Download Print this page

virtual access GW3330 User Manual

Gw3300 series

Hide thumbs Also See for GW3330:

User manual (324 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

GW3300 Series User Manual

Issue:

1.7

Date:

05 April 2017

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the GW3330 and is the answer not in the manual?

Questions and answers

Summary of Contents for virtual access GW3330

Page 1 GW3300 Series User Manual Issue: Date: 05 April 2017...
Page 2: Table Of Contents
Configuring the password using UCI ............25 Configuring the password using package options......... 25 Accessing the device using RADIUS authentication ........26 6.10 Accessing the device using TACACS+ authentication ........27 _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 2 of 372...
Page 3 Activator ....................80 12.2 Monitor ....................80 12.3 Configuration packages used ..............80 12.4 Autoload: boot up activation ..............81 12.5 Autoload packages .................. 81 _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 3 of 372...
Page 4 15 Configuring SAToP and CESoPSN .............. 114 15.1 What are SAToP and CESoPSN? .............. 114 15.2 Clocking ....................114 15.3 Virtual Access proprietary SAToP/CESoPSN protocol extension ....115 15.4 Configuration package used ..............115 15.5 Configuring SAToP/CESoPSN ..............116 15.6 Configuring main settings using UCI ............
Page 5 Configuration package used ..............186 23.2 Configuring a mobile connection using the web interface ......186 23.3 Configuring a mobile connection using CLI ..........192 23.4 Diagnositcs ..................193 _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 5 of 372...
Page 6 Connection tracking ................279 28.7 Firewall examples ................. 279 29 Configuring SNMP ..................287 29.1 Configuration package used ..............287 29.2 Configuring SMNP using the web interface..........287 _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 6 of 372...
Page 7 Configuring PIM and IGMP using the web interface ........335 35.4 Configuring PIM and IGMP using UCI ............337 36 Event system .................... 339 36.1 Configuration package used ..............339 _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 7 of 372...
Page 8 Configuration package used ..............368 38.2 Configuring SLA for a router using the web interface ......... 368 38.3 Configuring SLA for a router using UCI ............ 370 _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 8 of 372...
Page 9: Introduction
1: Introduction _______________________________________________________________________________________________________ 1 Introduction This user manual describes the features and how to configure Virtual Access GW3300 Series routers. Designed for managed network providers, GW3300 Series routers provide secure WAN connectivity for internet and private networking environments over 3G or 4G broadband paths and incorporate optional 802.11n WiFi connectivity.
Page 10 UCI commands and package option examples are shown in the following format: root@VA_router:~# vacmd show current config 1.2.3 Diagnostics Diagnostics are explained at the end of each feature’s chapter. _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 10 of 372...
Page 11 1: Introduction _______________________________________________________________________________________________________ 1.2.4 UCI commands For detailed information on using UCI commands, read chapters ‘Router File Structure’ and ‘Using Command Line Interface’. _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 11 of 372...
Page 12: Gw3300 Series Router Hardware
RS232 for the first port and RS485 for the second port. For more information on using the port in RS485 mode, read the Terminal Server section of this manual. _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 12 of 372...
Page 13: Rs232 Mode Pin-Out On The Gw3300
850/900/1800/1900 MHz 2.6 WiFi technology • 802.11 a/b/g/n Dual band 2.4GHz and 5GHz • 802.11ndata rate to 300Mbps • At least 20dBm output power • _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 13 of 372...
Page 14: Power Supply
1900 20/B5/B28 Europe 900/1800 900/2100 -40°C to 85°C -RFL APAC North 850/1900 B2/B4/B5/B17 -30°C to 80°C -RFM America Table 4: RF bands with operating temperatures _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 14 of 372...
Page 15: Antenna
If only connecting one antenna, screw the antenna into the MAIN SMA connector. If using multiple antennas, screw the antennas into the relevant SMA connectors. Virtual Access supplies a wide range of antennas. Please visit our website: www.virtualaccess.com or contact Virtual Access for more information.
Page 16: Reset Button
You can use recovery mode to manipulate the config files, but should only be used if all other configs files are corrupt. If your router has entered recovery mode, contact your local reseller for access information. _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 16 of 372...
Page 17: Gw3300 Series Led Behaviour
LED on the left hand side is the LINK LED, and the ACT LED is on the right hand side. _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 17 of 372...
Page 18 (green) Physical Ethernet link detected. No data is being transmitted/received over the link. ACT LED (amber) Flashing Data is being transmitted/ received over the link. _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 18 of 372...
Page 19: Installing A Router Into A Vehicle
Connect the BLUE wire to a 12V switched vehicle ignition wire. • Connect the RED wire to a 12V permanent wire. • Plug the 6 pin connector into the router. _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 19 of 372...
Page 20: Installing A Router Into A Vehicle Using A Fused Power Cable
Connect the BLUE wire to a 12V switched vehicle ignition wire. • Connect the RED wire to a 12V permanent wire. • Plug the 6 pin connector into the router. _______________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 20 of 372...
Page 21: Factory Configuration Extraction From Sim Card
5: Factory configuration extraction from SIM card _______________________________________________________________________________________________________ 5 Factory configuration extraction from SIM card Virtual Access routers have a feature to update the factory configuration from a SIM card. This allows you to change the factory configuration of a router when installing the SIM.
Page 22: Accessing The Router
The default settings are shown below. The username and password are case sensitive. In the username field, type root. In the Password field, type admin. Click Login. The Status page appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 22 of 372...
Page 23: Accessing The Router Over Ethernet Using An Ssh Client
SCP server. No dedicated SPC client is supported; select the SCP client software of your own choice. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 23 of 372...
Page 24: Accessing The Router Over Ethernet Using A Telnet Client
In the Router Password section, type your new password in the password field and then retype the password in the confirmation field. Scroll down the page and click Save & Apply. Note: the username ‘root’ cannot be changed. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 24 of 372...
Page 25: Configuring The Password Using Uci
'$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw option password ‘newpassword’ The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 25 of 372...
Page 26: Accessing The Device Using Radius Authentication
'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' config 'pam_auth' option enabled 'yes' option pamservice 'luci" option pammodule 'auth' option pamcontrol 'sufficient' option type 'radius' servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 26 of 372...
Page 27: Accessing The Device Using Tacacs+ Authentication
TACACS+ authentication can be configured for accessing the router over SSH, web or local console interface. package system config system 'main' option hostname 'VirtualAccess' option timezone 'UTC' config pam_auth option enabled 'yes' option pamservice 'sshd' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 27 of 372...
Page 28: Virtual Access
'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' config pam_auth option enabled 'yes' option pamservice 'luci' option pammodule 'account' option pamcontrol 'sufficient' option type 'tacplus' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 28 of 372...
Page 29 'service=ppp' config pam_auth option enabled 'yes' option pamservice 'login' option pammodule 'session' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 29 of 372...
Page 30: Ssh
SSH allows you to access remote machines over text based shell sessions. SSH uses public key cryptography to create a secure connection. These connections allow you to issue commands remotely via a command line. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 30 of 372...
Page 31 In the top menu, click System -> Administration. The Administration page appears. Scroll down to the SSH Access section. Figure 9: The SSH access section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 31 of 372...
Page 32: Package Dropbear Using Uci
Table 12: Information table for SSH access settings 6.12 Package dropbear using UCI root@VA_router:~# uci show dropbear dropbear.@dropbear[0]=dropbear dropbear.@dropbear[0].PasswordAuth=on dropbear.@dropbear[0].RootPasswordAuth=on dropbear.@dropbear[0].GatewayPorts=0 dropbear.@dropbear[0].IdleTimeout=30 dropbear.@dropbear[0].Port=22 dropbear.@dropbear[0].MaxLoginAttempts=3 Package dropbear using package options _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 32 of 372...
Page 33: Certs And Private Keys
There is support for IPSec, OpenVPN and VA certificates and keys. If you have generated your own SSH public keys, you can input them in the SSH Keys section, for SSH public key authentication. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 33 of 372...
Page 34: Configuring A Router's Web Server
To configure the router’s HTTP server parameters, in the top menu, select Services -> HTTP Server. The HTTP Server page has two sections. Main Settings Server configurations Certificate Settings SSL certificates. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 34 of 372...
Page 35: Main Settings
ASN.1/DER private key used to serve HTTPS connections. If no listen_https options are given the key options are ignored. UCI: uhttpd.main.key /etc/uhttpd.key Opt: key Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 35 of 372...
Page 36 Does not follow symbolic links if enabled. UCI: uhttpd.main.no_symlinks Disabled. Opt: no_symlinks Enabled. Web: N/A Does not generate directory listings if enabled. UCI: uhttpd.main.no_dirlists Disabled. Opt: no_symlinks Enabled. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 36 of 372...
Page 37 '0.0.0.0:443' option home '/www' option rfc1918_filter '1' option cert '/etc/uhttpd.crt' option key '/etc/uhttpd.key' option cgi_prefix '/cgi-bin' option script_timeout '60' option network_timeout '30' option config '/etc/http.conf' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 37 of 372...
Page 38 Activation, this must be set to the serial number (Eth0 UCI: uhttpd.commonname MAC address) of the device. Opt: commonname Table 14: Information table for HTTP server certificate settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 38 of 372...
Page 39: Basic Authentication (Httpd Conf)
/etc/shadow or /etc/passwd. If you use $p$… format, uhttpd will compare the client provided password against the one stored in the shadow or passwd database. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 39 of 372...
Page 40: Securing Uhttpd
To get your current LAN IP address, enter: uci get network.lan.ipaddr Then modify the configuration appropriately: uci set uhttpd.main.listen_http='192.168.1.1:80' uci set uhttpd.main.listen_https='192.168.1.1:443' config 'uhttpd' 'main' list listen_http 192.168.1.1:80 list listen_https 192.168.1.1:443 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 40 of 372...
Page 41: Configuring Dynamic Dns
7 Configuring Dynamic DNS 7.1 Overview Dynamic DNS (DDNS) functionality on a Virtual Access router will dynamically perform DDNS updates to a server so it can associate an IP address with a correctly associated DNS name. Users can then contact a machine, router, device and so on with a DNS name rather than a dynamic IP address.
Page 42: Dynamic Dns Settings
UCI: ddns.<name>.ip_source network IP is a associated with a network configuration. Opt: ip_source interface IP is associated with an interface. IP is associated with a URL. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 42 of 372...
Page 43: Dynamic Dns Using Uci
Dynamic DNS uses the ddns package /etc/config/ddns 7.4.1 UCI commands for DDNS root@VA_router:~# uci show ddns ddns.ddns1=service ddns.ddns1.enabled=1 ddns.ddns1.service_name=dyndns.org ddns.ddns1.domain=fqdn_of_interface ddns.ddns1.username=testusername ddns.ddns1.password=testpassword ddns.ddns1.ip_source=network ddns.ddns1.ip_network=dsl0 ddns.ddns1.check_interval=10 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 43 of 372...
Page 44 'test' option password 'test' option ip_source 'network' option ip_network 'dsl0' option check_interval '10' option check_unit 'minutes' option force_interval '72' option force_unit 'hours' option interface 'dsl0' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 44 of 372...
