuring static routes using the web interface In the top menu, select Network -> Static Routes. The Routes page appears. Figure 55: The routes page In the IPv4 Routes section, click Add. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 122 of 324...
Page 123: Configuring Ipv6 Routes Using The Web Interface
UCI: network.@route[1].mtu Empty Opt:mtu Range Table 44: Information table for IPv6 routes When you have made your changes, click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 123 of 324...
Page 124: Configuring Routes Using Command Line
The command line example routes in the subsections below do not have a configured name. root@VA_router:~# uci show network network.@route[0]=route network.@route[0].interface=lan network.@route[0].target=3.3.3.10 network.@route[0].netmask=255.255.255.255 network.@route[0].gateway=10.1.1.2 network.@route[0].metric=3 network.@route[0].mtu=1400 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 124 of 324...
Page 125: Ipv4 Routes Using Package Options
IPv6 routes using packages options root@VA_router:~# uci export network package network …. config route option interface 'lan' option target '2001:0DB8:100:F00:BA3::1/64' option gateway '2001:0DB8:99::1' option metric ‘1’ option mtu '1500' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 125 of 324...
Page 126: Static Routes Diagnostics
Destination Gateway Genmask Flags Metric Ref Iface 192.168.100.0 255.255.255.0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 126 of 324...
Page 127: Configuring Bgp (Border Gateway Protocol)
In the top menu, select Network -> BGP. BGP configuration page appears. The page has three sections: Global Settings, BGP Neighbours and BGP Route Map. Figure 56: BGP page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 127 of 324...
Page 128 Scroll down to the BGP Route Map section. Type in a name for the BGP route map name and then click Add. The ROUTEMAP configuration section appears. You can configure multiple route maps. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 128 of 324...
Page 129 Defines the set value when a match occurs. Value format depends on the set option you have selected. UCI: bgpd.ROUTEMAP.set Opt: set Table 46: Information table for routemap _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 129 of 324...
Page 130: Configuring Bgp Using Uci
You can also configure BGP using UCI. The configuration file is stored on /etc/config/bgpd root@VA_router:~# uci show bgpd bgpd.bgpd=routing bgpd.bgpd.enabled=yes bgpd.bgpd.router_id=3.3.3.3 bgpd.bgpd.asn=1 bgpd.bgpd.network=11.11.11.0/29 192.168.103.1/32 bgpd.@peer[0]=peer bgpd.@peer[0].route_map_in=yes bgpd.@peer[0].ipaddr=11.11.11.1 bgpd.@peer[0].asn=1 bgpd.@peer[0].route_map=ROUTEMAP bgpd.ROUTEMAP=routemap _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 130 of 324...
Page 131: Configuring Bgp Using Packages Options
'ROUTEMAP' config routemap 'ROUTEMAP' option order '10' option permit 'yes' option match_type 'ip address' option match '192.168.101.1/32' option set_type 'ip next-hop' option set '192.168.101.2/32' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 131 of 324...
Page 132: View Routes Statistics
To view routes via the command line, enter: root@support:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Iface 10.1.0.0 0.0.0.0 255.255.0.0 0 br- lan2 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 132 of 324...
Page 133: Configuring A Wifi Connection
_______________________________________________________________________________________________________ 16 Configuring a WiFi connection This section explains how to configure WiFi on a Virtual Access router using the web interface or via UCI. WiFi can act as an Access Point (AP) to another device in the network or it can act as a client to an existing AP.
Page 134 0dBm(1mW)-17dBm(50mW) Opt: txpower 17dBM(50mW) Table 48: Information table for the device configuration section 16.2.1.2 Device configuration: advanced settings Figure 63: The device configuration advanced settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 134 of 324...
Page 135 16.2.2.1 Interface configuration: general setup Use this section to configure the interface name, mode and network settings. Differing web options may be presented depending on the Mode selected. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 135 of 324...
Page 136 16.2.2.2 Interface configuration: wireless security Use this section to configure encryption, ciper and create a security key. Differing options wil be defined depending on the encryption selected. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 136 of 324...
Page 137 Web: Key #4 Specifies the fourth wireless key authentication phrase. UCI:wireless.@wifi-iface[0].key4 Opt: key4 Web: Radius Authentication-Server Defines the Radius server for EAP authentication. UCI:wireless.@wifi- iface[0].auth_serverOpt: auth server _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 137 of 324...
Page 138 UCI. MAC must be in the format UCI: wireless.@wifi-iface[0].maclist hh:hh:hh:hh:hh:hh Opt: list maclist Table 52: Information table for interface configuration MAC filter section _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 138 of 324...
Page 139: Configuring Wifi In Ap Mode
WiFi AP. The Common Configuration page appears. It has four sections. This configuration only uses the Physical Settings section. Figure 67: The physical settings section in the common configuration page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 139 of 324...
Page 140: Configuring Wifi Using Uci
'radio0' option type 'mac80211' option channel '11' option phy 'phy0' option hwmode '11ng' option htmode 'HT20' list ht_capab 'SHORT-GI-40' list ht_capab 'TX-STBC' list ht_capab 'RX-STBC1' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 140 of 324...
Page 141 TX-STBC RX-STBC1 DSSS_CCK-40 wireless.radio0.txpower=17 wireless.radio0.country=US wireless.@wifi-iface[0]=wifi-iface wireless.@wifi-iface[0].device=radio0 wireless.@wifi-iface[0].mode=ap wireless.@wifi-iface[0].disabled=1 wireless.@wifi-iface[0].ssid=Test_AP wireless.@wifi-iface[0].network=newlan wireless.@wifi-iface[0].encryption=psk wireless.@wifi-iface[0].key=secretkey _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 141 of 324...
Page 142 'US' config wifi-iface option device 'radio0' option mode 'ap' option disabled '1' option ssid 'Test_AP' option network 'lan' option encryption 'psk' option key 'secretkey' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 142 of 324...
Page 143: Creating A Wifi In Client Mode Using The Web Interface
WiFi interface’, selecting a new interface for the Wireless Network in the Interface Configuration section. For the examples below the new WiFi interface will be called ‘newwifiClient’ Example: wireless.@wifi-iface[0].network=newwifiClient wireless.@wifi-iface[0].mode=sta _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 143 of 324...
Page 144 When you have clicked Save and Apply, the router will restart the network package. It may take up to one minute for connectivity to the router to be restored. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 144 of 324...
Page 145: Configuring Wifi In Client Mode Using Command Line
'17' option country 'US' config wifi-iface option device 'radio0' option ssid 'Remote-AP' option mode 'sta' option network ' newwifiClient ' option encryption 'psk2' option key 'testtest' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 145 of 324...
Page 146 16.6.2.1 uci show wireless root@VA_router:~# uci show wireless wireless.radio0=wifi-device wireless.radio0.type=mac80211 wireless.radio0.channel=11 wireless.radio0.phy=phy0 wireless.radio0.hwmode=11ng wireless.radio0.htmode=HT20 wireless.radio0.ht_capab=SHORT-GI-40 TX-STBC RX-STBC1 DSSS_CCK-40 wireless.radio0.txpower=17 wireless.radio0.country=US wireless.@wifi-iface[0]=wifi-iface wireless.@wifi-iface[0].device=radio0 wireless.@wifi-iface[0].ssid=Remote-AP wireless.@wifi-iface[0].mode=sta wireless.@wifi-iface[0].network= newwifiClient wireless.@wifi-iface[0].encryption=psk2 wireless.@wifi-iface[0].key=testtest _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 146 of 324...
Page 147: Configuring A Mobile Connection
To create a new mobile interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 69: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 147 of 324...
