1. Manuals
  2. Brands
  3. virtual access Manuals
  4. Wireless Router
  5. GW2024P-2
  6. User manual

virtual access GW2024P-2 User Manual

Gw2020 series
Hide thumbs
Table of Contents

Advertisement

Quick Links

GW2020 Series User Manual
Issue:
1.4
Date:
12 May 2016

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the GW2024P-2 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for virtual access GW2024P-2

Summary of Contents for virtual access GW2024P-2

  • Page 1 GW2020 Series User Manual Issue: Date: 12 May 2016...

  • Page 2: Table Of Contents

    Configuring the password using UCI ............30 Configuring the password using package options......... 30 Accessing the device using RADIUS authentication ........31 7.10 Accessing the device using TACACS+ authentication ........32 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 2 of 309...
  • Page 3 User management using UCI ..............78 12.13 Configuring user access to specific web pages ......... 79 13 Configuring an Ethernet interface ............... 80 13.1 Configuration packages used ..............80 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 3 of 309...
  • Page 4 Configuration package used ..............127 19.2 Configuring BGP using the web interface ..........127 19.3 Configuring BGP using UCI ..............130 19.4 Configuring BGP using packages options ..........131 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 4 of 309...
  • Page 5 Creating a GRE connection using the web interface ........203 25.3 GRE configuration using command line ............ 207 25.4 GRE configuration using UCI ..............207 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 5 of 309...
  • Page 6 31.5 Terminal Server using package options ............ 272 31.6 Terminal Server diagnostics ..............272 32 Configuring VRF-lite ................. 275 32.1 Configuration package used ..............275 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 6 of 309...
  • Page 7 Configuration package used ..............305 35.2 Configuring SLA for a router using the web interface ......... 305 35.3 Configuring SLA for a router using the UCI interface ........307 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 7 of 309...

  • Page 8: Introduction

    1: Introduction _______________________________________________________________________________________________________ 1 Introduction This user manual describes the features and how to configure a Virtual Access GW2020 Series router. The Virtual Access GW2020 Series routers are arrange of versatile 3G/4G LTE/CDMA450 wireless routers suitable for a variety of business and industrial deployments. The...

  • Page 9: Using This Documentation

    Note: these sections can be given a label for identification when using UCI or package options. network.@route[0]=route network.@route[0].metric=0 can be witten as: network.routename=route network.routename.metric=0 However the documentation usually assumes that a section label is not configured. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 9 of 309...
  • Page 10 Diagnostics are explained at the end of each feature’s chapter. 1.2.4 UCI commands For detailed information on using UCI commands, read chapters ‘Router File Structure’ and ‘Using Command Line Interface’. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 10 of 309...

  • Page 11: Gw2020 Hardware Specification

    • Port 1: ‘/dev/ttySC1’ • Each serial port has a number of configurable settings, such as baud rate, word size, parity, flow control mode, etc. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 11 of 309...
  • Page 12 (From GW2020 Series router) (From GW2020 Series router) Tx/Rx+ In/Out Tx/Rx In/Out 2.3.1.3 Serial ports on the GW2024P-2 Figure 2: Serial ports on the GW2024P-2 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 12 of 309...
  • Page 13 (From GW2024P router) Tx/Rx+ In/Out Tx/Rx+ In/Out Tx/Rx- In/Out Tx/Rx- In/Out 2.3.1.7 Serial ports on the GW2028 Series router Figure 4: Serial ports on the GW2028 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 13 of 309...

  • Page 14: Gsm And Lte Technology

    The GW2020 Series router has three power supply options: 100V-240V AC PSU (standard) • 100V-240V AC PSU with extended temperature support -20°C to +70°C • 10V-30V DC power lead • _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 14 of 309...

  • Page 15: Router Dimensions

    2.5.2 GW2024P Series router The GW2024P-2 router is powered from a 24V AC input and GW2024P-4/GW2024P-8 use a 36V AC input to achieve 2.2 seconds of power hold-up. This enables a last gasp message to be reliably sent on power down.

  • Page 16: Operating Temperature Range

    1 x Ethernet cable. RJ45 connector at both ends. 1 x power supply unit. 1 x rubber right angle antenna. Table 2: GW2020 Series router standard components _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 16 of 309...
  • Page 17 _______________________________________________________________________________________________________ Optional components include: 1 x lockable SIM cover. 1 x extra antenna Virtual Access supplies a wide range of antennas. Please visit our website: www.virtualaccess.com or contact Virtual Access for more information. Table 3:GW2020 Series router optional components 2.10.2 GW2024P Series components 1 x GW2024P Series router (models vary) 1 x Ethernet cable.

  • Page 18: Inserting A Sim Card

    3. Wire the 24/36V AC output to the supplied 2 pin terminal connector. 4. Replace the covers on the AC transformer terminal block. 5. Connect the 24/36V AC output to the GW2024P router. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 18 of 309...

  • Page 19: Reset Button

    You can use recovery mode to manipulate the config files, but should only be used if all other configs files are corrupt. If your router has entered recovery mode, contact your local reseller for access information. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 19 of 309...

  • Page 20: Gw2020 Series Led Behaviour

    Table 7: LED behaviour and descriptions Note: when a data connection does not exist, none of the signal LEDs will light regardless of signal strength. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 20 of 309...

  • Page 21: Gw2020 Ethernet Port Led Behaviour

    Link LED (green) Physical Ethernet link detected. No data is being transmitted/received over the link. ACT LED (amber) Flashing Data is being transmitted/received over the link. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 21 of 309...

  • Page 22: Gw2024P Series Led Behaviour

    The GW2024P Series router has single colour LEDs for power, config, SIM1, and SIM2. When the router is powered on, the LED is green. Figure 7: Main LED activity on the GW2024P-2 Figure 8: Main LED activity on the GW2024P-4...