Page 45: System Settings
Configure the router’s web language and style. Time synchronization Configure the NTP server in this section. 8.2.1 General settings Figure 16: General settings in system properties _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 45 of 372...
Page 46 External syslog server IP address. UCI: system.main.log_ip Range Opt: log_ip 0.0.0.0 Web: External system log server port External syslog server port number. UCI: system.main.log_port Range Opt: log_port _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 46 of 372...
Page 47 /root/syslog.messages,x (where x starts at 0). Opt: log_file_count Range Stores 1 archive log file in flash Table 17: Information table for the logging section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 47 of 372...
Page 48 UCI: system.ntp.server can be configured and are separated by a space if using UCI. Opt: list server By default all fields are set to 0.0.0.0. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 48 of 372...
Page 49: System Settings Using Uci
10.10.10.10 System settings using package options root@VA_router:~# uci export system package 'system' config 'system' 'main' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 49 of 372...
Page 50: System Diagnostics
To stop this option, type fg to view the current jobs, then press ctrl-c to kill those jobs. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 50 of 372...
Page 51 Shows end of the events stored flash. root@VA_router:~# tail –f /root/syslog.messages & Shows the log on an ongoing basis. To stop this option, press ctrl-c. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 51 of 372...
Page 52: Upgrading Router Firmware
To check which software version your router is running, in the top menu, browse to Status -> Overview. Figure 21: The status page showing a software version prior to 72.002 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 52 of 372...
Page 53 9.1.2 Upgrading router firmware for software versions pre- 72.002 Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab -> Backup/Flash Firmware. The Flash operations page appears.
Page 54 To verify that the router has been upgraded successfully, click Status in the top menu. The Firmware Version shows in the system list. Figure 26: The system status list _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 54 of 372...
Page 55 9.1.3 Upgrading router firmware for software version 72.002 and above Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab > Flash operations. The Flash operations page appears.
Page 56 To regain access to the router you must login again. If any part of the processes encounters an error the reboot does not occur and a report is given as shown in section 1.3.3. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 56 of 372...
Page 57 Version shows in the system list and also in the right top corner of the menu bar. Figure 32: The system status list showing current firmware version _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 57 of 372...
Page 58: Upgrading Firmware Using Cli
Windows it requires an additional application. The usage example below is for a Unix machine and therefore assumes the image file is in the current folder. scp LIS-15.00.72.002.image root@x.x.x.x:/tmp/LIS-15.00.72.002.image _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 58 of 372...
Page 59 After the write process has finished, you must complete post verification of the firmware. To verify the checksum of downloaded firmware, enter: va_image_csum.sh /tmp/LIS-15.00.72.002.image The checksum of the downloaded binary is shown: 08761cd03e33c569873bcc24cf2b7389 7006920 LIS-15.00.72.002 This MD5 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 59 of 372...
Page 60 Provided the programming has succeeded, you can set it as the next image to use after reboot, enter: vacmd set next image altimage To reboot using the new firmware, enter: reboot _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 60 of 372...
Page 61: Router File Structure
Figure 33: The status page System information is also available from the CLI if you enter the following command: root@VA_router:~# va_vars.sh _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 61 of 372...
Page 62: Identify Your Software Version
In the Firmware Version row, the first two digits of the firmware version identify the hardware platform, for example LIS-15; while the remaining digits: .00.72.002, show the software version. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 62 of 372...
Page 63: Image Files
To show the configuration to run after the next reboot, enter: root@VA_router:~# va_config.sh next To set the configuration to run after the next reboot, enter: root@VA_router:~# va_config.sh -s [factconf|config1|config2|altconfig] _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 63 of 372...
Page 64: Configuration File Syntax
Configurations can also be managed using directory manipulation. To remove the contents of the current folder, enter: root@VA_router:/etc/config1# rm –f * Warning: the above command makes irreversible changes. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 64 of 372...
Page 65: Exporting A Configuration File
In the top menu, select System > Backup/Flash Firmware. The Flash operations page appears. Figure 36: The flash operations page In the Backup/Restore section, select Generate Archive. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 65 of 372...
Page 66: Importing A Configuration File
8.9.1 If you have software version 72.002 or above, export a configuration file using the web interface go to section 8.9.2 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 66 of 372...
Page 67 Upload archive. Figure 39: The system – restoring…page When the ‘waiting for router’ icon disappears, the upgrade is complete, and the login homepage appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 67 of 372...
Page 68 OK to return to the Flash Operations page. There you can manually select Made Active (after reboot). Then click Reboot Now in the ‘Reboot using Active Configuration’ section. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 68 of 372...
Page 69 <paste in config file> <CTRL-D> Note: it is very important that the config file is in the correct format otherwise it will not import correctly. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 69 of 372...
Page 70: Using The Command Line Interface
11: Using the Command Line Interface _______________________________________________________________________________________________________ 11 Using the Command Line Interface This chapter explains how to view Virtual Access routers' log files and edit configuration files using a Command Line Interface (CLI) and the Unified Configuration Interface (UCI) system.
Page 71 0 Jul 3 11:37 usr lrwxrwxrwx 1 root root 4 Jul 16 2012 var -> /tmp drwxr-xr-x 4 root root 67 Jul 16 2012 www _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 71 of 372...
Page 72 444 S -ash 374 root 344 R ps ax 375 root 400 S /bin/sh /sbin/hotplug button 384 root 396 R /bin/sh /sbin/hotplug button 385 root [keventd] _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 72 of 372...
Page 73: Using Unified Configuration Interface (Uci)
-f <file> use <file> as input instead of stdin when importing, merge data into an existing package _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 73 of 372...
Page 74 Note: all operations do not act directly on the configuration files. A commit command is required after you have finished your configuration. root@VA_router:~# uci commit _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 74 of 372...
Page 75 To show the configuration ‘tree’ for a given config, enter: root@VA_router:/# uci show network network.loopback=interface network.loopback.ifname=lo network.loopback.proto=static network.loopback.ipaddr=127.0.0.1 network.loopback.netmask=255.0.0.0 network.lan=interface network.lan.ifname=eth0 network.lan.proto=dhcp network.wan=interface network.wan.username=foo _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 75 of 372...
Page 76 To show the image running currently, enter: root@VA_router:~# vacmd show current image To set the image to run on next reboot, enter: root@VA_router:~# vacmd set next image [image1|image2|altimage] root@VA_router:~# reboot _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 76 of 372...
Page 77 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 77 of 372...
Page 78: Configuration Files
11.3 Configuration files The table below lists common package configuration files that can be edited using uci commands. Other configuration files may also be present depending on the specific options available on the Virtual Access router. File Description Management /etc/config/autoload...
Page 79 It is important to note that identifiers and config file names may only contain the characters a-z, A-Z, 0-9 and _. However, option values may contain any character, as long they are properly quoted. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 79 of 372...
Page 80: Management Configuration Settings
12.2 Monitor Monitor is a Virtual Access proprietary tool, based on SNMP protocol, to monitor wide networks of deployed routers. The router will be configured to send information to Monitor, which is then stored and viewed centrally via the Monitor application. This includes features such as traffic light availability status, syslog and SLA monitoring.
Page 81: Autoload: Boot Up Activation
In the top menu, select Services ->Autoload. The Autoload page has two sections: Basic Settings and Entries. Click Add to access configuration settings for each section. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 81 of 372...
Page 82: Virtual Access
Defines how many minutes to back off for if a download and all retires fail. After the backoff period, the entire autoload sequence UCI: autoload.main.BackoffTimer will start again. Opt: Backofftimer Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 82 of 372...
Page 83 Notifies activator sequence is complete. Opt: RemoteFilename $$ ini Request configuration $$ img Request firmware Note: $$.vas should always be requested last. Table 21: Information table for autoload _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 83 of 372...
Page 84: Autoload Using Uci
'core' 'main' option 'Enabled' "yes" option 'StartTimer' "10" option 'RetryTimer' "30" option 'NumberOfRetries' "5" option 'BackoffTimer' "15" option 'BootUsingConfig' "altconfig" option 'BootUsingImage' "altimage" config 'entry' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 84 of 372...
Page 85: Http Client: Configuring Activation Using The Web Interface
To configure HTTP Client for Activator, in the top menu, click Services -> HTTP Client. The HTTP Client page has two sections: Basic Settings and Advanced Settings. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 85 of 372...
Page 86 Opt: SecureDownload Disabled. Advanced settings Web: ActivatorDownloadPath Specifies the URL on Activator to which the client should send requests. UCI: httpclient.default.ActivatorDownloadPath /Activator/Sessionle ss/Httpserver.asp Opt: ActivatorDownloadPath Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 86 of 372...
Page 87: Httpclient: Activator Configuration Using Uci
Disabled. Opt: IgnoreServerCertificateStatus Table 22: Information table for HTTP client 12.8 Httpclient: Activator configuration using UCI root@VA_router:~# uci show httpclient httpclient.default=core httpclient.default.Enabled=yes httpclient.default.FileServer=10.1.83.36:80 10.1.83.37:80 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 87 of 372...
Page 88: Httpclient: Activator Configuration Using Package Options
PresentCertificateEnabled 'no' option ValidateServerCertificateEnabled 'no' option CertificateFile '/etc/httpclient.crt' option CertificateFormat 'PEM' option CertificateKey '/etc/httpclient.key' option ActivatorChunkyDownloadPath '/activator/partial/download' option ChunkSize '100k' option RateLimit '2' option CAFile ‘\’ _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 88 of 372...
Page 89: User Management Using Uci
Specifies SMS access permissions for the user. UCI: management_users.@user[x].smsuser Disabled. Opt: smsuser Enabled. Web: n/a Specifies linuxuser access permissions for the user. UCI: linuxuser Disabled. Opt: linuxuser Enabled. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 89 of 372...
Page 90: Configuring The Management User Password Using Uci
'$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw If you are changing the password using UCI, enter the new password in plain text using the password option. package management_users _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 90 of 372...
Page 91: User Management Using Uci
‘1’ option username ‘test’ option hashpassword ‘$1$XVzDHHPQ$SKK4geFonctihuffMjS4U0’ option webuser ‘1’ option linuxuser ‘1’ option papuser ‘0’ option chapuser ‘0’ option srpuser ‘0’ options smsuser ‘0’ _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 91 of 372...
Page 92: Configuring User Access To Specific Web
To specify monitor widgets only, enter: listallowed_pages 'monitor/<widgetname>' Example widget names are: dhcp, arp, 3gstats, interfaces, memory, multiwan, network, openvpn, routes, system, ipsec, dmvpn, tservd. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 92 of 372...
Page 93: Configuring An Ethernet Interface
To create and edit interfaces via the web interface, in the top menu, click Network -> Interfaces. The Interfaces overview page appears. Figure 44: The interfaces overview page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 93 of 372...
Page 94 To create a new interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 45: The create interface page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 94 of 372...
Page 95 'Bring up on boot', 'Monitor interface state', Override MAC address, Override MTU and 'Use gateway metric' Physical Settings Bridge interfaces, VLAN PCP to SKB priority mapping, Firewall settings Assign a firewall zone to the interface _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 95 of 372...