Page 148 Advanced Settings Setup more indept features such as initionalization timeout, LCP echo failure thresholds and inactivity timeouts. Firewall settings Assign a firewall zone to the connection. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 148 of 324...
Page 149 GSM module will automatically detect the best available technology code. Web: Operator PLMN code Specifies an operator code to force the connection to a particular carrier. UCI: network.3G.operator Opt: operator _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 149 of 324...
Page 150 Enabled if status of interface is presented on Monitoring platform. UCI: network.3G.monitored Opt: monitored Web: Enable IPv6 negotiation on the PPP Enables IPv6 routing on the interface. link UCI: network.3G.ipv6 Opt: ipv6 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 150 of 324...
Page 151 Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it. Figure 72: Firewall settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 151 of 324...
Page 152: Configuring A Mobile Connection Using Uci
Mobile status using UCI To display information and status of mobile interfaces such as 3G, 4G or CDMA, enter: root@VA_router:~# cat /var/state/mobile mobile.3g_1_1_1=status mobile.3g_1_1_1.auto_info=/etc/3g_1-1.1.auto mobile.3g_1_1_2=status mobile.3g_1_1_2.auto_info=/etc/3g_1-1.2.auto mobile.3g_1_1_1.sim_slot=1 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 152 of 324...
Page 153 Home network mobile.3g_1_1_1.reg_code_pkt=1 mobile.3g_1_1_1.area=FFFE mobile.3g_1_1_1.cell=189150A mobile.3g_1_1_1.tech=7 mobile.3g_1_1_1.technology=E-UTRAN mobile.3g_1_1_1.operator=0,0,"Vodafone",7 mobile.3g_1_1_1.sim1_iccid=89460127120912066226 mobile.3g_1_1_2.sim_slot=1 mobile.3g_1_1_2.sim_in=yes mobile.3g_1_1_2.operator="Vodafone" mobile.3g_1_1_2.cdma_roaming=Not Roaming mobile.3g_1_1_2.cdma_roaming_code=0 mobile.3g_1_1_2.cdma_srvmode=EVDO Rev B mobile.3g_1_1_2.cdma_srvmode_code=5 mobile.3g_1_1_2.cdma_total_drc=0.0 kbps mobile.3g_1_1_2.cdma_carr_cnt=2 mobile.3g_1_1_2.cdma_rx0=78 mobile.3g_1_1_2.sig_dbm=nan mobile.3g_1_1_2.cdma_rx1=105 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 153 of 324...
Page 154: Configuring Mobile Manager
Roaming template 18.2 Configuring mobile manager using the web interface Select Services -> Mobile Manager. The Mobile Manager page appears. Figure 74: The mobile manager page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 154 of 324...
Page 155: Configuring Mobile Manager Using Uci
The following example shows how to enable the SMS functionality to receive and respond from certain caller ID numbers. uci set mobile.main=mobile uci set mobile.main.sim1pin=0000 uci set mobile.main.sim2pin=0000 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 155 of 324...
Page 156 'vasupport' option number '353871234567' option enabled 'yes' option respond 'yes' config caller option name 'vasupport1' option number '353872345678' option enabled 'yes' option respond 'yes' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 156 of 324...
Page 157: Configuring A Roaming Interface Template Via The Web Interface
An example would be to SMS the SIM card number by typing the following command on the phone and checking the SMS received from the router. uci show mobile.@caller[0].number _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 157 of 324...
Page 158: Configuring Multi-Wan
19.2 Configuring Multi-WAN using the web interface In the top menu, select Network -> Multi-Wan. The Multi-WAN page appears. Figure 76: The multi-WAN page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 158 of 324...
Page 159 In the WAN interfaces section, enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters appears. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 159 of 324...
Page 160 19: Configuring Multi-WAN _______________________________________________________________________________________________________ Figure 77: Example interface showing failover traffic destination as the added multi-WAN interface _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 160 of 324...
Page 161 UCI: multiwan.wan.priority Opt: priority Range Web: Manage Interface State (Up/Down) Defines whether multi-wan will start and stop the interface. UCI: multiwan.wan.manage_state Enabled. Opt: manage_state Disabled. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 161 of 324...
Page 162 -105dBm or ecio_db falls below -15dB Tech values are: GSM Compact UTRAN GSM w/EGPRS UTRAN w/HSPDA UTRAN w/HSUPA UTRAN w/HSUPA and HSDPA E-UTRAN Table 60: Information table for multi-WAN interface page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 162 of 324...
Page 163: Multi-Wan Traffic Rules
'3' option health_recovery_retries '5' option priority '2' option manage_state 'yes' option exclusive_group '0' option ifup_retry_sec '40' option icmp_hosts 'disable' option icmp_interval ‘1’ option timeout ‘3’ _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 163 of 324...
Page 164: Multi-Wan Diagnostics
The uci configuration file /etc/config/multiwan is provided as part of the multi-WAN package. The multi-WAN package is linked to the network interfaces within /etc/config/network. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 164 of 324...
Page 165 'dns' option timeout '3' option health_fail_retries '3' option health_recovery_retries '5' option priority '2' option manage_state 'yes' option exclusive_group '0' option ifup_retry_sec '300' option ifup_timeout_sec '40' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 165 of 324...
Page 166 CLI). Enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters will appear. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 166 of 324...
Page 167: Automatic Operator Selection
20 Automatic operator selection This section describes how to configure and operate the Automatic Operator Selection feature of a Virtual Access router. When the roaming SIM is connected, the radio module has the ability to scan available networks. The router, using mobile and multi-WAN packages, finds available networks to create and sort interfaces according to their signal strength.
Page 168 20.2.1.3 Create a primary predefined interface In the web interface top menu, go to Network ->Interfaces. The Interfaces page appears. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 168 of 324...
Page 169 (as reported by 'AT+COPS=?' command). Type the short operator name in lower case, for example: Operator name First four alphanumeric numbers Vodafone UK voda O2 – UK o2uk Orange oran _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 169 of 324...
Page 170 UCI: network.[..x..].ifname Opt: ifname Table 61: Information table for the create interface page Click Submit. The Common Configuration page appears. Figure 81: The common configuration page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 170 of 324...
Page 171 Click the link if you need to configure additional options from Mobile Manager. UCI: N/A Opt: N/A Table 62: Information table for the general set up section Click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 171 of 324...
Page 172 Figure 82: The multi-WAN page In the WAN Interfaces section, type in the name of the Multi-WAN interface. Click Add. The Multi-WAN page appears. Figure 83: The multi-WAN page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 172 of 324...
Page 173 Wait 3 seconds for ping reply Opt: timeout Range Web: Health Monitor ICMP Interval Defines the interval between multiple pings sent at each health check UCI: multiwan.wan.icmp_interval Opt: icmp_interval Range _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 173 of 324...
Page 174 Uses the UCI: multiwan.[..x..].ecio_threshold value stored for ecio_db in mobile diagnostics. Opt: ecio_threshold -115 Disabled Range -46 to -115 dB _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 174 of 324...
Page 175 20.2.2 Set options for automatically created interfaces (failover) From the top menu on the web interface page, select Services ->Mobile Manager. The Mobile Manager page appears. Figure 84: The mobile manager page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 175 of 324...
Page 176 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 65: Information table for caller settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 176 of 324...
Page 177 Enabled. Opt: sort_sig_strength Web: Roaming SIM Sets in which slot to insert roaming SIM card. UCI: mobile.main.roaming_sim SIM slot 1. Opt: roaming_sim SIM slot 2. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 177 of 324...