  • Page 23: Ethernet Led Behaviour

    The possible Ethernet LED states are: • Flashing • • The following table describes the possible LED behaviours and meanings. Link is up. Ethernet Link is down. Flashing Data transfer. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 23 of 309...

  • Page 24: Gw2028 Series Led Behaviour

    Data connection up and signal strength between -89dBm and - 69dBm. Both on Data connection up and signal strength >-69dBm. Table 8: LED behaviour and descriptions _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 24 of 309...

  • Page 25: Ethernet Port Led Behaviour

    (green) Physical Ethernet link detected No data is being transmitted/received over the link ACT LED (amber) Flashing Data is being transmitted/ received over the link _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 25 of 309...

  • Page 26: Factory Configuration Extraction From Sim Card

    6: Factory configuration extraction from SIM card _______________________________________________________________________________________________________ 6 Factory configuration extraction from SIM card Virtual Access routers have a feature to update the factory configuration from a SIM card. This allows you to change the factory configuration of a router when installing the SIM.

  • Page 27: Accessing The Router

    The default settings are shown below. The username and password are case sensitive. In the username field, type root. In the Password field, type admin. Click Login. The Status page appears. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 27 of 309...

  • Page 28: Accessing The Router Over Ethernet Using An Ssh Client

    SCP server. No dedicated SPC client is supported; select the SCP client software of your own choice. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 28 of 309...

  • Page 29: Accessing The Router Over Ethernet Using A Telnet Client

    In the Router Password section, type your new password in the password field and then retype the password in the confirmation field. Scroll down the page and click Save & Apply. Note: the username ‘root’ cannot be changed. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 29 of 309...

  • Page 30: Configuring The Password Using Uci

    If changing the password via the UCI, enter the new password in plain text using the password option. package system config system 'main' option hostname 'VA_router' option hashpassword '$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw option password ‘newpassword’ _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 30 of 309...

  • Page 31: Accessing The Device Using Radius Authentication

    'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' config 'pam_auth' option enabled 'yes' option pamservice 'luci" option pammodule 'auth' option pamcontrol 'sufficient' option type 'radius' servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 31 of 309...

  • Page 32: Accessing The Device Using Tacacs+ Authentication

    TACACS+ authentication can be configured for accessing the router over SSH, web or local console interface. package system config system 'main' option hostname 'VirtualAccess' option timezone 'UTC' config pam_auth option enabled 'yes' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 32 of 309...

  • Page 33: Virtual Access

    'luci' option pammodule 'auth' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' config pam_auth option enabled 'yes' option pamservice 'luci' option pammodule 'account' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 33 of 309...
  • Page 34 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp' config pam_auth option enabled 'yes' option pamservice 'login' option pammodule 'session' option pamcontrol 'sufficient' option type 'tacplus' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 34 of 309...
  • Page 35 The example below explains the syntax. Opt: servers 192.168.0.1:49|secret ' UCI: Additional arguments to pass to TACACS serer. system.@pam_auth[1].args=service=ppp Opt: args Table7: Information table for TACACS authentication _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 35 of 309...

  • Page 36: Ssh

    (unspecified) listens on all interfaces. Range Configured interface names. Web: Port Specifies the listening port of the Dropbear instance. UCI: dropbear.@dropbear[0].Port Opt: port Range 0-65535 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 36 of 309...

  • Page 37: Package Dropbear Using Uci

    Package dropbear using package options root@VA_router:~# uci export dropbear package dropbear config dropbear' option PasswordAuth 'on' option RootPasswordAuth 'on' option Port '22' option GatewayPorts ‘0’ option IdleTimeout ‘30’ _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 37 of 309...

  • Page 38: Certs And Private Keys

    There are two sections defined: Main: this uHTTPd section contains general server settings. Cert: this section defines the default values for SSL certificates. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 38 of 309...
  • Page 39 Bind at port 443 only Opt: list listen_https [::]:443 Range IP address and/or port Web: Home path Defines the server document root. UCI: uhttpd.main.home /www Opt: home Range _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 39 of 309...
  • Page 40 Virtual URL of file of CGI script to handle 404 requests. Must begin with ‘/’ (forward slash). UCI: httpd.main.error_page Opt: error_page Range Web: N/A Does not follow symbolic links if enabled. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 40 of 309...
  • Page 41 'main' list listen_http '0.0.0.0:80' list listen_https '0.0.0.0:443' option home '/www' option rfc1918_filter '1' option cert '/etc/uhttpd.crt' option key '/etc/uhttpd.key' option cgi_prefix '/cgi-bin' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 41 of 309...
  • Page 42 Activation, this must be set to the serial number (Eth0 UCI: uhttpd.commonname MAC address) of the device. Opt: commonname Table 12: Information table for HTTP server certificate settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 42 of 309...

  • Page 43: Basic Authentication (Httpd Conf)

    /etc/shadow or /etc/passwd. If you use $p$… format, uhttpd will compare the client provided password against the one stored in the shadow or passwd database. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 43 of 309...

  • Page 44: Securing Uhttpd

    To get your current LAN IP address, enter: uci get network.lan.ipaddr Then modify the configuration appropriately: uci set uhttpd.main.listen_http='192.168.1.1:80' uci set uhttpd.main.listen_https='192.168.1.1:443' config 'uhttpd' 'main' list listen_http 192.168.1.1:80 list listen_https 192.168.1.1:443 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 44 of 309...