Page 96 Web: IPv6 gateway Assign given IPv6 default gateway to this interface (optional). UCI: network.<if name>.ip6gw Opt: ip6gw Table 25: Information table for LAN interface common configuration settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 96 of 372...
Page 97 Specifies the default route metric to use for this interface (optional). UCI: network.<if name>.metric Opt: metric Table 26: Information table for common configuration advanced settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 97 of 372...
Page 98 Socket buffer to VLAN priority code point mapping. Multiple priority mappings are entered with a space between them when UCI: network.<if using UCI. name>.vlan_qos_map_egress Example: network.<if name>. vlan_qos_map_egress =1:2 2:1 Opt: list vlan_qos_map_egress _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 98 of 372...
Page 99: Loopback Interfaces
IP aliasing is associating more than one IP address to a network interface. You can assign multiple aliases. 13.2.4.1 IP-alias packages Package Sections Network alias _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 99 of 372...
Page 100 The IP Aliases configuration options page appears. The IP-Alias is divided into two sub sections: general setup and advanced. 13.2.4.3 IP-aliases: general setup Figure 50: The IP-aliases general setup section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 100 of 372...
Page 101 Note: this option is only available for interfaces with a static IP address. 13.2.5.1 DHCP server: packages Package Sections dhcp dhcp To assign a DHCP Server to the interface, click Setup DHCP Server. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 101 of 372...
Page 102 Defines the lease time of addresses handed out to clients, for example 12h or 30m. UCI: dhcp.@dhcp[x].leasetime 12 hours Opt: leasetime Range Table 31: Information table for DHCP server general setup page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 102 of 372...
Page 103: Interface Configuration Using Uci
13.3 Interface configuration using UCI The configuration files are stored on /etc/config/network, /etc/config/firewall and /etc/config/dhcp root@VA_router:~# uci show network ….. network.newinterface=interface network.newinterface.proto=static network.newinterface.ifname=eth0 network.newinterface.monitored=0 network.newinterface.ipaddr=2.2.2.2 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 103 of 372...
Page 104 13.3.1 Interface common configuration using package options The configuration files are stored on /etc/config/network, /etc/config/firewall and /etc/config/dhcp root@VA_router:~# uci export network package network …… config interface 'newinterface' option proto 'static' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 104 of 372...
Page 105 '100' option leasetime '12h' option limit '150' option interface 'newinterface' To change any of the above values use uci set command. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 105 of 372...
Page 106: Configuring Port Maps
Ethernet switch physical port to logical interface mappings, go to the Port Map section at Network->Interfaces. Figure 55: The Interface port map section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 106 of 372...
Page 107 To change any of the above values use uci set command. 13.5.3 Configuring port map using package options The configuration files are stored on /etc/config/network root@VA_router:~# uci export network ….. config va_switch option eth0 'A' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 107 of 372...
Page 108: Interface Diagnostics
Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:385585 errors:0 dropped:0 overruns:0 frame:0 TX packets:385585 errors:0 dropped:0 overruns:0 carrier:0 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 108 of 372...
Page 109: Route Status
Gateway Genmask Flags Metric Ref Iface 192.168.100.0 255.255.255.0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 109 of 372...
Page 110: Configuring Ignition Sense
You can configure the Vapowermond package using the web interface. In the top menu, click Services ->Power Monitor. The basic settings page appears. Figure 56: Power monitor basic settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 110 of 372...
Page 111 Table 34: Information table for power monitor basic settings 14.2.2 Power monitor advanced settings Click the Advance tab to access advanced settings. Figure 57: Power monitor advanced settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 111 of 372...
Page 112: Configuring Vapowermond Using The Command Line
‘main’ option enabled ‘1’ option timeout ‘30’ option voltage_sense_scripts_enable ‘0’ option voltage_on_script ‘/usr/bin/powermon_voltage_on.sh’ option voltage_off_script ‘/usr/bin/powermon_voltage_off.sh’ option voltage_msg ‘powermon’ option log_severity ‘5’ _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 112 of 372...
Page 113: Ignition Sense Diagnositcs
14.4.1 Monitoring Vapowermond status using the command line interface To view status information about the current ignition sense state enter: root@VA_router:~# cat /sys/class/gpio/gpio29/value 1 for ignition on;0 for ignition off _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 113 of 372...
Page 114: Configuring Satop And Cesopsn
CESoPSN is an abbreviation for “Circuit Emulation Services over Packet Switched Network”. It is defined in IETF RFC5086 and is currently supported on Virtual Access router models fitted with ALL, X.21 or E1/T1 interfaces. It is used to carry an analogue leased line, an X.21 interface, an E1 timeslot or a group of E1 timeslots over a packet...
Page 115: Virtual Access Proprietary Satop/Cesopsn Protocol Extension
15.3 Virtual Access proprietary SAToP/CESoPSN protocol extension To compensate for packet loss in the network, Virtual Access implemented a proprietary extension to SAToP/CESoPSN. When enabled, a copy of the previous packet payload is added to the end of the packet. With the help of this mechanism it is possible to overcome the loss of single packets.
Page 116: Configuring Satop/Cesopsn
Note: the Blackbox tab only appears if Blackbox is configured on your router. Figure 60: SAToP/CESoPSN basic settings Figure 61: SAToP/CESoPSN blackbox settings Figure 62: SAToP/CESoPSN advanced settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 116 of 372...
Page 117: Configuring Main Settings Using Uci
Enables the use of the TOS field in the IP header. UCI: cesopd.main.tos_enabled Disabled. Opt: tos_enabled Enabled. Web: TOS Value Note: before changing this value, consult with Virtual Access support. UCI: cesopd.main.tos_enabled Decimal value of the TOS field in the IP Opt: tos_value header.
Page 118: Configuring Port Settings Using The Web Interface
Note: for E1 CESoPSN, a port represents a timeslot or group of timeslots. Figure 63: CESoPSN basic port settings Figure 64: CESoPSN advanced port settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 118 of 372...
Page 119 15: Configuring SAToP and CESoPSN _______________________________________________________________________________________________________ Figure 65: CESoPSN E1 port settings Figure 66: CESoPSN dual X.21 port settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 119 of 372...
Page 120 Enables the use of RTP header as specified in RFC5086. UCI: cesopd.[port].rtp_header_enabled Note: before disabling the use of RTP header, ensure that the peer supports this. Opt: rtp_header_enabled Disabled. Enabled. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 120 of 372...
Page 121 15: Configuring SAToP and CESoPSN _______________________________________________________________________________________________________ Web: Enable Packet Redundancy Enables a Virtual Access proprietary CESoPSN protocol extension, which can help to overcome packet loss. See the section ‘Virtual UCI: Access proprietary CESoPSN protocol extension’ for more cesopd.[port].va_prop_payload_redundan information. cy_enabled...
Page 122 N/A for E1 and ALL. Opt: dce Disabled. Enabled. Web:FIFO IRQ Level Specifies the FIFO IRQ Level. UCI: cesopd.[port].fifo_irq_level Note: before changing this value, consult with Virtual Access support. Opt: fifo_irq_level Specifies the IRQ level. Range 1-5. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7...
Page 123 Opt: x21_data_delay Range 0-7. Web:Driver Poll Interval Specifies the driver poll interval in milliseconds. UCI: cesopd.[port].tdm_intvl_ms Note: before changing this value, consult with Virtual Access support. Opt: tdm_intvl_ms Specifies the poll interval. Range 1-10. Table 39: Dual X.21 port settings...
Page 124: Configuring Port Settings Using Uci
'ttyU0' <generic port options> ……. option e1t1_end '1' option e1t1_line_code '1' option e1t1_framing '2' option e1t1_impedance '1' option e1t1_timeslot '1' option e1t1_protocol '0' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 124 of 372...
Page 125: Cesopsn Diagnostics
# uci export cesopd package cesopd config cesopd 'main' option log_severity '5' option enable '1' config port 'Port1' option enable '1' option devname 'ttyLC0' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 125 of 372...
Page 126 To show the currently running configuration, enter: root@VA_router:~# cesop show config Main Config ----------- enable nodaemon log_severity tos_enabled tos_value : 16 blackbox_enabled blackbox_hours : 10 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 126 of 372...
Page 127 : 16 app_bit_reverse app_rx_shift va_prop_payload_redundancy_enabled: 0 devname : ttyU0 local_loopback rate ext_clock fifo_irq_level bit_reverse dte_tt_inv dce_tclk_inv dce_rclk_inv x21_clk_invert x21_data_delay x21_use_vco tdm_intvl_ms all_four_wire_mode _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 127 of 372...
Page 128 Rx TDM Payload [55][D5]... Tx CESoPSN Header L-Bit Tx CESoPSN Header R-Bit Tx CESoPSN Header M-Bits Tx TDM Payload [D4][51]... Uptime 40 hrs 45 mins 47 secs _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 128 of 372...
Page 129 Rx: TDM payload length errors 15.9.4 cesop clear stats To reset the statistical counters, enter: root@VA_router:~# cesop clear stats cesopd stats cleared cesop show debug _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 129 of 372...
Page 130 15: Configuring SAToP and CESoPSN _______________________________________________________________________________________________________ The output provided by cesop show debug is intended for Virtual Access support technicians and therefore the interpretation of the output produced by cesop show debug command is not explained here. root@VA_router:~# cesop show debug...
Page 131 If enabled, the blackbox records instances of packet loss or the late transmission and reception of packets. The information stored in the blackbox can help Virtual Access support analyse problems such as excessive jitter and packet loss. The information in the blackbox is intended for Virtual Access technicians and therefore, the interpretation of the output produced by cesop blackbox show command is not explained here.
Page 132 The command cesop upgrade usbcard re-programs the E1 card with the image in /lib/firmware/va-userial.bin The command is used for software upgrade of the E1 card. If an upgrade is necessary the image will be provided by Virtual Access. The upgrade process is logged on syslog. root@VA_router:~# cesop upgrade usbcard...
Page 133 To see the result of E1 card’s CPLD programming, enter: root@VA_router:~# cesop show usbcard cpld status USB card CPLD programming status: 0 The status should be 0. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 133 of 372...
Page 134 23 seconds 15.9.13 cesop clear bert stats To reset the bit error rate test statistical counters, enter: root@VA_router:~# cesop clear bert stats bert stats cleared _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 134 of 372...
Page 135: Configuring Dhcp Server And Dns (Dnsmasq)
In the top menu, select Network -> DHCP and DNS. The DHCP and DNS page appears. There are three sections: Server Settings, Active Leases, and Static Leases. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 135 of 372...
Page 136 16: Configuring DHCP server and DNS (Dnsmasq) _______________________________________________________________________________________________________ Figure 68: The DHCP and DNS page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 136 of 372...
Page 137 Opt: list rebind_domain No list configured. Range Table 41: Information table for general server settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 137 of 372...
Page 138 Defines local host’s files. When using UCI multiple servers should be entered with a space between them. UCI: dhcp.@dnsmasq[0].addnhosts Opt: list addnhosts Table 42: Information table for resolv and host files section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 138 of 372...