Page 178 Wait 3 seconds for ping reply Range Web: Attempts Before WAN Failover Defines the number of health check failures before interface is disconnected. UCI: mobile.@roaming_template[1].health_fail _retries Range Opt: health_fail_retries _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 178 of 324...
Page 179 PMP interface. The primary interface will be reconnected when the current auto-created interface fails multiwan health checks after expiration of the ifup_retry_sec timer. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 179 of 324...
Page 180 The network that offers the best signal strength will be the first to connect. Multi-WAN then controls the failover between the available networks. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 180 of 324...
Page 181 Web: HDR Auto User ID AN-PPP user ID. Supported on Cellient (CDMA) modem only. UCI: mobile.main.hdr_userid blank Opt: hdr_userid range Table 67: Information table for mobile manager basic settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 181 of 324...
Page 182 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 68: Information table for mobile manager caller settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 182 of 324...
Page 183 UCI: mobile.@roaming_template[0].sort_sig_st rength Opt: sort_sig_strength Web: Roaming SIM Sets which slot to insert roaming SIM card. UCI: mobile.main.roaming_sim SIM slot 1. Opt: roaming_sim SIM slot 2. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 183 of 324...
Page 184 Sets the number of health check passes before the interface is considered healthy. This field is not used for a roaming template. UCI: mobile.@roaming_template[0].health_rec overy_retries Opt: health_recovery_retries _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 184 of 324...
Page 185 20.2.7.1 Set multi-WAN operation From the top menu, select Network -> Multi-Wan. The Multi-WAN page appears. Figure 90: The multi-WAN page In the Multi-WAN section click Add. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 185 of 324...
Page 186: Configuring Via Uci
'255.0.0.0' config interface 'lan' option ifname 'eth0' option proto 'static' option ipaddr '192.168.100.1' option netmask '255.255.255.0' config interface '3g_s1_voda' option auto '0' option proto '3g' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 186 of 324...
Page 187 The roaming interface configurations are stored in the mobile package /etc/config/mobile. To view the mobile configuration file, enter:root@VA_router:~# uci export mobile config mobile 'main' option sms 'yes' option roaming_sim '1' option init_get_iccids 'no' config caller _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 187 of 324...
Page 188 'yes' To view the uci command of package mobile, enter: root@VA_router:~#uci show mobile mobile.main=mobile mobile.main.sms=yes mobile.main.roaming_sim=1 mobile.main.init_get_iccids=no mobile.@caller[0]=caller mobile.@caller[0].name=Test mobile.@caller[0].number=* mobile.@caller[0].enabled=yes mobile.@caller[0].respond=yes mobile.@roaming_template[0]=roaming_template mobile.@roaming_template[0].roaming_sim=1 mobile.@roaming_template[0].firewall_zone=wan _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 188 of 324...
Page 189 '3g' option signal_threshold '-95' option ifup_retry_sec '350' option ifup_timeout_sec '180' option manage_state '1' To view the uci command of package multiwan, enter: root@VA_router:~# uci show multiwan _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 189 of 324...
Page 190: Configuring No Pmp + Roaming Using Uci
/etc/config/mobile. To view the mobile package, enter: root@VA_router:~# uci export mobile package mobile config mobile 'main' option sms 'yes' option roaming_sim '1' option debug '1' config caller option name 'Eval' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 190 of 324...
Page 191 '3' To view the mobile package via uci commands, enter: root@VA_router:~# uci show mobile mobile.main=mobile mobile.main.sms=yes mobile.main.roaming_sim=1 mobile.main.debug=1 mobile.@caller[0]=caller mobile.@caller[0].name=Eval mobile.@caller[0].number=* mobile.@caller[0].enabled=yes mobile.@caller[0].respond=yes mobile.@roaming_template[0]=roaming_template mobile.@roaming_template[0].roaming_sim=1 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 191 of 324...
Page 192 'config' option enabled 'yes' option preempt 'no' option alt_mode 'no' To see multiwan package via uci, enter: root@VA_router:~# uci show multiwan multiwan.config=multiwan multiwan.config.enabled=yes multiwan.config.preempt=no multiwan.config.alt_mode=no _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 192 of 324...
Page 193: Automatic Operator Selection Diagnostics Via The Web Interface
Figure 92: The status page: multi-WAN status section page 20.6 Automatic operator selection diagnostics via UCI To check interfaces created in the multi-WAN package, enter: root@VA_router:~# cat /var/const_state/multiwan _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 193 of 324...
Page 194 Figure 93: Output from the command: cat /var/const_stat/multiwan To check interfaces created in the network package, enter: root@VA_router:~# cat /var/const_state/network Figure 94: Output from the command cat /var/const_state/network _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 194 of 324...
Page 195 20: Automatic operator selection _______________________________________________________________________________________________________ To check the status of the interface you are currently using, enter: root@VA_router:~# cat /var/const_state_/mobile Figure 95: Output from the command cat /vat/const_state_/mobile _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 195 of 324...
Page 196: Configuring Ipsec
Internet Protocol Security (IPSec) is a protocol suite used to secure communications at IP level. Use IPSec to secure communications between two hosts or between two networks. Virtual Access routers implement IPSec using strongSwan software. If you need to create an IPSec template for DMVPN, read the chapter ‘Dynamic Multipoint Virtual Private Network (DMVPN)’.
Page 197 Debug enabled. Most verbose logging also includes sensitive information such as keys. Table 71: Information table for IPSec common settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 197 of 324...
Page 198 21: Configuring IPSec _______________________________________________________________________________________________________ 21.2.2 Configure connection settings Figure 97: The connections settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 198 of 324...
Page 199 Defines the Subnet of remote LAN. UCI: strongswan.@connection[X]. remotelanmask Opt:remotelanmask Web: Local Protocol Restricts the connection to a single protocol on the local side. UCI: strongswan.@connection[X].localproto Opt: localproto _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 199 of 324...
Page 200 The format is: encAlgo | authAlgo | DHGroup Opt: ike encAlgo: 3des serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is aes128-sha-modp1536. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 200 of 324...
Page 201 UCI: strongswan.@connection[X].keyringtries for one, before giving up. The value %forever means 'never Opt: keyringtries give up'. Relevant only locally, other end need not agree on _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 201 of 324...
Page 202 Defines the local address this secret applies to. UCI: strongswan.@secret[X].localaddress Opt: localaddress Web: ID selector Defines the remote address this secret applies to. UCI: strongswan.@secret[X]. remoteaddress Opt: remoteaddress _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 202 of 324...
Page 203: Configuring Ipsec Using Uci
'yes' option strictcrlpolicy 'no' option uniqueids 'yes' option cachecrls 'no' option debug 'none' 21.3.2 Connection settings touch /etc/config/strongswan uci add strongswan connection uci set strongswan.@connection[0].ikelifetime=3h _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 203 of 324...
Page 204 '1h' option rekeymargin '9m' option keyingtries '3' option dpddelay '30s' option dpdtimeout '150s' option enabled 'yes' option name '3G_Backup' option auto 'start' option type 'tunnel' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 204 of 324...
Page 205 This will create the following output: config connection option name 'local' option enabled 'yes' option locallan '10.1.1.1' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 205 of 324...