  • Page 45: Configuring Dynamic Dns

    8 Configuring Dynamic DNS 8.1 Overview Dynamic DNS (DDNS) functionality on a Virtual Access router will dynamically perform DDNS updates to a server so it can associate an IP address with a correctly associated DNS name. Users can then contact a machine, router, device and so on with a DNS name rather than a dynamic IP address.

  • Page 46: Dynamic Dns Settings

    UCI: ddns.<name>.username Opt: username Web: Password Defines the password to use for authenticating domain name updates with the selected provider. UCI: ddns.<name>.password Opt: password _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 46 of 309...

  • Page 47: Dynamic Dns Using Uci

    8.4 Dynamic DNS using UCI Dynamic DNS uses the ddns package /etc/config/ddns 8.4.1 UCI commands for DDNS root@VA_router:~# uci show ddns ddns.ddns1=service ddns.ddns1.enabled=1 ddns.ddns1.service_name=dyndns.org ddns.ddns1.domain=fqdn_of_interface ddns.ddns1.username=testusername ddns.ddns1.password=testpassword _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 47 of 309...
  • Page 48 'test' option password 'test' option ip_source 'network' option ip_network 'dsl0' option check_interval '10' option check_unit 'minutes' option force_interval '72' option force_unit 'hours' option interface 'dsl0' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 48 of 309...

  • Page 49: System Settings

    Configure the router’s web language and style. Time synchronization Configure the NTP server in this section. 9.2.1 General settings Figure 23: General settings in system properties _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 49 of 309...
  • Page 50 External syslog server IP address. UCI: system.main.log_ip Range Opt: log_ip 0.0.0.0 Web: External system log server port External syslog server port number. UCI: system.main.log_port Range Opt: log_port _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 50 of 309...
  • Page 51 Opt: log_type Table 15: Information table for the logging section 9.2.3 Language and style Figure 25: The language and style section in system properties _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 51 of 309...

  • Page 52: System Reboot

    In the top menu, select System -> Reboot. The System page appears. Ensure you have saved all your configuration changes before you reboot. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 52 of 309...

  • Page 53: System Settings Using Uci

    'system' config 'system' 'main' option 'hostname' "VA_router" option 'timezone' "UTC" option 'log_ip' "1.1.1.1" option 'log_port' "514" option time_save_interval_min "10" option conloglevel '8' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 53 of 309...

  • Page 54: System Diagnostics

    To stop this option, type fg to view the current jobs, then press ctrl-c to kill those jobs. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 54 of 309...
  • Page 55 Shows end of the events stored flash. root@VA_router:~# tail –f /root/syslog.messages & Shows the log on an ongoing basis. To stop this option, press ctrl-c. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 55 of 309...

  • Page 56: Upgrading Router Firmware

    10 Upgrading router firmware 10.1 Upgrading firmware using the web interface Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab > Backup/Flash Firmware. The Flash operations page appears.

  • Page 57: Upgrading Firmware Using Cli

    To connect to your TFTP server, enter atftp x.x.x.x (where x.x.x.x is the IP of your PC). Press Enter. While in the TFTP application to get the image, enter: get GIG-15.00.38.image _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 57 of 309...
  • Page 58 To set the next image to boot to the alternative image, enter: vacmd set next image altimage For your configuration changes to apply, you must reboot your router. Enter: reboot _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 58 of 309...

  • Page 59: Using The Command Line Interface

    11: Using the Command Line Interface _______________________________________________________________________________________________________ 11 Using the Command Line Interface This chapter explains how to view Virtual Access routers' log files and edit configuration files using a Command Line Interface (CLI) and the Unified Configuration Interface (UCI) system.
  • Page 60 0 Jul 3 11:37 usr lrwxrwxrwx 1 root root 4 Jul 16 2012 var -> /tmp drwxr-xr-x 4 root root 67 Jul 16 2012 www _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 60 of 309...
  • Page 61 444 S -ash 374 root 344 R ps ax 375 root 400 S /bin/sh /sbin/hotplug button 384 root 396 R /bin/sh /sbin/hotplug button 385 root [keventd] _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 61 of 309...

  • Page 62: Using Unified Configuration Interface (Uci)

    <config>[.<section>[.<option>]] Options: -c <path> set the search path for config files (default: /etc/config) -d <str> set the delimiter for list values in uci show _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 62 of 309...
  • Page 63 <config>.<section>[.<option>]=<name> given name. Deletes staged changes to the given option, revert <config>[.<section>[.<option>]] section or configuration file. Table 18: Common commands, target and their descriptions _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 63 of 309...
  • Page 64 To show the configuration ‘tree’ for a given config, enter: root@VA_router:/# uci show network network.loopback=interface network.loopback.ifname=lo network.loopback.proto=static network.loopback.ipaddr=127.0.0.1 network.loopback.netmask=255.0.0.0 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 64 of 309...
  • Page 65 11.2.4 Display just the value of an option To display a specific value of an individual option within a package, enter: root@VA_router:~# uci get httpd.@httpd[0].port root@VA_router:~# _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 65 of 309...
  • Page 66 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 66 of 309...

  • Page 67: Configuration Files

    11.3 Configuration files The table below lists common package configuration files that can be edited using uci commands. Other configuration files may also be present depending on the specific options available on the Virtual Access router. File Description Management /etc/config/autoload...
  • Page 68 It is important to note that identifiers and config file names may only contain the characters a-z, A-Z, 0-9 and _. However, option values may contain any character, as long they are properly quoted. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 68 of 309...

  • Page 69: Management Configuration Settings

    12.2 Monitor Monitor is a Virtual Access proprietary tool, based on SNMP protocol, to monitor wide networks of deployed routers. The router will be configured to send information to Monitor, which is then stored and viewed centrally via the Monitor application. This includes features such as traffic light availability status, syslog and SLA monitoring.