Page 139 Defines the filename of the boot image advertised to clients. This specifies BOOTP options, in most cases just the file name. UCI: dhcp.@dnsmasq[0].dhcp_boot Opt: dhcp_boot Table 43: Information table for TFTP settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 139 of 372...
Page 140 Enables disallow option for forwarding requests that cannot be answered by public name servers. Normally enabled for dial on UCI: dhcp.@dnsmasq[0].filterwin2k demand interfaces. Opt: filterwin2k Enabled. Disabled. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 140 of 372...
Page 141 Opt: dnsforwardmax Range Table 44: Information table for advanced settings 16.2.5 Active leases This section displays all currently active leases. Figure 72: The active leases section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 141 of 372...
Page 142 Web: IPv4 Address The IPv4 address specifies the fixed address to use for this host.. UCI: dhcp.@host[0].ip Opt: ip Table 46: Information table for static leases _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 142 of 372...
Page 143: Configuring Dhcp And Dns Using Uci
2.2.2.2 dhcp.@dnsmasq[0].rebind domain=tes.domain dhcp.@dnsmasq[0].enable_tftp=0 dhcp.@dnsmasq[0].tftp_root=/tmp/tftp dhcp.@dnsmasq[0].dhcp_boot=boot.image dhcp.@dnsmasq[0].nonegcache=0 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 143 of 372...
Page 144 '1' option strictorder '1' list bogusnxdomain '1.1.1.1 ' list bogusnxdomain '2.2.2.2' option port '53' option dhcpleasemax '150' option ednspacket_max '1280' option dnsforwardmax '150' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 144 of 372...
Page 145: Configuring Dhcp Pools Using Uci
Range Web: n/a Defines the offset from the network address for the end of the DHCP pool UCI: dhcp.<pool_name>.limit Opt: limit Range 0 - 255 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 145 of 372...
Page 146: Configuring Static Leases Using Uci
'00:11:22:33:44:55' option name 'mypc' This adds the fixed IP address 192.168.1.2 and the name "mypc" for a machine with the (Ethernet) hardware address 00:11:22:33:44:55. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 146 of 372...
Page 147: Configuring Vlan
17: Configuring VLAN _______________________________________________________________________________________________________ 17 Configuring VLAN 17.1 Maximum number of VLANs supported Virtual Access’ routers support up to 4095 VLANs. 17.2 Configuration package used Package Sections Network 17.3 Configuring VLAN using the web interface 17.3.1 Create a VLAN interface To configure VLAN using the web interface, in the top menu, select Network - >Interfaces.
Page 148: Virtual Access
Enter a name, for example eth0.100. This will assign VLAN 100 to the eth0 interface. Opt: ifname Table 48: Information table for the create interface page Click Submit. The Interfaces page for VLAN1 appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 148 of 372...
Page 149 The IPv4 address of the interface. This is optional if an IPv6 address is provided. UCI: network.VLAN1.ipaddr Opt: ipaddr Web: IPv4 netmask Subnet mask to be applied to the IP address of this interface. UCI: network.VLAN1.netmask Opt: netmask _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 149 of 372...
Page 150: Viewing Vlan Interface Settings
To view the new VLAN interface settings, in the top menu, select Network -> Interfaces. The Interfaces Overview page appears. The example below shows two VLAN interfaces configured. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 150 of 372...
Page 151: Configuring Vlan Using The Uci Interface
When specifying the ifname ensure that it is written in dotted mode, that is, eth1.100 where eth1 is the physical interface assigned to VLAN tag 100. Note: VLAN1 is, by default the native VLAN and will not be tagged. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 151 of 372...
Page 152: Qos: Vlan 802.1Q Pcp Tagging
18.1 Configuring VLAN PCP tagging Virtual Access routers have the capability to respect and set PCP priority values inside 802.1Q VLAN tagged frames. The following partial export of network configuration shows how to configure VLAN priorities for specific interfaces (VLANs).
Page 153 Any frames received on VLAN4 destined to VLAN2 with PCP priority set to 0 will • have a priority of 5 set as they leave the router on VLAN4. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 153 of 372...
Page 154 ‘vlan_qos_map_egress’ and are destined to tagged interface, 802.1Q tag will be created with a default priority of 0 and then the priority will be set according to the PCP value specified as the frames leave port. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 154 of 372...
Page 155: Qos: Type Of Service
19: QoS: type of service _______________________________________________________________________________________________________ 19 QoS: type of service Virtual Access routers are capable of implementing quality of service configurations on a per interface basis, which allows traffic prioritisation based on type of service criteria parameters. 19.1 QoS configuration overview...
Page 156 Table 50: Information table for QoS page To add classification rules, click Add. TheClassification Rules section appears. Configure each classification rule with the following parameters. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 156 of 372...
Page 157: Configuring Qos Using Uci
Each interface can have its own buffer. The interface section declares global characteristics of the connection on which the specified interface is communicating. The following options are defined within this section: _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 157 of 372...
Page 158 UCI: qos.Default.classes=Express Normal Specifies the list of names of classes which should be part of classgroup. Opt: classes qos.Default.default=Normal Defines which class is considered default. Opt: default _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 158 of 372...
Page 159 Defines to how many % of the available bandwidth this class is capped to. Opt: limitrate 19.4.4 Classify Classifiers match the traffic for desired class. config classify option target 'Express' option proto 'udp' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 159 of 372...
Page 160: Example Qos Configurations
'Express' option packetsize '1000' option maxsize '800' option avgrate '50' option priority '10' option limitrate '10' config classify option target 'Express' option proto 'udp' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 160 of 372...
Page 161: Configuring Static Routes
UCI: network.@route[0].target Opt: target Web: netmask Defines the route netmask. If omitted, 255.255.255.255 is assumed, which makes the target a host address. UCI: network.@route[0].netmask Opt: netmask _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 161 of 372...
Page 162: Configuring Ipv6 Routes Using The Web Interface
By default all routes are named ‘route’, it is identified by @route then the route’s position in the package as a number. For example, for the first route in the package using UCI: network.@route[0]=route network.@route[0].interface=lan _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 162 of 372...
Page 163: Ipv4 Routes Using Uci
The command line example routes in the subsections below do not have a configured name. root@VA_router:~# uci show network network.@route[0]=route network.@route[0].interface=lan network.@route[0].target=3.3.3.10 network.@route[0].netmask=255.255.255.255 network.@route[0].gateway=10.1.1.2 network.@route[0].metric=3 network.@route[0].mtu=1400 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 163 of 372...
Page 164: Ipv4 Routes Using Package Options
IPv6 routes using packages options root@VA_router:~# uci export network package network …. config route option interface 'lan' option target '2001:0DB8:100:F00:BA3::1/64' option gateway '2001:0DB8:99::1' option metric ‘1’ option mtu '1500' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 164 of 372...
Page 165: Static Routes Diagnostics
Gateway Genmask Flags Metric Ref Iface 192.168.100.0 255.255.255.0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 165 of 372...
Page 166: Configuring Bgp (Border Gateway Protocol)
In the top menu, select Network -> BGP. BGP configuration page appears. The page has three sections: Global Settings, BGP Neighbours and BGP Route Map. Figure 82: The BGP page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 166 of 372...
Page 167 Type in a name for the BGP route map name and then click Add. The ROUTEMAP configuration section appears. You can configure multiple route maps. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 167 of 372...
Page 168 Defines the set value when a match occurs. Value format depends on the set option you have selected. UCI: bgpd.ROUTEMAP.set Opt: set Table 55: Information table for routemap _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 168 of 372...
Page 169: Configuring Bgp Using Uci
You can also configure BGP using UCI. The configuration file is stored on /etc/config/bgpd root@VA_router:~# uci show bgpd bgpd.bgpd=routing bgpd.bgpd.enabled=yes bgpd.bgpd.router_id=3.3.3.3 bgpd.bgpd.asn=1 bgpd.bgpd.network=11.11.11.0/29 192.168.103.1/32 bgpd.@peer[0]=peer bgpd.@peer[0].route_map_in=yes bgpd.@peer[0].ipaddr=11.11.11.1 bgpd.@peer[0].asn=1 bgpd.@peer[0].route_map=ROUTEMAP bgpd.ROUTEMAP=routemap _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 169 of 372...
Page 170: Configuring Bgp Using Packages Options
'ROUTEMAP' config routemap 'ROUTEMAP' option order '10' option permit 'yes' option match_type 'ip address' option match '192.168.101.1/32' option set_type 'ip next-hop' option set '192.168.101.2/32' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 170 of 372...
Page 171: View Routes Statistics
To view routes via the command line, enter: root@support:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Iface 10.1.0.0 0.0.0.0 255.255.0.0 0 br- lan2 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 171 of 372...
Page 172: Configuring A Wifi Connection
_______________________________________________________________________________________________________ 22 Configuring a WiFi connection This section explains how to configure WiFi on a Virtual Access router using the web interface or via UCI. WiFi can act as an Access Point (AP) to another device in the network or it can act as a client to an existing AP.
Page 173 Web: Transmit power Select the transmit power range range you require. UCI: wireless.radio0.txpower Range 0dBm(1mW)-17dBm(50mW) Opt: txpower 17dBM(50mW) Table 57: Information table for the device configuration section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 173 of 372...
Page 174 Web: RTS/CTS Threshold Defines the RTS/CTS threshold UCI: wireless.radio0.rts None Router defaults applied Opt: rts Range Table 58: Information table for device configuration advanced settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 174 of 372...
Page 175 Use this section to configure the interface name, mode and network settings. Differing web options may be presented depending on the Mode selected. Figure 90: The interface configuration general setup section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 175 of 372...
Page 176 Use this section to configure encryption, ciper and create a security key. Differing options wil be defined depending on the encryption selected. Figure 91: The wireless security section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 176 of 372...
Page 177 Web: Radius Accounting -Port Defines the Radius port for EAP accounting. UCI:wireless.@wifi-iface[0].acct_port Opt: acc_port Web: Radius Accounting -Secret Defines the Radius secret for EAP accounting. UCI:wireless.@wifi-iface[0].acct_secret Opt: acct_secret _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 177 of 372...
Page 178: Configuring Wifi In Ap Mode
WiFi interface’, selecting a new interface for the Wireless Network in the Interface Configuration section. Next, in the top menu, select Network -> Interfaces. The Interface Overview page appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 178 of 372...
Page 179 UCI and package options. Opt:ifname Example: option ifname ‘eth2 eth3’ or network.<if name>.ifname=eth2 eth 3 Table 62: Information table for the physical section on the common configuration page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 179 of 372...
Page 180: Configuring Wifi Using Uci
'US' config wifi-iface option device 'radio0' option mode 'ap' option disabled '1' option ssid 'Test_AP' option network 'newwifilan' option encryption 'psk' option key 'secretkey' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 180 of 372...
Page 181 'lan' option ifname 'eth0' option proto 'static' option ipaddr '192.168.100.1' option netmask '255.255.255.0' option type 'bridge' root@VA_router:~# uci export wireless package wireless _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 181 of 372...