Page 206 If xauth is defined as the authentication method then you must include an additional config secret section, as shown in the example below. # Commands to add a secret for xauth auth touch /etc/config/strongswan _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 206 of 324...
Page 207: Configuring An Ipsec Template For Dmvpn Via The Web Interface
Connection Settings Together, these sections define the required parameters for a two-way IKEv1 tunnel. Secret Settings 21.4.1 Configure common settings Figure 99: The common settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 207 of 324...
Page 208 Local LAN IP Address Mask • Remote LAN IP Address • Remote LAN IP Address Mask • Scroll down from common settings section to view connection settings. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 208 of 324...
Page 209 21: Configuring IPSec _______________________________________________________________________________________________________ Figure 100: The connections settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 209 of 324...
Page 210 UCI: strongswan.@connection[X]. (leave it blank for DMVPN) remotelanmask Opt:remotelanmask Web: Local Protocol Restricts the connection to a single protocol on the local side. UCI: strongswan.@connection[X].localproto Opt: localproto _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 210 of 324...
Page 211 The format is: encAlgo | authAlgo | DHGroup: Opt: ike encAlgo: 3des serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is: aes128-sha-modp1536. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 211 of 324...
Page 212 UCI: one, before giving up. The value %forever means 'never give strongswan.@connection[X].keyringtries up'. Relevant only locally, other end need not agree on it. Opt: keyringtries _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 212 of 324...
Page 213 Defines the local address this secret applies to. UCI: strongswan.@secret[X].localaddress Opt: localaddress Web: ID selector Defines the remote address this secret applies to. UCI: strongswan.@secret[X]. remoteaddress Opt: remoteaddress _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 213 of 324...
Page 214: Configuring An Ipsec Template To Use With Dmvpn
_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 214 of 324...
Page 215 '30s' option keyingtries '%forever' option dpdaction 'hold' option dpddelay '30s' option dpdtimeout '150s' config secret option enabled 'yes' option secrettype 'psk' option secret 'secret' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 215 of 324...
Page 216: Ipsec Diagnostics Using The Web Interface
10.68.234.133/32[gre] === 192.168./32[gre] dmvpn_89_101_154_151{1}: INSTALLED, TRANSPORT, ESP in UDP SPIs: cca7b970_i d874dc90_o dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 89.101.154.151/32[gre] To view a list of IPSec commands, enter: root@VA_router:~# ipsec –help _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 216 of 324...
Page 217: Configuring Firewall
The General Zone, or defaults, section declares global firewall settings that do not belong to any specific zones. These default rules take effect last and more specific rules take effect first. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 217 of 324...
Page 218 Rejected packets are blocked by the firewall and ICMP message is returned to the source host. Drop Dropped packets are blocked by the firewall. Table 77: Information table for general settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 218 of 324...
Page 219 Masquerading (NAT) of outgoing traffic is controlled on a per-zone basis. Click Edit to view a zone's settings. 22.2.2.1 Firewall zone: general settings Figure 104: The firewall zone general settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 219 of 324...
Page 220 Web: Restrict to address family Defines protocol family (ipv4, ipv6 or any) to generate iptables rules for. UCI: firewall.<zone label>.family Opt: family Table 78: Information table for firewall zone settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 220 of 324...
Page 221 Opt: log Web: Limit log messages Limits the amount of log messages per interval. UCI: firewall.<zone label>.log_limit Opt: log_limit Table 79: Information table for zone settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 221 of 324...
Page 222 Note: the rules generated for forwarding traffic between zones relay connection tracking to be enabled on at least one of the source or destination zones. This can be enabled through the conntrack option or through masq. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 222 of 324...
Page 223 Web: Internal IP address Specifies the internal (LAN) IP address for the traffic to be redirected UCI: firewall.<redirect label>.dest_ip Opt: dest_ip _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 223 of 324...
Page 224 -m policy --dir in for IPSec. The UCI: firewall.<redirect label>.extra arguments are entered as text strings. Opt: extra Table 82: Information table for port forward edits fields _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 224 of 324...
Page 225 22.2.4 Firewall traffic rules Rules can be defined to allow or restrict access to specific ports, hosts or protocols. Figure 109: The firewall traffic rules page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 225 of 324...
Page 226 For DNAT, redirects matched incoming traffic to the given port on the internal host. UCI: firewall.<rule label>.dest_port For SNAT, matches traffic directed at the given ports. Opt: dest_port _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 226 of 324...
Page 227 22.2.5 Custom rules Iptables rules can be defined here. Custom rules are applied after all other rules are applied. Consult official iptables documentation for exact syntax and details. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 227 of 324...
Page 228 Extra arguments to pass to iptables, this is mainly useful to specify additional match options, like -m policy --dir in for IPSec. Table 85: Information table for custom rules commands _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 228 of 324...
Page 229: Configuring Firewall Using Uci
22.3.3 Inter-zone forwarding To enable forwarding of traffic from WAN to LAN, enter: uci add firewall forwarding uci set firewall.@forwarding[1].dest=wan uci set firewall.@forwarding[1].src=lan _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 229 of 324...
Page 230 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 230 of 324...
Page 231: Ipv6 Notes
This can actually harm if the firewall is attacked with many simultaneous connection _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 231 of 324...
Page 232: Connection Tracking
If connection tracking is required, for example by custom rules in /etc/firewall.user, the conntrack option must be enabled in the corresponding zone to disable NOTRACK. It should appear as option 'conntrack' '1' in the right zone in /etc/config/firewall. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 232 of 324...
Page 233: Firewall Examples
'redirect' option 'name' 'ssh' option 'src' 'wan' option 'proto' 'tcpudp' option 'src_dport' '5555' option 'dest_ip' '192.168.1.100' option 'dest_port' '22' option 'target' 'DNAT' option 'dest' 'lan' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 233 of 324...
Page 234 22.7.5 Block access to a specific host The following rule blocks all connection attempts to the specified host address. config rule option src _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 234 of 324...
Page 235 The example below creates a forward rule rejecting traffic from LAN to WAN on the ports 1000-1100. config rule option src option dest option dest_port 1000-1100 option proto tcpudp option target REJECT _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 235 of 324...
Page 236 192.168.1.100 option dest_port 3128 option target DNAT config redirect option dest option proto option src_dip 192.168.1.1 option dest_ip 192.168.1.100 option dest_port 3128 option target SNAT _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 236 of 324...
Page 237: Ipsec Passthrough
For some configurations you also have to open port 500/UDP. # ISAKMP protocol config rule option src option dest option proto option src_port option dest_port option target ACCEPT _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 237 of 324...