  • Page 70: Autoload Packages

    In the top menu, select Services ->Autoload. The Autoload page has two sections: Basic Settings and Entries. Click Add to access configuration settings for each section. Figure 32: The autoload settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 70 of 309...
  • Page 71 Notifies activator sequence is complete. Opt: RemoteFilename $$ ini Request configuration $$ img Request firmware Note: $$.vas should always be requested last. Table 19: Information table for autoload _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 71 of 309...

  • Page 72: Autoload Using Uci

    'core' 'main' option 'Enabled' "yes" option 'StartTimer' "10" option 'RetryTimer' "30" option 'NumberOfRetries' "5" option 'BackoffTimer' "15" option 'BootUsingConfig' "altconfig" option 'BootUsingImage' "altimage" config 'entry' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 72 of 309...

  • Page 73: Http Client: Configuring Activation Using The Web Interface

    To configure HTTP Client for Activator, in the top menu, click Services -> HTTP Client. The HTTP Client page has two sections: Basic Settings and Advanced Settings. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 73 of 309...
  • Page 74 Opt: SecureDownload Disabled. Advanced settings Web: ActivatorDownloadPath Specifies the URL on Activator to which the client should send requests. UCI: httpclient.default.ActivatorDownloadPath /Activator/Sessionle ss/Httpserver.asp Opt: ActivatorDownloadPath Range _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 74 of 309...

  • Page 75: Httpclient: Activator Configuration Using Uci

    10.1.83.37:80 httpclient.default.SecureFileServer=10.1.83.36:443 10.1.83.37:443 httpclient.default.ActivatorDownloadPath=/Activator/Sessionless/Httpserver. httpclient.default.SecureDownload=no httpclient.default.PresentCertificateEnabled=no httpclient.default.ValidateServerCertificateEnabled=no httpclient.default.CertificateFile=/etc/httpclient.crt httpclient.default.CertificateFormat=PEM httpclient.default.CertificateKey=/etc/httpclient.key Httpclient: Activator configuration package options example root@VA_router:~# uci export httpclient package httpclient config core 'default' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 75 of 309...

  • Page 76: User Management Using Uci

    Web: n/a Specifies web access permissions for the user. Note: webuser will only work if linuxuser is set to Enabled. UCI: management_users.@user[x].webuser Disabled. Opt: webuser Enabled. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 76 of 309...

  • Page 77: Configuring The Management User Password Using Uci

    The new password will take effect after reboot and will now be displayed in encrypted format through the hashpassword option. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 77 of 309...

  • Page 78: Configuring Management User Password Using Package Options

    User management using package options root@VA_router:~# uci export management_users package management_users config user option enabled ‘1’ _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 78 of 309...

  • Page 79: Configuring User Access To Specific Web

    To specify monitor widgets only, enter: listallowed_pages 'monitor/<widgetname>' Example widget names are: dhcp, arp, 3gstats, interfaces, memory, multiwan, network, openvpn, routes, system, ipsec, dmvpn, tservd. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 79 of 309...

  • Page 80: Configuring An Ethernet Interface

    To create and edit interfaces via the web interface, in the top menu, click Network -> Interfaces. The Interfaces overview page appears. Figure 34: The interfaces overview page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 80 of 309...
  • Page 81 To create a new interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 35: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 81 of 309...
  • Page 82 'Bring up on boot', 'Monitor interface state', Override MAC address, Override MTU and 'Use gateway metric' Physical Settings Bridge interfaces, VLAN PCP to SKB priority mapping, Firewall settings Assign a firewall zone to the interface _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 82 of 309...
  • Page 83 Web: IPv6 gateway Assign given IPv6 default gateway to this interface (optional). UCI: network.<if name>.ip6gw Opt: ip6gw Table 23: Information table for LAN interface common configuration settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 83 of 309...
  • Page 84 Opt: metric Range Table 24: Information table for common configuration advanced settings 13.2.3.3 Common configuration: physical settings Figure 37: The Common configuration physical settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 84 of 309...
  • Page 85 Figure 38: GRE firewall settings 13.2.4 Interface overview: IP-aliases IP aliasing is associating more than one IP address to a network interface. You can assign multiple aliases. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 85 of 309...
  • Page 86 The IP Aliases configuration options page appears. The IP-Alias is divided into two sub sections – general setup and advanced. 13.2.4.3 IP-aliases: general setup Figure 40: The IP-aliases general setup section _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 86 of 309...
  • Page 87 13.2.5 Interface overview: DHCP server 13.2.5.1 DHCP server: packages Package Sections dhcp dhcp To assign a DHCP Server to the interface, click Setup DHCP Server. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 87 of 309...
  • Page 88 Defines the lease time of addresses handed out to clients, for example 12h or 30m. UCI: dhcp.@dhcp[x].leasetime 12 hours Opt: leasetime Range Table 29: Information table for DHCP server general setup page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 88 of 309...

  • Page 89: Interface Configuration Using Uci

    13.3 Interface configuration using UCI The configuration files are stored on /etc/config/network, /etc/config/firewall and /etc/config/dhcp root@VA_router:~# uci show network ….. network.newinterface=interface network.newinterface.proto=static network.newinterface.ifname=eth0 network.newinterface.monitored=0 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 89 of 309...
  • Page 90 To change any of the above values use uci set command. 13.3.1 Interface common configuration using package options The configuration files are stored on /etc/config/network, /etc/config/firewall and /etc/config/dhcp root@VA_router:~# uci export network package network …… _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 90 of 309...
  • Page 91 'lan newinterface' root@VA_router:~# uci export dhcp package dhcp …… config dhcp option start '100' option leasetime '12h' option limit '150' option interface 'newinterface' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 91 of 309...