Page 182 22.4.4 AP mode on an existing Ethernet interface using UCI root@VA_router:~# uci show network network.lan=interface network.lan.ifname=eth0 network.lan.proto=static network.lan.ipaddr=192.168.6.1 network.lan.netmask=255.255.255.0 network.lan.type=bridge root@VA_router:~# uci show wireless wireless.radio0=wifi-device wireless.radio0.type=mac80211 wireless.radio0.channel=11 wireless.radio0.phy=phy0 wireless.radio0.hwmode=11ng _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 182 of 372...
Page 183: Creating A Wifi In Client Mode Using The Web Interface
In the top menu, select Network -> Interfaces. The Interfaces Overview page appears. Click Edit in the newly created WiFi Client interface. The Common Configuration page appears. Figure 94: The client interface page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 183 of 372...
Page 184: Configuring Wifi In Client Mode Using Command Line
'radio0' option type 'mac80211' option channel '11' option phy 'phy0' option hwmode '11ng' option htmode 'HT20' list ht_capab 'SHORT-GI-40' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 184 of 372...
Page 185 22.6.2.1 uci show wireless root@VA_router:~# uci show wireless wireless.radio0=wifi-device wireless.radio0.type=mac80211 wireless.radio0.channel=11 wireless.radio0.phy=phy0 wireless.radio0.hwmode=11ng wireless.radio0.htmode=HT20 wireless.radio0.ht_capab=SHORT-GI-40 TX-STBC RX-STBC1 DSSS_CCK-40 wireless.radio0.txpower=17 wireless.radio0.country=US wireless.@wifi-iface[0]=wifi-iface wireless.@wifi-iface[0].device=radio0 wireless.@wifi-iface[0].ssid=Remote-AP wireless.@wifi-iface[0].mode=sta wireless.@wifi-iface[0].network= newwifiClient wireless.@wifi-iface[0].encryption=psk2 wireless.@wifi-iface[0].key=testtest _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 185 of 372...
Page 186: Configuring A Mobile Connection
To create a new mobile interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. In the examples below 3G has been used for the interface name. Figure 95: The create interface page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 186 of 372...
Page 187 Set up more in-depth features such as initionalization timeout, LCP echo failure thresholds and inactivity timeouts. Firewall settings Assign a firewall zone to the connection. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 187 of 372...
Page 188 Allows GSM module to only connect to lte network cdma Allows GSM module to only connect to cdma network auto GSM module will automatically detect the best available technology code. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 188 of 372...
Page 189 The Modem Configuration link at the bottom of the page is used for SIM pin code and SMS configuration. For more information, read the chapter ‘Configuring mobile manager’. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 189 of 372...
Page 190 23: Configuring a mobile connection _______________________________________________________________________________________________________ 23.2.1.2 Mobile interface: advanced settings Figure 97: The advanced settings tab _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 190 of 372...
Page 191 Web: Inactivity timeout Close inactive connection after the given amount of seconds, use 0 to persist connection. UCI: network.3G.demand Do not disconnect on inactivity Opt: demand Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 191 of 372...
Page 192: Configuring A Mobile Connection Using Cli
Configuring a mobile connection using CLI 23.3.1 UCI To establish a basic mobile connection, enter: root@VA_router:~# uci show network network.3G=interface network.3G.proto=3g network.3G.monitored=0 network.3G.sim=any network.3G.auto=1 network.3G.defaultroute=1 network.3G.service=autonetwork.3G.apn=test.apn network.3G.username=username network.3G.password=password _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 192 of 372...
Page 193: Diagnositcs
To view mobile connectivity information, in the top menu, select Status -> Mobile Stats. The Mobile/3G Information page appears. Figure 99: The mobile stats page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 193 of 372...
Page 194 Home network mobile.3g_1_1_1.reg_code_pkt=1 mobile.3g_1_1_1.area=FFFE mobile.3g_1_1_1.cell=189150A mobile.3g_1_1_1.tech=7 mobile.3g_1_1_1.technology=E-UTRAN mobile.3g_1_1_1.operator=0,0,"Vodafone",7 mobile.3g_1_1_1.sim1_iccid=89460127120912066226 mobile.3g_1_1_2.sim_slot=1 mobile.3g_1_1_2.sim_in=yes mobile.3g_1_1_2.operator="Vodafone" mobile.3g_1_1_2.cdma_roaming=Not Roaming mobile.3g_1_1_2.cdma_roaming_code=0 mobile.3g_1_1_2.cdma_srvmode=EVDO Rev B mobile.3g_1_1_2.cdma_srvmode_code=5 mobile.3g_1_1_2.cdma_total_drc=0.0 kbps mobile.3g_1_1_2.cdma_carr_cnt=2 mobile.3g_1_1_2.cdma_rx0=78 mobile.3g_1_1_2.sig_dbm=nan mobile.3g_1_1_2.cdma_rx1=105 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 194 of 372...
Page 195: Configuring Mobile Manager
Roaming template 24.2 Configuring mobile manager using the web interface Select Services -> Mobile Manager. The Mobile Manager page appears. Figure 100: The mobile manager page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 195 of 372...
Page 196 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 67: Information table for mobile manager basic settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 196 of 372...
Page 197 5 channel number Web: Primary Channel B Allows the primary channel (B) to be changed UCI: mobile.main.cdma_primary_channel_b Default Opt: cdma_primary_channel_b 1-2016 any band class 5 channel number _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 197 of 372...
Page 198: Configuring Mobile Manager Using Uci
_____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 198 of 372...
Page 199: Configuring A Roaming Interface Template Via The Web Interface
To monitor via the web browser, login and select Status >system log. Scroll to the bottom of the log to view the SMS message. Figure 101: Example of output from system log _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 199 of 372...
Page 200: Sending Sms From The Router
An example would be to SMS the SIM card number by typing the following command on the phone and checking the SMS received from the router. uci show mobile.@caller[0].number _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 200 of 372...
Page 201: Configuring Multi-Wan
25.2 Configuring Multi-WAN using the web interface In the top menu, select Network -> Multi-Wan. The Multi-WAN page appears. Figure 102: The multi-WAN page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 201 of 372...
Page 202 In the WAN interfaces section, enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 202 of 372...
Page 203 25: Configuring Multi-WAN _______________________________________________________________________________________________________ Figure 103: Example interface showing failover traffic destination as the added multi-WAN interface _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 203 of 372...
Page 204 Opt: health_recovery_retries Range Web: Priority Specifies the priority of the interface. The higher the value, the higher the priority. UCI: multiwan.wan.priority Opt: priority Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 204 of 372...
Page 205 Tech values are: GSM Compact UTRAN GSM w/EGPRS UTRAN w/HSPDA UTRAN w/HSUPA UTRAN w/HSUPA and HSDPA E-UTRAN Table 70: Information table for multi-WAN interface page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 205 of 372...
Page 206: Multi-Wan Traffic Rules
'3' option health_recovery_retries '5' option priority '2' option manage_state 'yes' option exclusive_group '0' option ifup_retry_sec '40' option icmp_hosts 'disable' option icmp_interval ‘1’ option timeout ‘3’ _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 206 of 372...
Page 207: Multi-Wan Diagnostics
The multi-WAN package is linked to the network interfaces within /etc/config/network. Note: multi-WAN will not work if the WAN connections are on the same subnet and share the same default gateway. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 207 of 372...
Page 208: Troubleshooting
'0' option ifup_retry_sec '300' option ifup_timeout_sec '40' The following output shows the multi-WAN standard stop/start commands for troubleshooting. root@VA_router:~# /etc/init.d/multiwan Syntax: /etc/init.d/multiwan [command] _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 208 of 372...
Page 209 CLI). Enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters will appear. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 209 of 372...
Page 210: Automatic Operator Selection
26 Automatic operator selection This section describes how to configure and operate the Automatic Operator Selection feature of a Virtual Access router. When the roaming SIM is connected, the radio module has the ability to scan available networks. The router, using mobile and multi-WAN packages, finds available networks to create and sort interfaces according to their signal strength.
Page 211 26.2.1.3 Create a primary predefined interface In the web interface top menu, go to Network ->Interfaces. The Interfaces page appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 211 of 372...
Page 212 Type the short operator name in lower case, for example: Operator name First four alphanumeric numbers Vodafone UK voda O2 – UK o2uk Orange oran _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 212 of 372...
Page 213 UCI: network.[..x..].ifname Opt: ifname Table 71: Information table for the create interface page Click Submit. The Common Configuration page appears. Figure 107: The common configuration page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 213 of 372...
Page 214 Click the link if you need to configure additional options from Mobile Manager. UCI: N/A Opt: N/A Table 72: Information table for the general set up section Click Save & Apply. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 214 of 372...
Page 215 On the web interface go to Network ->Multi-Wan. The Multi-WAN page appears. Figure 108: The multi-WAN page In the WAN Interfaces section, type in the name of the Multi-WAN interface. Click Add. The Multi-WAN page appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 215 of 372...
Page 216 Opt: alt Enabled. Web: WAN Interfaces Provide the same interface name as chosen in multiwan section below and click Add. UCI: multiwan.3g_s<sim- number>_<short-operator-name> Opt: 3g_s<sim-number>_<short- operator-name> _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 216 of 372...
Page 217 Range Web: Exclusive Group Defines the group to which the interface belongs, only one interface can be active. UCI: multiwan.[..x..].exclusive_group Opt: exclusive_group Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 217 of 372...
Page 218 26.2.2 Set options for automatically created interfaces (failover) From the top menu on the web interface page, select Services ->Mobile Manager. The Mobile Manager page appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 218 of 372...
Page 219 Web: HDR Auto User ID AN-PPP user ID. Supported on Cellient (CDMA) modem only. UCI: mobile.main.hdr_userid Opt: hdr_userid Table 74: Information table for mobile manager basic settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 219 of 372...
Page 220 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 75: Information table for caller settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 220 of 372...
Page 221 26: Automatic operator selection _______________________________________________________________________________________________________ 26.2.3 Roaming interface template Figure 111: The roaming interface template page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 221 of 372...
Page 222 Sets ping timeout in seconds. Choose the time in seconds that the health monitor ICMP will timeout at. Opt: timeout Wait 3 seconds for ping reply Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 222 of 372...
Page 223 26.2.4 Scenario 2: PMP + roaming: pre-empt disabled As in the previous section, multi-WAN connects the PMP interface and uses auto created interfaces for failover. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 223 of 372...
Page 224 In the top menu, select System -> Reboot. The System Reboot page appears. Figure 114: The system reboot page Check the Reboot now check box and then click Reboot. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 224 of 372...
Page 225 Web: PIN code for SIM2 Depending on the SIM card specify the pin code for UCI: mobile.main.sim2pin SIM 2. Opt: sim2pin blank range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 225 of 372...
Page 226 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 78: Information table for mobile manager caller settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 226 of 372...
Page 227 Web: Firewall Zone Adds all generated interfaces to this zone. UCI: Select existing zone or click unspecified or create to create a new mobile.@roaming_template[0].firewall_zo zone. Opt: firewall_zone _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 227 of 372...