Page 238: Firewall Management
1 (one): root@VA_router:/# FW_TRACE=1 fw reload To direct the output to a file for later inspection, enter: root@VA_router:/# FW_TRACE=1 fw reload 2>/tmp/iptables.lo _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 238 of 324...
Page 239: Configuring Snmp
Configuring SMNP using the web interface In the top menu, select Services -> SNMP. The SNMP Service page appears. 23.2.1 System and agent settings Figure 111: The SNMP service page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 239 of 324...
Page 240 Map community names into security names based on the community name and the source subnet. Use the first source/community combination that matches the incoming packet. Figure 112: The COM2Sec settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 240 of 324...
Page 241 Web: Security Name An already defined security name that is being included in this group. UCI: snmpd.group[x].secname Opt: secname Table 88: Information table for group settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 241 of 324...
Page 242 Access settings map from a group of users/communities, in a specific context and with a particular SNMP version and minimum security level, to one of three views, depending on the request being processed. Figure 115: The access settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 242 of 324...
Page 243 23.2.6 Trap receiver Trap receiver settings define a notification receiver that should be sent SNMPv1 TRAPs and SNMPv2c TRAP2. Figure 116: The trap receiver settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 243 of 324...
Page 244: Configuring Snmp Using Command Line
Table 92: Information table for trap receiver settings 23.3 Configuring SNMP using command line The configuration files are stored on /etc/config/snmpd 23.3.1 System settings using UCI root@VA_router:~# uci show snmpd snmpd.system=system _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 244 of 324...
Page 245 Note: the security names of “ro” and “rw” here are simply names – the fact of a security name having read only or read-write permissions is handled in the access section and dealt with at a group granularity. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 245 of 324...
Page 246 Similarly, requests from the security name “rw” in all protocols are mapped to the “private” group. 23.3.4.1 Group settings using UCI snmpd.grp_1_v1=group snmpd.grp_1_v1.version=v1 snmpd.grp_1_v1.group=public snmpd.grp_1_v1.secname=ro snmpd.grp_1_v2c=group snmpd.grp_1_v2c.version=v2c snmpd.grp_1_v2c.group=public snmpd.grp_1_v2c.secname=ro snmpd.grp_1_usm=group snmpd.grp_1_usm.version=usm _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 246 of 324...
Page 247 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 247 of 324...
Page 248 'rw' config 'group' 'private_v2c' option group 'private' option version 'v2c' option secname 'rw' config 'group' 'private_usm' option group 'private' option version 'usm' option secname 'rw' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 248 of 324...
Page 249 'access' 'public_access' option group 'public' option context 'none' option version 'any' option level 'noauth' option prefix 'exact' option read 'all' option write 'none' option notify 'none' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 249 of 324...
Page 250 # for SNMPv2c inform request receiver config informreceiver option host 'IPADDR[:PORT]' option community 'COMMUNITY STRING' An additional option was added to the 'agent' subsection: option authtrapenabled '0|1 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 250 of 324...
Page 251: Configuring Dynamic Dns
24.1 Overview Dynamic DNS (DDNS) functionality on a Virtual Access router will dynamically perform DDNS updates to a server so it can associate an IP address with a correctly associated DNS name. Users can then contact a machine, router, device and so on with a DNS name rather than a dynamic IP address.
Page 252: Dynamic Dns Settings
UCI: ddns.<name>.username Opt: username Web: Password Defines the password to use for authenticating domain name updates with the selected provider. UCI: ddns.<name>.password Opt: password _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 252 of 324...
Page 253: Dynamic Dns Using Uci
Dynamic DNS using UCI Dynamic DNS uses the ddns package /etc/config/ddns 24.4.1 UCI commands for DDNS root@VA_router:~# uci show ddns ddns.ddns1=service ddns.ddns1.enabled=1 ddns.ddns1.service_name=dyndns.org ddns.ddns1.domain=fqdn_of_interface ddns.ddns1.username=testusername ddns.ddns1.password=testpassword _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 253 of 324...
Page 254 'test' option password 'test' option ip_source 'network' option ip_network 'dsl0' option check_interval '10' option check_unit 'minutes' option force_interval '72' option force_unit 'hours' option interface 'dsl0' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 254 of 324...
Page 255: Configuring Vrrp
Configuring VRRP using the web interface To configure VRRP through the web interface, in the top menu, select Network -> VRRP. The VRRP page appears. To access configuration settings, click ADD. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 255 of 324...
Page 256 Sets the initial role in which a VRRP router starts up. In a cluster of VRRP routes, set one as a Master and the others as Backup. UCI: vrrp.g1.init_state BACKUP Opt: init_state MASTER _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 256 of 324...
Page 257: Configuring Vrrp Using Uci
'yes' option interface 'lan1' list track_iface 'lan' option init_state 'BACKUP' option router_id '1' option priority '115' option advert_int_sec '2' option password 'secret' option virtual_ipaddr '10.1.10.150/16' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 257 of 324...
Page 258 ~# uci show vrrp vrrp.main=vrrp vrrp.main.enabled=yes vrrp.g1=vrrp_group vrrp.g1.enabled=yes vrrp.g1.interface=lan1 vrrp.g1.track_iface=lan vrrp.g1.init_state=BACKUP vrrp.g1.router_id=1 vrrp.g1.priority=115 vrrp.g1.advert_int_sec=2 vrrp.g1.password=secret vrrp.g1.virtual_ipaddr=10.1.10.150/16 vrrp.g1.garp_delay_sec=5 vrrp.g1.ipsec_connection=Test To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 258 of 324...
Page 259: Dynamic Multipoint Virtual Private Network (Dmvpn)
New hubs can be added to the network to improve the performances and • reliability. Ability to carry multicast and main routing protocols traffic (RIP, OSPF, BGP). • DMVPN can be deployed using Activator, the Virtual Access automated • provisioning system. • Simplifies branch communications by enabling direct branch to branch connectivity.
Page 260: Dmvpn Scenarios
Then it initiates VPN IPSec connection to spoke2. When an IPSec tunnel is established, spoke1 and spoke2 can send traffic directly • to each other. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 260 of 324...
Page 261 • to each other. Note: if an IPSec tunnel fails to be established between the spokes then packets between the spokes are sent via the hub. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 261 of 324...
Page 262: Configuration Packages Used
Web: IPSec template connection Selects the IPSec connection, defined in strongSwan, to be used as a template. UCI: dmvpn.common.ipsec_template_name Opt: ipsec_template_name Table 95: Information table for DMVPN general settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 262 of 324...
Page 263 Web: LED state indication LED to use for indicating if the VPN is up. UCI: dmvpn.@interface[X].led Opt: led Table 96: Information table for DMVPN hub settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 263 of 324...
Page 264: Dmvpn Diagnostics
:~# opennhrpctl show Status: ok Interface: gre-GRE Type: local Protocol-Address: 11.11.11.7/32 Alias-Address: 11.11.11.3 Flags: up Interface: gre-GRE Type: local Protocol-Address: 11.11.11.3/32 Flags: up Interface: gre-GRE Type: cached _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 264 of 324...
Page 265 Security Associations (1 up, 0 connecting): dmvpn_89_101_154_151[1]: ESTABLISHED 2 hours ago, 10.68.234.133[10.68.234.133]...89.101.154.151[89.101.154.151] dmvpn_89_101_154_151{1}: REKEYING, TRANSPORT, expires in 55 seconds dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 192.168./32[gre] _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 265 of 324...