  • Page 92: Configuring Port Maps

    Ethernet switch physical port to logical interface mappings, go to the Port Map section at Network->Interfaces. Figure 45: The Interface port map section _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 92 of 309...
  • Page 93 To change any of the above values use uci set command. 13.5.3 Configuring port map using package options The configuration files are stored on /etc/config/network root@VA_router:~# uci export network ….. config va_switch option eth0 'A' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 93 of 309...

  • Page 94: Interface Diagnostics

    TX bytes:77306 (75.4 KiB) Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:385585 errors:0 dropped:0 overruns:0 frame:0 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 94 of 309...

  • Page 95: Route Status

    Gateway Genmask Flags Metric Ref Iface 192.168.100.0 255.255.255.0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 95 of 309...

  • Page 96: Dhcp Server And Dns Configuration (Dnsmasq)

    In the top menu, select Network -> DHCP and DNS. The DHCP and DNS page appears. There are three sections: Server Settings, Active Leases, and Static Leases. Figure 46: The DHCP and DNS page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 96 of 309...
  • Page 97 Opt: list rebind_domain No list configured. Range Table 32: Information table for general server settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 97 of 309...
  • Page 98 Defines local host’s files. When using UCI multiple servers should be entered with a space between them. UCI: dhcp.@dnsmasq[0].addnhosts Opt: list addnhosts Table 33: Information table for resolv and host files section _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 98 of 309...
  • Page 99 Defines the filename of the boot image advertised to clients. This specifies BOOTP options, in most cases just the file name. UCI: dhcp.@dnsmasq[0].dhcp_boot Opt: dhcp_boot Table 34: Information table for TFTP settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 99 of 309...
  • Page 100 Defines whether to uses IP address to match the incoming interface if multiple addresses are assigned to a host name in UCI: dhcp.@dnsmasq[0].localise_queries /etc/hosts. Opt: localise_queries Enabled. Disabled. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 100 of 309...
  • Page 101 Opt: dnsforwardmax Range Table 35: Information table for advanced settings 14.2.5 Active leases This section displays all currently active leases. Figure 50: The active leases section _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 101 of 309...

  • Page 102: Static Leases

    Web: IPv4 Address The IPv4 address specifies the fixed address to use for this host.. UCI: dhcp.@host[0].ip Opt: ip Table 37: Information table for static leases _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 102 of 309...

  • Page 103: Configuring Dhcp And Dns Using Uci

    2.2.2.2 dhcp.@dnsmasq[0].rebind domain=tes.domain dhcp.@dnsmasq[0].enable_tftp=0 dhcp.@dnsmasq[0].tftp_root=/tmp/tftp dhcp.@dnsmasq[0].dhcp_boot=boot.image _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 103 of 309...
  • Page 104 'boot.image' option filterwin2k '1' option nonegcache '1' option strictorder '1' list bogusnxdomain '1.1.1.1 ' list bogusnxdomain '2.2.2.2' option port '53' option dhcpleasemax '150' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 104 of 309...

  • Page 105: Configuring Dhcp Pools Using Uci

    'dhcp' 'lan' option 'interface' 'lan' option 'start' '100' option 'limit' '150' option 'leasetime' '12h' option ignore _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 105 of 309...

  • Page 106: Configuring Static Leases Using Uci

    You can assign fixed IP addresses to hosts on your network, based on their MAC (hardware) address. root@VA_router:~# uci show dhcp.mypc dhcp.mypc=host root@VA_router:~# uci show dhcp.mypc dhcp.mypc.ip=192.168.1.2 dhcp.mypc.mac=00:11:22:33:44:55 dhcp.mypc.name=mypc _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 106 of 309...
  • Page 107 '00:11:22:33:44:55' option name 'mypc' This adds the fixed IP address 192.168.1.2 and the name "mypc" for a machine with the (Ethernet) hardware address 00:11:22:33:44:55. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 107 of 309...

  • Page 108: Configuring Vlan

    15:Configuring VLAN _______________________________________________________________________________________________________ 15 Configuring VLAN 15.1 Maximum number of VLANs supported Virtual Access’ routers support up to 4095 VLANs. 15.2 Configuration package used Package Sections Network 15.3 Configuring VLAN using the web interface 15.3.1 Create a VLAN interface To configure VLAN using the web interface, in the top menu, select Network - >Interfaces.
  • Page 109 Table 39: Information table for the create interface page Click Submit. The Interfaces page for VLAN1 appears. 15.3.2 General setup: VLAN Figure 53: The VLAN 1 interface page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 109 of 309...
  • Page 110 Figure 54: Firewall settings page When you have added all the VLAN interfaces you require, click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 110 of 309...

  • Page 111: Viewing Vlan Interface Settings

    When specifying the ifname ensure that it is written in dotted mode, that is, eth1.100 where eth1 is the physical interface assigned to VLAN tag 100. Note: VLAN1 is, by default the native VLAN and will not be tagged. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 111 of 309...

  • Page 112: Qos: Vlan 802.1Q Pcp Tagging

    16.1 Configuring VLAN PCP tagging Virtual Access routers have the capability to respect and set PCP priority values inside 802.1Q VLAN tagged frames. The following partial export of network configuration shows how to configure VLAN priorities for specific interfaces (VLANs).
  • Page 113 Any frames received on VLAN4 destined to VLAN2 with PCP priority set to 0 will • have a priority of 5 set as they leave the router on VLAN4. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 113 of 309...
  • Page 114 ‘vlan_qos_map_egress’ and are destined to tagged interface, 802.1Q tag will be created with a default priority of 0 and then the priority will be set according to the PCP value specified as the frames leave port. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 114 of 309...