Page 228 This field is not used for a roaming template. UCI: mobile.@roaming_template[0].health_rec overy_retries Opt: health_recovery_retries Web: Priority Type the priority number. The higher the value, the higher the priority. UCI: mobile.@roaming_template[0].priority Opt: priority range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 228 of 372...
Page 229 UCI: multiwan.config.alt Leave this option unselected. Opt: alt Disabled. Enabled. Table 80: Information table for multi-WAN operation _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 229 of 372...
Page 230: Configuring Via Uci
'test' option password 'test' option sim '1' option operator 'vodafone IE' To view uci commands, enter: root@VA_router:~# uci show network network.loopback=interface network.loopback.ifname=lo network.loopback.proto=static network.loopback.ipaddr=127.0.0.1 network.loopback.netmask=255.0.0.0 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 230 of 372...
Page 231 'wan' option apn 'test IE' option username 'test' option password 'test' option service 'umts' option health_interval '4' option icmp_hosts 'disable' option timeout 'disable' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 231 of 372...
Page 232 IE mobile.@roaming_template[0].username=test mobile.@roaming_template[0].password=test mobile.@roaming_template[0].service=umts mobile.@roaming_template[0].health_interval=4 mobile.@roaming_template[0].icmp_hosts=disable mobile.@roaming_template[0].timeout=disable mobile.@roaming_template[0].health_fail_retries=3 mobile.@roaming_template[0].signal_threshold=-95 mobile.@roaming_template[0].priority=5 mobile.@roaming_template[0].ifup_retry_sec=120 mobile.@roaming_template[0].ifup_timeout_sec=180 mobile.@roaming_template[0].defaultroute=yes mobile.@roaming_template[0].sort_sig_strength=yes _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 232 of 372...
Page 233 To view the uci command of package multiwan, enter: root@VA_router:~# uci show multiwan multiwan.config=multiwan multiwan.config.enabled=1 multiwan.config.preempt=1 multiwan.main_voda=interface multiwan.main_voda.health_fail_retries=3 multiwan.main_voda.health_interval=3 multiwan.3g_s1_voda.timeout=1 multiwan.3g_s1_voda.icmp_hosts=disable multiwan.3g_s1 main _voda.priority=10 multiwan.3g_s1_voda.exclusive_group=3g multiwan.3g_s1_voda.signal_threshold=-95 multiwan.3g_s1_voda.ifup_retry_sec=350 multiwan.3g_s1_voda.ifup_timeout_sec=180 multiwan.3g_s1_voda.manage_state=1 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 233 of 372...
Page 234: Configuring No Pmp + Roaming Using Uci
'test IE' option username 'test' option password 'test' option service 'umts' option health_fail_retries '2' option signal_threshold '-100' option priority '5' option ifup_timeout_sec '180' option defaultroute 'yes' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 234 of 372...
Page 235 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 235 of 372...
Page 236: Automatic Operator Selection Diagnostics Via The Web Interface
To check interfaces created in the Multi-WAN package, from the top menu, select Network -> Multi-WAN. To check interfaces that have been created in the network package, from the top menu, select Network -> Interfaces. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 236 of 372...
Page 237 Status. The Interface Status page appears. Scroll down to the bottom of the page to view Multi-WAN Stats. Figure 118: The status page: multi-WAN status section page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 237 of 372...
Page 238: Automatic Operator Selection Diagnostics Via Uci
/var/const_state/multiwan Figure 119: Example of output from the command: cat /var/const_stat/multiwan To check interfaces created in the network package, enter: root@VA_router:~# cat /var/const_state/network _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 238 of 372...
Page 239 26: Automatic operator selection _______________________________________________________________________________________________________ Figure 120: Example of output from the command cat /var/const_state/network _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 239 of 372...
Page 240 To check the status of the interface you are currently using, enter: root@VA_router:~# cat /var/const_state_/mobile Figure 121: Example of output from the command cat /vat/const_state_/mobile _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 240 of 372...
Page 241: Configuring Ipsec
If you need to create an IPSec template for DMVPN, read the chapter ‘Dynamic Multipoint Virtual Private Network (DMVPN)’. The number of IPSec tunnels supported by Virtual Access’ routers is not limited in any way by software; the only hardware limitation is the amount of RAM installed on the device.
Page 242 Table 81: Information table for IPSec common settings 27.2.2 Common settings: configure connection Figure 123: The configuring IPSec settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 242 of 372...
Page 243 Connection uses transport mode. pass Connection does not perform any IPSec processing. drop Connection drops all the packets. Table 82: Information table for connection settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 243 of 372...
Page 244 Defines the IP address of LAN serviced by remote peer. UCI: strongswan.@connection[X]. remotelan Opt:remotelan Web: Remote LAN IP Address Mask Defines the Subnet of remote LAN. UCI: strongswan.@connection[X]. remotelanmask Opt:remotelanmask _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 244 of 372...
Page 245 Using extended authentication and preshared key. never Can be used if negotiation is never to be attempted or accepted (shunt connections). Table 83: Information table for IP addressing settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 245 of 372...
Page 246 3des aes128 aes256 serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is aes128-sha-modp1536. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 246 of 372...
Page 247 UCI: strongswan.@connection[X].keyringtries for one, before giving up. The value %forever means 'never Opt: keyringtries give up'. Relevant only locally, other end need not agree on _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 247 of 372...
Page 248 Defines whether IP address or userfqdn is used. UCI: strongswan.@secret[X].idtype Opt: idtype Web: ID selector Defines the local address this secret applies to. UCI: strongswan.@secret[X].localaddress Opt: localaddress _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 248 of 372...
Page 249: Configuring Ipsec Using Uci
This will create the following output: config general 'general' option enabled 'yes' option strictcrlpolicy 'no' option uniqueids 'yes' option cachecrls 'no' option debug 'none' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 249 of 372...
Page 250: Connection Settings
This will create the following output: config connection option ikelifetime '3h' option keylife '1h' option rekeymargin '9m' option keyingtries '3' option dpddelay '30s' option dpdtimeout '150s' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 250 of 372...
Page 251 This will create the following output: config connection _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 251 of 372...
Page 252 'secret' If xauth is defined as the authentication method then you must include an additional config secret section, as shown in the example below. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 252 of 372...
Page 253: Configuring An Ipsec Template For Dmvpn Via The Web Interface
Control the overall behaviour of strongSwan. This behaviour is common across all tunnels. Connection Settings Together, these sections define the required parameters for a two-way IKEv1 tunnel. Secret Settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 253 of 372...
Page 254 Debug enabled. Most verbose logging also includes sensitive information such as keys. Table 86: Information table for IPSec common settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 254 of 372...
Page 255 Remote Id • Local LAN IP Address • Local LAN IP Address Mask • Remote LAN IP Address • Remote LAN IP Address Mask • _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 255 of 372...
Page 256 27: Configuring IPSec _______________________________________________________________________________________________________ Figure 128: The connections settings section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 256 of 372...
Page 257 UCI: strongswan.@connection[X]. Leave blank for DMVPN. remotelanmask Opt:remotelanmask Web: Local Protocol Restricts the connection to a single protocol on the local side. UCI: strongswan.@connection[X].localproto Opt: localproto _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 257 of 372...
Page 258 3des aes128 aes256 serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is: aes128-sha-modp1536. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 258 of 372...
Page 259 UCI: one, before giving up. The value %forever means 'never give strongswan.@connection[X].keyringtries up'. Relevant only locally, other end need not agree on it. Opt: keyringtries _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 259 of 372...
Page 260 Defines the local address this secret applies to. UCI: strongswan.@secret[X].localaddress Opt: localaddress Web: ID selector Defines the remote address this secret applies to. UCI: strongswan.@secret[X]. remoteaddress Opt: remoteaddress _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 260 of 372...
Page 261: Configuring An Ipsec Template To Use With Dmvpn
_____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 261 of 372...
Page 262 '30s' option keyingtries '%forever' option dpdaction 'hold' option dpddelay '30s' option dpdtimeout '150s' config secret option enabled 'yes' option secrettype 'psk' option secret 'secret' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 262 of 372...
Page 263: Ipsec Diagnostics Using The Web Interface
10.68.234.133/32[gre] === 192.168./32[gre] dmvpn_89_101_154_151{1}: INSTALLED, TRANSPORT, ESP in UDP SPIs: cca7b970_i d874dc90_o dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 89.101.154.151/32[gre] To view a list of IPSec commands, enter: root@VA_router:~# ipsec –help _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 263 of 372...
Page 264: Configuring Firewall
The General Zone, or defaults, section declares global firewall settings that do not belong to any specific zones. These default rules take effect last and more specific rules take effect first. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 264 of 372...
Page 265 Rejected packets are blocked by the firewall and ICMP message is returned to the source host. Drop Dropped packets are blocked by the firewall. Table 89: Information table for general settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 265 of 372...
Page 266 Reject Rejected packets are blocked by the firewall and ICMP message is returned to the source host. Drop Dropped packets are blocked by the firewall. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 266 of 372...
Page 267 Defines protocol family (ipv4, ipv6 or any) to generate iptables rules for. UCI: firewall.<zone label>.family Opt: family Table 90: Information table for firewall zone settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 267 of 372...
Page 268 Opt: log Web: Limit log messages Limits the amount of log messages per interval. UCI: firewall.<zone label>.log_limit Opt: log_limit Table 91: Information table for zone settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 268 of 372...
Page 269 Note: the rules generated for forwarding traffic between zones relay connection tracking to be enabled on at least one of the source or destination zones. This can be enabled through the conntrack option or through masq. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 269 of 372...
Page 270 Web: Internal IP address Specifies the internal (LAN) IP address for the traffic to be redirected UCI: firewall.<redirect label>.dest_ip Opt: dest_ip _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 270 of 372...
Page 271 NAT loopback (reflection). Figure 136: The firewall – port forwards – forward edits page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 271 of 372...
Page 272 28.2.4 Firewall traffic rules Rules can be defined to allow or restrict access to specific ports, hosts or protocols. Figure 137: The firewall traffic rules page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 272 of 372...
Page 273 For DNAT, redirects matched incoming traffic to the specified internal host. UCI: firewall.<rule label>.dest_ip For SNAT, matches traffic directed at the given address. Opt: dest_ip _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 273 of 372...
Page 274 Table 96: Information table for match ICMP type drop-down menu _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 274 of 372...
Page 275 Extra arguments to pass to iptables, this is mainly useful to specify additional match options, like -m policy --dir in for IPSec. Table 97: Information table for custom rules commands _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 275 of 372...
Page 276: Configuring Firewall Using Uci
28.3.3 Inter-zone forwarding To enable forwarding of traffic from WAN to LAN, enter: uci add firewall forwarding uci set firewall.@forwarding[1].dest=wan uci set firewall.@forwarding[1].src=lan _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 276 of 372...
Page 277 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 277 of 372...
Page 278: Ipv6 Notes
(DoS). _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 278 of 372...
Page 279: Connection Tracking
ACCEPT option proto This example enables machines on the internet to use SSH to access your router. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 279 of 372...