Page 266 Flags: up Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 Flags: used up Expires-In: 0:18 Interface: gre-GRE Type: static Protocol-Address: 11.11.11.1/29 NBMA-Address: 89.101.154.151 Flags: up _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 266 of 324...
Page 267: Configuring Terminal Server
Configuration page appears. You must configure two main sections: Main Settings and Port Settings. 27.3.1 Configure main settings Figure 127: The terminal server main settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 267 of 324...
Page 268 27.3.2.1 Port settings: general section In this section you can configure general port settings. The settings are usually the same for the central and the remote site. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 268 of 324...
Page 269 Web: Serial Forwarding Timeout (ms) Forwarding timeout in milliseconds (network to serial). UCI: tservd.@port[0]. sfwd_timeout Set to 0 to forward to serial immediately. Opt: sfwd_timeout 20 ms Range 0-10000 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 269 of 324...
Page 270 Note: • The displayed settings vary depending on options selected. DTR <--> DSR signalling is not available on GW2028 router models. • _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 270 of 324...
Page 271 27: Configuring Terminal Server _______________________________________________________________________________________________________ Figure 129: The serial section fields (portmode RS232 and usb serial disabled) _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 271 of 324...
Page 272 Note: this setting does not enable half- Opt: hd_mode duplex mode in the serial hardware of the router. Full duplex mode. Half duplex mode. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 272 of 324...
Page 273 Defines whether to use CRC32 or CRC16 in HDLC mode. Only displayed if Atmel USB serial card is enabled. UCI: tservd.@port[0].sync_crc32 Use CRC16. Opt: sync_crc32 Use CRC32. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 273 of 324...
Page 274 Opt: sync_txdata_dly Range Web: Dual X.21 card bit reverse Enables bit reversal of all bits in 8 byte word during transmission. UCI: tservd.@port[0].bit_reverse Normal. Opt: bit_reverse Reverse. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 274 of 324...
Page 275 27.3.2.3 Port settings: network section In this section you can configure the network side of the Terminal Server. Note: the displayed settings vary depending on options selected. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 275 of 324...
Page 276 UCI: tservd.@port[0].ip_port2 Opt: ip_port2 Range 1 - 65535 Web: Remote IP 1 Destination peer IP 1 address. UCI: tservd.@port[0].remote_ip1 0.0.0.0 Opt: remote_ip1 Range IPv4 address _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 276 of 324...
Page 277 Defines the maximum number of remote UDP keepalive not received before UDP stream is considered broken. Only displayed UCI: tservd.@port[0].udpKaCount if transport mode is UDP. Opt: udpKaCount Range 0-65535 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 277 of 324...
Page 278: Terminal Server Using Uci
'0.0.0.0' option remote_ip2 '0.0.0.0' 27.6 Terminal Server diagnostics The tservd process has to be running otherwise diagnostics options for terminal server will not be available. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 278 of 324...
Page 279 Tcp tx last error: 0 27.6.4 Terminal Server advanced debugging To see advanced debug commands for the terminal server, enter: root@VA_router:~# tserv === Termserv disgnostics. Command syntax: === _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 279 of 324...
Page 280 - show USB serial card CPLD programming status tserv upgrade userial - initiate upgrade of the USB serial card tserv quit - terminate termserv process _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 280 of 324...
Page 281: Configuring A Gre Interface
DHCP or PPP to dial into the provider network. In the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 131: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 281 of 324...
Page 282 IP address, TTL, tunnel key and MTU. Advanced Settings 'Bring up on boot' and 'monitor interface state' settings. Firewall settings Assign a firewall zone to the connection. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 282 of 324...
Page 283 Web: MTU Configures MTU (maximum transmission unit) size of PDUs using this interface. UCI: network.<if name>.mtu 1472 Opt: mtu Range Table 103: Information table for GRE _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 283 of 324...
Page 284 After you have configured the GRE interface, you must configure a static route to route the desired traffic over the GRE tunnel. To do this, go to Network->Static Routes. For more information, read the chapter ‘Configuring Static Routes’. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 284 of 324...
Page 285: Gre Configuration Using Command Line
‘172.255.255.100’ option ttl '128' option key '1234' option mtu '1472' option auto ‘1’ To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 285 of 324...
Page 286: Gre Diagnostics
Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1465 errors:0 dropped:0 overruns:0 frame:0 TX packets:1465 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 286 of 324...
Page 287 0.0.0.0 255.255.255.248 U gre-Tunnel1 172.19.101.3 13.13.13.1 255.255.255.255 UGH gre-Tunnel1 Note: a GRE route will only be displayed in the routing table when the interface is up. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 287 of 324...
Page 288: Configuring Multicasting Using Pim And Igmp Interfaces
To configure PIM through the web interface, in the top menu, select Network -> PIM. The PIM page appears. To access the Global settings, click Add. Figure 135: The global settings interface _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 288 of 324...
Page 289: Global Settings
Enable SSM on given interface. UCI: pimd.interface[x].ssm Disabled. Opt: ssm Enabled. Table 106: Information table for interface settings To save your configuration updates, click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 289 of 324...
Page 290: Configuring Pim And Igmp Using Uci
'wan' option ssm 'yes' option igmp 'no' Alternatively, enter: uci show pimd root@VA_router:/etc/config1# uci show pimd pimd.pimd=routing pimd.pimd.enabled=yes pimd.@interface[0]=interface pimd.@interface[0].enabled=yes pimd.@interface[0].interface=lan pimd.@interface[0].ssm=yes pimd.@interface[0].igmp=yes pimd.@interface[1]=interface pimd.@interface[1].enabled=yes _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 290 of 324...
Page 291 29: Configuring Multicasting using PIM and IGMP interfaces _______________________________________________________________________________________________________ pimd.@interface[1].interface=wan pimd.@interface[1].ssm=yes pimd.@interface[1].igmp=no To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 291 of 324...
Page 292: Event System
_______________________________________________________________________________________________________ 30 Event system Virtual Access routers feature an event system. It allows you to forward router events to predefined targets for efficient control and management of devices. This chapter explains how the event system works and how to configure it using UCI commands.
Page 293: Supported Targets
The configuration is composed of a main section and as many forwardings, targets and connection testers as required. 30.7.1 Va_eventd: main section 30.7.1.1 Main using UCI root@VA_router:~# uci show va_eventd va_eventd.main=va_eventd va_eventd.main.enabled=yes va_eventd.main.event_queue_file=/tmp/event_buffer va_eventd.main.event_queue_size=128K _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 293 of 324...
Page 294 To define a forwarding label of Monitor using UCI, enter: va_eventd.Monitor=forwarding In the examples below no forwarding label has been defined. 30.7.3 Forwarding using UCI root@VA_router:~# uci show va_eventd va_eventd.@forwarding[0]=forwarding va_eventd.@forwarding[0].enabled=1 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 294 of 324...
Page 295 UCI: va_eventd.<forwarding Only generate events with the given className and the given label>.eventName eventName. The eventName is optional and can be omitted. Opt: eventName _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 295 of 324...