  • Page 115: Qos: Type Of Service

    17: QoS: type of service _______________________________________________________________________________________________________ 17 QoS: type of service Virtual Access routers are capable of implementing quality of service configurations on a per interface basis, which allows traffic prioritisation based on type of service criteria parameters. 17.1 QoS configuration overview...

  • Page 116: Network Configuration

    Table 41: Information table for QoS page To add classification rules, click Add. TheClassification Rules section appears. Configure each classification rule with the following parameters. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 116 of 309...

  • Page 117: Configuring Qos Using Uci

    You can also configure QoS using UCI. The configuration file is stored on: /etc/config/qos 17.4.1 Interface Defines the interface on which configured QoS settings will take place. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 117 of 309...
  • Page 118 17.4.2 Classgroup As there is more than one interface you can have more than one classgroup. config classgroup 'Default' option classes 'Express Normal' option default 'Normal' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 118 of 309...
  • Page 119 Specifies priority for the class in %. Opt: priority UCI: qos.Express.limitrate=10 Defines to how many % of the available bandwidth this class is capped to. Opt: limitrate _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 119 of 309...
  • Page 120 'udp' UCI/Package Option Description UCI: qos.@classify[0]=classify Part of classify rule. Opt: classify UCI: qos.@classify[0].target=Express Specifies target class. Opt: target UCI: qos.@classify[0].proto=udp Specifies protocol. Opt: proto _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 120 of 309...

  • Page 121: Example Qos Configurations

    'Express' option packetsize '1000' option maxsize '800' option avgrate '50' option priority '10' option limitrate '10' config classify option target 'Express' option proto 'udp' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 121 of 309...

  • Page 122: Configuring Static Routes

    In the top menu, select Network -> Static Routes. The Routes page appears. Figure 59: The routes page In the IPv4 Routes section, click Add. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 122 of 309...

  • Page 123: Configuring Ipv6 Routes Using The Web Interface

    UCI: network.@route[1].mtu Empty Opt:mtu Range Table 44: Information table for IPv6 routes When you have made your changes, click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 123 of 309...

  • Page 124: Configuring Routes Using Command Line

    The command line example routes in the subsections below do not have a configured name. root@VA_router:~# uci show network network.@route[0]=route network.@route[0].interface=lan network.@route[0].target=3.3.3.10 network.@route[0].netmask=255.255.255.255 network.@route[0].gateway=10.1.1.2 network.@route[0].metric=3 network.@route[0].mtu=1400 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 124 of 309...

  • Page 125: Ipv4 Routes Using Package Options

    IPv6 routes using packages options root@VA_router:~# uci export network package network …. config route option interface 'lan' option target '2001:0DB8:100:F00:BA3::1/64' option gateway '2001:0DB8:99::1' option metric ‘1’ option mtu '1500' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 125 of 309...

  • Page 126: Static Routes Diagnostics

    Gateway Genmask Flags Metric Ref Iface 192.168.100.0 255.255.255.0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 126 of 309...

  • Page 127: Configuring Bgp (Border Gateway Protocol)

    In the top menu, select Network -> BGP. BGP configuration page appears. The page has three sections: Global Settings, BGP Neighbours and BGP Route Map. Figure 60: BGP page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 127 of 309...
  • Page 128 Type in a name for the BGP route map name and then click Add. The ROUTEMAP configuration section appears. You can configure multiple route maps. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 128 of 309...
  • Page 129 Defines the set value when a match occurs. Value format depends on the set option you have selected. UCI: bgpd.ROUTEMAP.set Opt: set Table 46: Information table for routemap _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 129 of 309...

  • Page 130: Configuring Bgp Using Uci

    You can also configure BGP using UCI. The configuration file is stored on /etc/config/bgpd root@VA_router:~# uci show bgpd bgpd.bgpd=routing bgpd.bgpd.enabled=yes bgpd.bgpd.router_id=3.3.3.3 bgpd.bgpd.asn=1 bgpd.bgpd.network=11.11.11.0/29 192.168.103.1/32 bgpd.@peer[0]=peer bgpd.@peer[0].route_map_in=yes bgpd.@peer[0].ipaddr=11.11.11.1 bgpd.@peer[0].asn=1 bgpd.@peer[0].route_map=ROUTEMAP bgpd.ROUTEMAP=routemap _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 130 of 309...

  • Page 131: Configuring Bgp Using Packages Options

    'ROUTEMAP' config routemap 'ROUTEMAP' option order '10' option permit 'yes' option match_type 'ip address' option match '192.168.101.1/32' option set_type 'ip next-hop' option set '192.168.101.2/32' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 131 of 309...

  • Page 132: View Routes Statistics

    To view routes via the command line, enter: root@support:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Iface 10.1.0.0 0.0.0.0 255.255.0.0 0 br- lan2 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 132 of 309...

  • Page 133: Configuring A Mobile Connection

    To create a new mobile interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 65: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 133 of 309...
  • Page 134 Advanced Settings Setup more indept features such as initionalization timeout, LCP echo failure thresholds and inactivity timeouts. Firewall settings Assign a firewall zone to the connection. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 134 of 309...
  • Page 135 GSM module will automatically detect the best available technology code. Web: Operator PLMN code Specifies an operator code to force the connection to a particular carrier. UCI: network.3G.operator Opt: operator _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 135 of 309...
  • Page 136 Enabled if status of interface is presented on Monitoring platform. UCI: network.3G.monitored Opt: monitored Web: Enable IPv6 negotiation on the PPP Enables IPv6 routing on the interface. link UCI: network.3G.ipv6 Opt: ipv6 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 136 of 309...
  • Page 137 Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it. Figure 68: Firewall settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 137 of 309...