Page 280 When used alone, Source NAT is used to restrict a computer's access to the internet, but allows it to access a few services by manually forwarding what appear to be a few local _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7...
Page 281 The following rule blocks all connection attempts from the client to the internet. config rule option src option dest option src_mac 00:00:00:00:00:00 option target REJECT _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 281 of 372...
Page 282 Vlan12 interface in the network file. When reverse path filtering mechanism is enabled, the router will check whether a receiving packet source address is routable. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 282 of 372...
Page 283 !192.168.1.100 option src_dport option dest_ip 192.168.1.100 option dest_port 3128 option target DNAT config redirect option dest option proto _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 283 of 372...
Page 284: Ipsec Passthrough
ACCEPT For some configurations you also have to open port 500/UDP. # ISAKMP protocol config rule option src option dest option proto option src_port _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 284 of 372...
Page 285: Firewall Management
To see the rules as they are executed, run the fw command with the FW_TRACE environment variable set to 1 (one): root@VA_router:/# FW_TRACE=1 fw reload _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 285 of 372...
Page 286 28: Configuring firewall _______________________________________________________________________________________________________ To direct the output to a file for later inspection, enter: root@VA_router:/# FW_TRACE=1 fw reload 2>/tmp/iptables.lo _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 286 of 372...
Page 287: Configuring Snmp
Configuring SMNP using the web interface In the top menu, select Services -> SNMP. The SNMP Service page appears. 29.2.1 System and agent settings Figure 139: The SNMP service page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 287 of 372...
Page 288: Virtual Access
Map community names into security names based on the community name and the source subnet. Use the first source/community combination that matches the incoming packet. Figure 140: The COM2Sec settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 288 of 372...
Page 289 Web: Security Name An already defined security name that is being included in this group. UCI: snmpd.group[x].secname Opt: secname Table 100: Information table for group settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 289 of 372...
Page 290 Access settings map from a group of users/communities, in a specific context and with a particular SNMP version and minimum security level, to one of three views, depending on the request being processed. Figure 143: The access settings section _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 290 of 372...
Page 291 29.2.6 Trap receiver Trap receiver settings define a notification receiver that should be sent SNMPv1 TRAPs and SNMPv2c TRAP2. Figure 144: The trap receiver settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 291 of 372...
Page 292: Configuring Snmp Using Command Line
29.3 Configuring SNMP using command line The configuration files are stored on /etc/config/snmpd 29.3.1 System settings using UCI root@VA_router:~# uci show snmpd snmpd.system=system snmpd.system.sysLocation=Office 123 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 292 of 372...
Page 293 Note: the security names of “ro” and “rw” here are simply names – the fact of a security name having read only or read-write permissions is handled in the access section and dealt with at a group granularity. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 293 of 372...
Page 294 Similarly, requests from the security name “rw” in all protocols are mapped to the “private” group. 29.3.4.1 Group settings using UCI snmpd.grp_1_v1=group snmpd.grp_1_v1.version=v1 snmpd.grp_1_v1.group=public snmpd.grp_1_v1.secname=ro snmpd.grp_1_v2c=group snmpd.grp_1_v2c.version=v2c snmpd.grp_1_v2c.group=public snmpd.grp_1_v2c.secname=ro snmpd.grp_1_usm=group snmpd.grp_1_usm.version=usm snmpd.grp_1_usm.group=public _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 294 of 372...
Page 295 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 295 of 372...
Page 296 'rw' config 'group' 'private_v2c' option group 'private' option version 'v2c' option secname 'rw' config 'group' 'private_usm' option group 'private' option version 'usm' option secname 'rw' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 296 of 372...
Page 297 'access' 'public_access' option group 'public' option context 'none' option version 'any' option level 'noauth' option prefix 'exact' option read 'all' option write 'none' option notify 'none' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 297 of 372...
Page 298 # for SNMPv2c inform request receiver config informreceiver option host 'IPADDR[:PORT]' option community 'COMMUNITY STRING' An additional option was added to the 'agent' subsection: option authtrapenabled '0|1 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 298 of 372...
Page 299: Configuring Vrrp
To configure VRRP through the web interface, in the top menu, select Network -> VRRP. The VRRP page appears. To access configuration settings, click ADD. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 299 of 372...
Page 300 Sets the VRRP router ID (1 to 255). All co-operating VRRP routers serving the same LAN must be configured with the same UCI: vrrp.g1.router_id router ID. Opt: router_id Range 1-255 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 300 of 372...
Page 301: Configuring Vrrp Using Uci
'lan' option init_state 'BACKUP' option router_id '1' option priority '115' option advert_int_sec '2' option password 'secret' option virtual_ipaddr '10.1.10.150/16' option garp_delay_sec '5' option ipsec_connection 'Test' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 301 of 372...
Page 302 To change any of the above values use uci set command. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 302 of 372...
Page 303: Dynamic Multipoint Virtual Private Network (Dmvpn)
New hubs can be added to the network to improve the performances and reliability. Ability to carry multicast and main routing protocols traffic (RIP, OSPF, BGP). • DMVPN can be deployed using Activator, the Virtual Access automated • provisioning system. Simplifies branch communications by enabling direct branch to branch •...
Page 304: Dmvpn Scenarios
Then it initiates VPN IPSec connection to spoke2. When an IPSec tunnel is established, spoke1 and spoke2 can send traffic directly • to each other. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 304 of 372...
Page 305 Note: if an IPSec tunnel fails to be established between the spokes then packets between the spokes are sent via the hub. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 305 of 372...
Page 306: Configuration Packages Used
Selects the IPSec connection, defined in strongSwan, to be used as a template. UCI: dmvpn.common.ipsec_template_name Opt: ipsec_template_name Table 106: Information table for DMVPN general settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 306 of 372...
Page 307 Table 107: Information table for DMVPN hub settings 31.5.3 Configuring an IPSec template for DMVPN using the web interface Configuring an IPSec template is covered in the chapter ‘Configuring IPSec’. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 307 of 372...
Page 308: Dmvpn Diagnostics
Type: local Protocol-Address: 11.11.11.7/32 Alias-Address: 11.11.11.3 Flags: up Interface: gre-GRE Type: local Protocol-Address: 11.11.11.3/32 Flags: up Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 308 of 372...
Page 309 10.68.234.133[10.68.234.133]...89.101.154.151[89.101.154.151] dmvpn_89_101_154_151{1}: REKEYING, TRANSPORT, expires in 55 seconds dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 192.168./32[gre] dmvpn_89_101_154_151{1}: INSTALLED, TRANSPORT, ESP in UDP SPIs: cca7b970_i d874dc90_o dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 89.101.154.151/32[gre] _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 309 of 372...
Page 310 Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 Flags: used up Expires-In: 0:18 Interface: gre-GRE Type: static Protocol-Address: 11.11.11.1/29 NBMA-Address: 89.101.154.151 Flags: up _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 310 of 372...
Page 311: Configuring Terminal Package
Opt: flowcontrol Enabled. Table 109: Information table for terminal settings 32.3 Configuring Terminal package using UCI root@VA_router:~# uci show terminal terminal.ttySC0=terminal terminal.ttySC0.enabled=1 terminal.ttySC0.device=ttySC0 terminal.ttySC0.speed=115200 terminal.ttySC0.type=vt100 terminal.ttySC0.flowcontrol=1 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 311 of 372...
Page 312: Configuring Terminal Server Using Package Options
/etc/inittab ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K stop ttyLTQ0::askfirst:getty -L 115200 ttyLTQ0 vt100 ttyLTQ1::askfirst:getty -L 115200 ttyLTQ1 vt100 ttySC0::respawn:getty -h -L 115200 ttySC0 vt100 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 312 of 372...
Page 313: Configuring Terminal Server
Configuration page appears. You must configure two main sections: Main Settings and Port Settings. 33.3.1 Configure main settings Figure 153: The terminal server main settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 313 of 372...
Page 314 33.3.2.1 Port settings: general section In this section you can configure general port settings. The settings are usually the same for the central and the remote site. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 314 of 372...
Page 315 Web: Serial Forwarding Timeout (ms) Forwarding timeout in milliseconds (network to serial). UCI: tservd.@port[0]. sfwd_timeout Set to 0 to forward to serial immediately. Opt: sfwd_timeout 20 ms Range 0-10000 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 315 of 372...
Page 316 Note: • The displayed settings vary depending on options selected. DTR <--> DSR signalling is not available on GW2028 router models. • _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 316 of 372...
Page 317 33: Configuring Terminal Server _______________________________________________________________________________________________________ Figure 155: The serial section fields (portmode RS232 and usb serial disabled) _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 317 of 372...
Page 318 In RS232 half-duplex mode, time in milliseconds between raising RTS and enabling the transmitter. For use with externally UCI: tservd.@port[0].rts_timeout connected V.23 modem. Opt: rts_timeout 30ms Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 318 of 372...
Page 319 Opt: dtr_control_mode port is closed. DTR always on. DTR always off. DTR controlled by the application ontx In HDLC mode DTR is on during frame transmission. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 319 of 372...
Page 320 UCI: tservd.@port[0].dce_tclk_inv Normal. Opt: dce_tclk_inv Invert. Web: Dual X.21 card DCE RCLK Invert Enables X.21 DCE RCLK signal inversion. UCI: tservd.@port[0].dce_rclk_inv Normal. Opt: dce_rclk_inv Invert. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 320 of 372...
Page 321 In this section you can configure the network side of the Terminal Server. Note: the displayed settings vary depending on options selected. Figure 156: The port settings network fields (TCP server mode) _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 321 of 372...
Page 322 UCI: Set to 0 to use kernel defaults. Only displayed if Transport Mode tservd.@port[0].tcp_user_timeout is TCP. Opt: tcp_user_timeout 20000 20 seconds Range 0-65535 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 322 of 372...
Page 323: Terminal Server Using Uci
Table 113: Information table for port settings network section 33.4 Terminal Server using UCI root@VA_router:~# uci show tservd tservd.main=tservd tservd.main.log_severity=0 tservd.main.debug_rx_tx_enable=1 tservd.main.debug_ev_enable=1 tservd.@port[0]=port tservd.@port[0].devName=/dev/ttySC0 tservd.@port[0].remote_ip1=0.0.0.0 tservd.@port[0].remote_ip2=0.0.0.0 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 323 of 372...
Page 324: Terminal Server Using Package Options
TxBlocked (0) TCP Bytes Rx (0) Tx (0) UDP Datagrams Rx (0) Tx (0) TxErrs (0) UDP Bytes Rx (0) Tx (0) Up (0) Down (0) _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 324 of 372...
Page 325 - clear USB serial card statistics tserv start userial rxlog - start USB serial card rx log tserv show userial rxlog <offs> <length> - show USB serial card rx log _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 325 of 372...
Page 326 - show USB serial card CPLD programming status tserv upgrade userial - initiate upgrade of the USB serial card tserv quit - terminate termserv process _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 326 of 372...
Page 327: Configuring A Gre Interface
DHCP or PPP to dial into the provider network. In the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 157: The create interface page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 327 of 372...