Page 296 If successful, the event system assumed the connection is valid for a configurable amount of time. 30.7.6.2 Ping connection tester using UCI va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].name=pinger va_eventd.@conn_tester[0].enabled=1 va_eventd.@conn_tester[0].type=ping _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 296 of 324...
Page 297 A link connection tester tests a connection by checking the status of the interface being used. 30.7.6.6 Link connection tester using UCI va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].name=linktest va_eventd.@conn_tester[0].enabled=1 va_eventd.@conn_tester[0].type=link va_eventd.@conn_tester[0].link_iface=eth0 Link connection tester using package options _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 297 of 324...
Page 298 30.7.7.1 Syslog target When a syslog target receives an event, it sends it to the configured syslog server. In the examples below no target label has been defined. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 298 of 324...
Page 299 30.7.7.5 Email target When an email target receives an event, it sends it to the configured email address. 30.7.7.6 Email target using UCI va_eventd.@target[0]=target va_eventd.@target[0].name=email1 va_eventd.@target[0].enabled=1 va_eventd.@target[0].type=email _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 299 of 324...
Page 300 '0' option tls_starttls '0' option tls_forcessl3 '0' option timeout_sec "10" option from x@example.com option to y@example.com option subject_template "%{severityName} %{eventName}!!!" option body_template "%{eventName} (%{class}.%{subclass}) happened!" _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 300 of 324...
Page 301 Opt: body_template UCI: va_eventd.<target Name of the connection tester to use for this target. label>.conn_tester Opt: conn_tester Table 114: Information table for email target settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 301 of 324...
Page 302 UCI: va_eventd.<target IP address of the SNMP Manager. label>.target_addr Opt: target_addr UCI: va_eventd.<target Optional IP address to use as the trap source IP address. label>.agent_addr Opt: agent_addr _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 302 of 324...
Page 303: Event System Diagnostics
Table 116: Information table for exec target settings 30.8 Event system diagnostics 30.8.1 Displaying VA events To view a list of all available class names, events and severity levels, enter: vae_cli -d _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 303 of 324...
Page 304 | Ethernet %{p1} up | ethernet 2 | LinkDown | notice | Ethernet %{p1} down | auth 2 | BadPasswordSSH | warning | SSH login attempt from %{p2}: ba.. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 304 of 324...
Page 305 | wifi 1 | WiFiConnectedToAP | notice | WiFi %{p1} connected to AP %{p2} | wifi 2 | WiFiDisconnectedFromAP | notice | WiFi %{p1} disconnected from AP _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 305 of 324...
Page 306 | ntp 3 | QueryTimeout | warning | NTP query to %{p1} timed out. Ne.. | ntp 4 | QueryFailed | warning | NTP query failed: %{p1} _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 306 of 324...
Page 307 'l2tp' option eventName 'CannotFindTunnel' option severity 'debug-critical' option target 'syslog' config forwarding option enabled 'yes' option className 'mobile' option severity 'notice-critical' option target 'snmp' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 307 of 324...
Page 308 'yes' option type 'syslog' option target_addr '192.168.100.254:514' option conn_tester 'mon_server' config target option name 'email' option enabled 'yes' option type 'email' option smtp_addr '89.101.154.148:465' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 308 of 324...
Page 309 '192.168.100.254' option agent_addr '192.168.100.1' option conn_tester 'mon_server' config target option name 'logit' option enabled 'yes' option type 'exec' option cmd_template 'logger -t eventer %{eventName}' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 309 of 324...
Page 310: Configuring Sla Reporting On Monitor
To enable all devices under a particular reseller for SLA, under the SLA tab, click ON. The user must have admin privileges for any change to be made. If they do not, they will be informed of this fact. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 310 of 324...
Page 311: Configuring Router Upload Protocol
The graphs initially appear in an hourly format. To expand or reduce the time axis, use the appropriate zoom button. To navigate forwards or backwards chronologically, use the right and left arrow buttons. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 311 of 324...
Page 312 To view raw data, click each graph to produce the following information. Figure 141: Raw data information from each graph To change the range of the graph, click zoom. Figure 142: Altered range of graph information _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 312 of 324...
Page 313 If you remove a graph, you can add it back to the page by selecting its name in the Add SLA Element drop-down menu. If you have not removed any graphs, this drop-down menu is not available. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 313 of 324...
Page 314: Generating A Report
Statistics Settings 31.5.1 Create a report Select Create Report. Enter the relevant parameters. Report name • Frequency of report • • Assigned devices • SLA Report Elements _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 314 of 324...
Page 315 After clicking Change, the select devices page appears, this allows you to select which devices are to be members of the report. Figure 147: Sample from the select devices page Click Continue and then add SLA report elements. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 315 of 324...
Page 316 • • Click Add and when you have selected all graphs, click Save. View reports To view a report, in the header menu, select Statistic Reports. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 316 of 324...
Page 317 If you select Day, data will be shown for every day; if you select Week, data will be shown for every week, and so on. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4...
Page 318: Reporting Device Status To Monitor Using Uci
A sample Monitor configuration is shown below. root@VA_router:~# uci show monitor monitor.main=keepalive monitor.main.enable=yes monitor.main.interval_min=1 monitor.main.dev_reference=mikesamazondev monitor.main.monitor_ip=10.1.83.36 root@VA_router:~# uci export monitor package 'monitor' config keepalive 'main' option enable 'yes' option interval_min '1' _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 318 of 324...
Page 319 31: Configuring SLA reporting on Monitor _______________________________________________________________________________________________________ option dev_reference 'mydevice' option enabled 'yes' list monitor_ip '10.1.83.36' config interface_stats 'stats' option enabled 'yes' option bin_period '1m' option bin_cache_size '1440 _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 319 of 324...
Page 320: Configuring Sla For A Router
32 Configuring SLA for a router SLA reporting works in two parts: 1. The Virtual Access Monitor system server connects via SSH into the router and schedules the task of uploading statistics to Monitor. 2. The Virtual Access router monitors UDP keepalive packets. It creates and stores statistics in bins.
Page 321 UCI: slad.main.max_bin_count Opt: max_bin_count Table 118: Information table for SLA settings When you have made all your configuration changes, click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 321 of 324...
Page 322: Configuring Sla For A Router Using The Uci Interface
Viewing SLA statistics using UCI To show all available statistic options, enter: root@VA_router:~# sla sla [current] | [all] | [oldest] | [newest] | [newest N] | [range: YYYMMDDHH-YYYYMMDDHH] _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 322 of 324...
Page 323: Virtual Access
To show the newest statistics, enter: root@VA_router: ~# sla newest ---------------------------------------- Bin valid: Start time 01.01.1970 03:32:00 End time 01.01.1970 03:33:00 Pkts In: Pkts Out: Bytes In: _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 323 of 324...
Page 324 1 ms Avg Round Trip: 1 ms Min GSM signal quality: -63 dBm Max GSM signal quality: -63 dBm Avg GSM signal quality -63 dBm Availability: 100.00% _______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 324 of 324...