  • Page 138: Configuring A Mobile Connection Using Uci

    Mobile status using UCI To display information and status of mobile interfaces such as 3G, 4G or CDMA, enter: root@VA_router:~# cat /var/state/mobile mobile.3g_1_1_1=status mobile.3g_1_1_1.auto_info=/etc/3g_1-1.1.auto mobile.3g_1_1_2=status mobile.3g_1_1_2.auto_info=/etc/3g_1-1.2.auto mobile.3g_1_1_1.sim_slot=1 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 138 of 309...
  • Page 139 Home network mobile.3g_1_1_1.reg_code_pkt=1 mobile.3g_1_1_1.area=FFFE mobile.3g_1_1_1.cell=189150A mobile.3g_1_1_1.tech=7 mobile.3g_1_1_1.technology=E-UTRAN mobile.3g_1_1_1.operator=0,0,"Vodafone",7 mobile.3g_1_1_1.sim1_iccid=89460127120912066226 mobile.3g_1_1_2.sim_slot=1 mobile.3g_1_1_2.sim_in=yes mobile.3g_1_1_2.operator="Vodafone" mobile.3g_1_1_2.cdma_roaming=Not Roaming mobile.3g_1_1_2.cdma_roaming_code=0 mobile.3g_1_1_2.cdma_srvmode=EVDO Rev B mobile.3g_1_1_2.cdma_srvmode_code=5 mobile.3g_1_1_2.cdma_total_drc=0.0 kbps mobile.3g_1_1_2.cdma_carr_cnt=2 mobile.3g_1_1_2.cdma_rx0=78 mobile.3g_1_1_2.sig_dbm=nan mobile.3g_1_1_2.cdma_rx1=105 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 139 of 309...

  • Page 140: Configuring Mobile Manager

    Roaming template 21.2 Configuring mobile manager using the web interface Select Services -> Mobile Manager. The Mobile Manager page appears. Figure 70: The mobile manager page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 140 of 309...

  • Page 141: Configuring Mobile Manager Using Uci

    The following example shows how to enable the SMS functionality to receive and respond from certain caller ID numbers. uci set mobile.main=mobile uci set mobile.main.sim1pin=0000 uci set mobile.main.sim2pin=0000 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 141 of 309...
  • Page 142 'vasupport' option number '353871234567' option enabled 'yes' option respond 'yes' config caller option name 'vasupport1' option number '353872345678' option enabled 'yes' option respond 'yes' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 142 of 309...

  • Page 143: Configuring A Roaming Interface Template Via The Web Interface

    An example would be to SMS the SIM card number by typing the following command on the phone and checking the SMS received from the router. uci show mobile.@caller[0].number _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 143 of 309...

  • Page 144: Configuring Multi-Wan

    22.2 Configuring Multi-WAN using the web interface In the top menu, select Network -> Multi-Wan. The Multi-WAN page appears. Figure 72: The multi-WAN page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 144 of 309...
  • Page 145 In the WAN interfaces section, enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters appears. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 145 of 309...
  • Page 146 22: Configuring Multi-WAN _______________________________________________________________________________________________________ Figure 73: Example interface showing failover traffic destination as the added multi-WAN interface _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 146 of 309...
  • Page 147 UCI: multiwan.wan.priority Opt: priority Range Web: Manage Interface State (Up/Down) Defines whether multi-wan will start and stop the interface. UCI: multiwan.wan.manage_state Enabled. Opt: manage_state Disabled. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 147 of 309...
  • Page 148 Tech values are: GSM Compact UTRAN GSM w/EGPRS UTRAN w/HSPDA UTRAN w/HSUPA UTRAN w/HSUPA and HSDPA E-UTRAN Table 53: Information table for multi-WAN interface page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 148 of 309...

  • Page 149: Multi-Wan Traffic Rules

    '3' option health_recovery_retries '5' option priority '2' option manage_state 'yes' option exclusive_group '0' option ifup_retry_sec '40' option icmp_hosts 'disable' option icmp_interval ‘1’ option timeout ‘3’ _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 149 of 309...

  • Page 150: Multi-Wan Diagnostics

    The uci configuration file /etc/config/multiwan is provided as part of the multi-WAN package. The multi-WAN package is linked to the network interfaces within /etc/config/network. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 150 of 309...
  • Page 151 'dns' option timeout '3' option health_fail_retries '3' option health_recovery_retries '5' option priority '2' option manage_state 'yes' option exclusive_group '0' option ifup_retry_sec '300' option ifup_timeout_sec '40' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 151 of 309...
  • Page 152 CLI). Enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters will appear. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 152 of 309...