Page 328 IP address, TTL, tunnel key and MTU. Advanced Settings 'Bring up on boot' and 'monitor interface state' settings. Firewall settings Assign a firewall zone to the connection. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 328 of 372...
Page 329 Subnet mask, in CIDR notation, to be applied to the tunnel. Typically '30' for point-to-point tunnels. UCI: network.<if name>.mask_length Opt: mask_length Range 0 - 30 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 329 of 372...
Page 330 UCI: network.<if name>.mtu 1472 Opt: mtu Range Table 115: Information table for GRE 34.2.2 GRE connection: common configuration-advanced settings Figure 159: GRE advanced settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 330 of 372...
Page 331 After you have configured the GRE interface, you must configure a static route to route the desired traffic over the GRE tunnel. To do this, browse to Network->Static Routes. For more information, read the chapter ‘Configuring Static Routes’. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 331 of 372...
Page 332: Gre Configuration Using Command Line
‘172.255.255.100’ option ttl '128' option key '1234' option mtu '1472' option auto ‘1’ To change any of the above values use uci set command. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 332 of 372...
Page 333: Gre Diagnostics
UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1465 errors:0 dropped:0 overruns:0 frame:0 TX packets:1465 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:166202 (162.3 KiB) TX bytes:166202 (162.3 KiB) _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 333 of 372...
Page 334 255.255.255.248 U gre-Tunnel1 172.19.101.3 13.13.13.1 255.255.255.255 UGH gre-Tunnel1 Note: a GRE route will only be displayed in the routing table when the interface is up. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 334 of 372...
Page 335: Configuring Multicasting Using Pim And Igmp Interfaces
To configure PIM through the web interface, in the top menu, select Network -> PIM. The PIM page appears. To access the Global settings, click Add. Figure 161: The global settings interface _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 335 of 372...
Page 336: Global Settings
Enable SSM on given interface. UCI: pimd.interface[x].ssm Disabled. Opt: ssm Enabled. Table 118: Information table for interface settings To save your configuration updates, click Save & Apply. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 336 of 372...
Page 337: Configuring Pim And Igmp Using Uci
'yes' option igmp 'no' Alternatively, enter: uci show pimd root@VA_router:/etc/config1# uci show pimd pimd.pimd=routing pimd.pimd.enabled=yes pimd.@interface[0]=interface pimd.@interface[0].enabled=yes pimd.@interface[0].interface=lan pimd.@interface[0].ssm=yes pimd.@interface[0].igmp=yes pimd.@interface[1]=interface pimd.@interface[1].enabled=yes pimd.@interface[1].interface=wan _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 337 of 372...
Page 338 35: Configuring multicasting using PIM and IGMP interfaces _______________________________________________________________________________________________________ pimd.@interface[1].ssm=yes pimd.@interface[1].igmp=no To change any of the above values use uci set command. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 338 of 372...
Page 339: Event System
_______________________________________________________________________________________________________ 36 Event system Virtual Access routers feature an event system. It allows you to forward router events to predefined targets for efficient control and management of devices. This chapter explains how the event system works and how to configure it using UCI commands.
Page 340: Supported Targets
The configuration is composed of a main section and as many forwardings, targets and connection testers as required. 36.7.1 Va_eventd: main section 36.7.1.1 Main using UCI root@VA_router:~# uci show va_eventd va_eventd.main=va_eventd va_eventd.main.enabled=yes va_eventd.main.event_queue_file=/tmp/event_buffer va_eventd.main.event_queue_size=128K _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 340 of 372...
Page 341 To define a forwarding label of Monitor using UCI, enter: va_eventd.Monitor=forwarding In the examples below no forwarding label has been defined. 36.7.3 Forwarding using UCI root@VA_router:~# uci show va_eventd va_eventd.@forwarding[0]=forwarding va_eventd.@forwarding[0].enabled=1 va_eventd.@forwarding[0].className=ethernet _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 341 of 372...
Page 342 UCI: va_eventd.<forwarding Only generate events with the given className and the given label>.eventName eventName. The eventName is optional and can be omitted. Opt: eventName _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 342 of 372...
Page 343 If successful, the event system assumed the connection is valid for a configurable amount of time. 36.7.6.2 Ping connection tester using UCI va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].name=pinger va_eventd.@conn_tester[0].enabled=1 va_eventd.@conn_tester[0].type=ping _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 343 of 372...
Page 344 A link connection tester tests a connection by checking the status of the interface being used. 36.7.6.6 Link connection tester using UCI va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].name=linktest va_eventd.@conn_tester[0].enabled=1 va_eventd.@conn_tester[0].type=link va_eventd.@conn_tester[0].link_iface=eth0 Link connection tester using package options _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 344 of 372...
Page 345 When a syslog target receives an event, it sends it to the configured syslog server. In the examples below no target label has been defined. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 345 of 372...
Page 346 IP Address or FQDN and Port number to send the syslog message label>.target_addr to. If no port is given, 514 is assumed. Format: x.x.x.x:port or FQDN:port Opt: target_addr _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 346 of 372...
Page 347 1 option type email option smtp_addr "smtp.site.com:587" option smtp_user 'john_smith@site.com' option smtp_password 'secret word' option use_tls '0' option tls_starttls '0' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 347 of 372...
Page 348 Source email address. label>.from Opt: from UCI: va_eventd.<target label>.to Destination email address. Opt: to UCI: va_eventd.<target Template to use for the email subject. label>.subject_template Opt: subject_template _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 348 of 372...
Page 349 Enabled. UCI: va_eventd.<target label>.type Must be snmptrap for a snmp target. Opt: type syslog Syslog target email Email target snmptrap SNMP target exec Exec target _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 349 of 372...
Page 350 SNMP target exec Exec target UCI: va_eventd.<target Template of the command to execute. label>.cmd_target Opt: cmd_target Table 128: Information table for exec target settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 350 of 372...
Page 351: Event System Diagnostics
| informat | SMS send success: %{p1} | mobile 9 | SMSSendError | warning | SMS send error: %{p1} | mobile 10 | SMSSent | notice | Sent SMS _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 351 of 372...
Page 352 | ipsec 10 | IPSecDPDTimeOut | informat | IPSec IKE %{p1} DPD timed out | wifi 1 | WiFiConnectedToAP | notice | WiFi %{p1} _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 352 of 372...
Page 353 2 | Adjust | informat | NTP adjust by %{p1} | ntp 3 | QueryTimeout | warning | NTP query to %{p1} timed out. Ne.. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 353 of 372...
Page 354 'yes' option className 'l2tp' option eventName 'CannotFindTunnel' option severity 'debug-critical' option target 'syslog' config forwarding option enabled 'yes' option className 'mobile' option severity 'notice-critical' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 354 of 372...
Page 355 'yes' option type 'syslog' option target_addr '192.168.100.254:514' option conn_tester 'mon_server' config target option name 'email' option enabled 'yes' option type 'email' option smtp_addr '89.101.154.148:465' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 355 of 372...
Page 356 '192.168.100.254' option agent_addr '192.168.100.1' option conn_tester 'mon_server' config target option name 'logit' option enabled 'yes' option type 'exec' option cmd_template 'logger -t eventer %{eventName}' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 356 of 372...
Page 357: Configuring Sla Reporting On Monitor
To enable all devices under a particular reseller for SLA, under the SLA tab, click ON. The user must have admin privileges for any change to be made. If they do not, they will be informed of this fact. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 357 of 372...
Page 358: Configuring Router Upload Protocol
The graphs initially appear in an hourly format. To expand or reduce the time axis, use the appropriate zoom button. To navigate forwards or backwards chronologically, use the right and left arrow buttons. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 358 of 372...
Page 359 To view raw data, click each graph to produce the following information. Figure 167: Raw data information from each graph To change the range of the graph, click zoom. Figure 168: Altered range of graph information _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 359 of 372...
Page 360 SLA Element drop-down menu. If you have not removed any graphs, this drop-down menu is not available. Figure 170: interface showing the add SLA element drop-down menu _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 360 of 372...
Page 361: Generating A Report
Monitor3 Report Generator background service. These reports can then be found in: C:\Monitor\SlaReporting directory. The available frequency of report options in the drop-down list are: Once off • Hourly • Daily • Weekly • _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 361 of 372...
Page 362 Figure 173: Sample from the select devices page Click Continue and then add SLA report elements. Figure 174: Add report elements in the create statistic report _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 362 of 372...
Page 363 To view a report, in the header menu, select Statistic Reports. From the drop down box, select the relevant report and click Generate. The report appears. Figure 175: Example of a completed report _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 363 of 372...
Page 364: Reporting Device Status To Monitor Using Uci
Monitor. To allow Monitor to track the IP address and ongoing presence of the device, a heartbeat SNMP trap is sent by default every minute. The router is capable of sending SNMP in version 1, 2c and 3. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 364 of 372...
Page 365 Opt: snmp_context_eid UCI: monitor.main. snmp_sec_eid snmpv3 security engine ID. Opt: snmp_sec_eid A sample Monitor configuration is shown below. root@VA_router:~# uci show monitor monitor.main=keepalive monitor.main.enable=yes monitor.main.interval_min=1 monitor.main.dev_reference=mikesamazondev _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 365 of 372...
Page 366 'v2' option enable 'yes' option interval_min '1' list monitor_ip '172.16.250.100' option dev_reference 'TEST' option snmp_version '2c' config keepalive 'v3' option enable 'yes' option interval_min '1' _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 366 of 372...
Page 367 'TEST' option snmp_auth_pass 'vasecret' option snmp_auth_proto 'MD5' option snmp_priv_pass 'vasecret' option snmp_priv_proto 'DES' config interface_stats 'stats' option enabled 'yes' option bin_period '1m' option bin_cache_size '1440 _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 367 of 372...
Page 368: Configuring Sla For A Router
38 Configuring SLA for a router SLA reporting works in two parts: 1. The Virtual Access Monitor system server connects via SSH into the router and schedules the task of uploading statistics to Monitor. 2. The Virtual Access router monitors UDP keepalive packets. It creates and stores statistics in bins.
Page 369 UCI: slad.main.max_bin_count Opt: max_bin_count Table 130: Information table for SLA settings When you have made all your configuration changes, click Save & Apply. _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 369 of 372...
Page 370: Configuring Sla For A Router Using Uci
Viewing SLA statistics using UCI To show all available statistic options, enter: root@VA_router:~# sla sla [current] | [all] | [oldest] | [newest] | [newest N] | [range: YYYMMDDHH-YYYYMMDDHH] _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 370 of 372...
Page 371: Virtual Access
To show the newest statistics, enter: root@VA_router: ~# sla newest ---------------------------------------- Bin valid: Start time 01.01.1970 03:32:00 End time 01.01.1970 03:33:00 Pkts In: Pkts Out: Bytes In: _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 371 of 372...
Page 372 Avg Round Trip: 1 ms Min GSM signal quality: -63 dBm Max GSM signal quality: -63 dBm Avg GSM signal quality -63 dBm Availability: 100.00% _____________________________________________________________________________________________________ © Virtual Access 2017 GW3300 Series User Manual Issue: 1.7 Page 372 of 372...