This manual is also suitable for:

Gw3346 Gw3340 Gw3360 Gw3343 Gw3344

virtual access GW3330 User Manual

1 Introduction

2 GW3300 Series Hardware

3 GW3300 Series LED Behaviour

4 Factory Configuration Extraction from SIM Card

5 Accessing the Router

6 System Settings

7 Upgrading Router Firmware

8 Router File Structure

9 Using the Command Line Interface

10 Management Configuration Settings

12 Configuring Satop and Cesopsn

13 DHCP Server and DNS Configuration (Dnsmasq)

14 Configuring Static Routes

15 Configuring BGP (Border Gateway Protocol)

16 Configuring a Wifi Connection

17 Configuring a Mobile Connection

18 Configuring Mobile Manager

19 Configuring Multi-WAN

20 Automatic Operator Selection

21 Configuring Ipsec

22 Configuring Firewall

23 Configuring SNMP

24 Configuring Dynamic DNS

25 Configuring VRRP

26 Dynamic Multipoint Virtual Private Network (DMVPN)

27 Configuring Terminal Server

28 Configuring a GRE Interface

29 Configuring Multicasting Using PIM and IGMP Interfaces

30 Event System

31 Configuring SLA Reporting on Monitor

32 Configuring SLA for a Router

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for virtual access GW3330

Summary of Contents for virtual access GW3330