  • Page 153: Automatic Operator Selection

    23 Automatic operator selection This section describes how to configure and operate the Automatic Operator Selection feature of a Virtual Access router. When the roaming SIM is connected, the radio module has the ability to scan available networks. The router, using mobile and multi-WAN packages, finds available networks to create and sort interfaces according to their signal strength.
  • Page 154 23.2.1.3 Create a primary predefined interface In the web interface top menu, go to Network ->Interfaces. The Interfaces page appears. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 154 of 309...
  • Page 155 Type the short operator name in lower case, for example: Operator name First four alphanumeric numbers Vodafone UK voda O2 – UK o2uk Orange oran _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 155 of 309...
  • Page 156 UCI: network.[..x..].ifname Opt: ifname Table 54: Information table for the create interface page Click Submit. The Common Configuration page appears. Figure 77: The common configuration page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 156 of 309...
  • Page 157 Click the link if you need to configure additional options from Mobile Manager. UCI: N/A Opt: N/A Table 55: Information table for the general set up section Click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 157 of 309...
  • Page 158 Figure 78: The multi-WAN page In the WAN Interfaces section, type in the name of the Multi-WAN interface. Click Add. The Multi-WAN page appears. Figure 79: The multi-WAN page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 158 of 309...
  • Page 159 Wait 3 seconds for ping reply Opt: timeout Range Web: Health Monitor ICMP Interval Defines the interval between multiple pings sent at each health check UCI: multiwan.wan.icmp_interval Opt: icmp_interval Range _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 159 of 309...
  • Page 160 Uses the UCI: multiwan.[..x..].ecio_threshold value stored for ecio_db in mobile diagnostics. Opt: ecio_threshold -115 Disabled Range -46 to -115 dB _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 160 of 309...
  • Page 161 23.2.2 Set options for automatically created interfaces (failover) From the top menu on the web interface page, select Services ->Mobile Manager. The Mobile Manager page appears. Figure 80: The mobile manager page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 161 of 309...
  • Page 162 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 58: Information table for caller settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 162 of 309...
  • Page 163 Enabled. Opt: sort_sig_strength Web: Roaming SIM Sets in which slot to insert roaming SIM card. UCI: mobile.main.roaming_sim SIM slot 1. Opt: roaming_sim SIM slot 2. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 163 of 309...
  • Page 164 Wait 3 seconds for ping reply Range Web: Attempts Before WAN Failover Defines the number of health check failures before interface is disconnected. UCI: mobile.@roaming_template[1].health_fail _retries Range Opt: health_fail_retries _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 164 of 309...
  • Page 165 PMP interface. The primary interface will be reconnected when the current auto-created interface fails multiwan health checks after expiration of the ifup_retry_sec timer. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 165 of 309...
  • Page 166 The network that offers the best signal strength will be the first to connect. Multi-WAN then controls the failover between the available networks. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 166 of 309...
  • Page 167 Web: HDR Auto User ID AN-PPP user ID. Supported on Cellient (CDMA) modem only. UCI: mobile.main.hdr_userid blank Opt: hdr_userid range Table 60: Information table for mobile manager basic settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 167 of 309...
  • Page 168 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 61: Information table for mobile manager caller settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 168 of 309...
  • Page 169 Opt: sort_sig_strength Web: Roaming SIM Sets which slot to insert roaming SIM card. UCI: mobile.main.roaming_sim SIM slot 1. Opt: roaming_sim SIM slot 2. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 169 of 309...
  • Page 170 Sets the number of health check passes before the interface is considered healthy. This field is not used for a roaming template. UCI: mobile.@roaming_template[0].health_rec overy_retries Opt: health_recovery_retries _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 170 of 309...
  • Page 171 23.2.7.1 Set multi-WAN operation From the top menu, select Network -> Multi-Wan. The Multi-WAN page appears. Figure 86: The multi-WAN page In the Multi-WAN section click Add. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 171 of 309...

  • Page 172: Configuring Via Uci

    '255.0.0.0' config interface 'lan' option ifname 'eth0' option proto 'static' option ipaddr '192.168.100.1' option netmask '255.255.255.0' config interface '3g_s1_voda' option auto '0' option proto '3g' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 172 of 309...
  • Page 173 /etc/config/mobile. To view the mobile configuration file, enter:root@VA_router:~# uci export mobile config mobile 'main' option sms 'yes' option roaming_sim '1' option init_get_iccids 'no' config caller _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 173 of 309...
  • Page 174 'yes' To view the uci command of package mobile, enter: root@VA_router:~#uci show mobile mobile.main=mobile mobile.main.sms=yes mobile.main.roaming_sim=1 mobile.main.init_get_iccids=no mobile.@caller[0]=caller mobile.@caller[0].name=Test mobile.@caller[0].number=* mobile.@caller[0].enabled=yes mobile.@caller[0].respond=yes mobile.@roaming_template[0]=roaming_template mobile.@roaming_template[0].roaming_sim=1 mobile.@roaming_template[0].firewall_zone=wan _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 174 of 309...
  • Page 175 '-95' option ifup_retry_sec '350' option ifup_timeout_sec '180' option manage_state '1' To view the uci command of package multiwan, enter: root@VA_router:~# uci show multiwan _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 175 of 309...

  • Page 176: Configuring No Pmp + Roaming Using Uci

    /etc/config/mobile. To view the mobile package, enter: root@VA_router:~# uci export mobile package mobile config mobile 'main' option sms 'yes' option roaming_sim '1' option debug '1' config caller option name 'Eval' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 176 of 309...
  • Page 177 '3' To view the mobile package via uci commands, enter: root@VA_router:~# uci show mobile mobile.main=mobile mobile.main.sms=yes mobile.main.roaming_sim=1 mobile.main.debug=1 mobile.@caller[0]=caller mobile.@caller[0].name=Eval mobile.@caller[0].number=* mobile.@caller[0].enabled=yes mobile.@caller[0].respond=yes mobile.@roaming_template[0]=roaming_template mobile.@roaming_template[0].roaming_sim=1 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 177 of 309...
  • Page 178 'config' option enabled 'yes' option preempt 'no' option alt_mode 'no' To see multiwan package via uci, enter: root@VA_router:~# uci show multiwan multiwan.config=multiwan multiwan.config.enabled=yes multiwan.config.preempt=no multiwan.config.alt_mode=no _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 178 of 309...

  • Page 179: Automatic Operator Selection Diagnostics Via The Web Interface

    Figure 88: The status page: multi-WAN status section page 23.6 Automatic operator selection diagnostics via UCI To check interfaces created in the multi-WAN package, enter: root@VA_router:~# cat /var/const_state/multiwan _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 179 of 309...
  • Page 180 Figure 89: Output from the command: cat /var/const_stat/multiwan To check interfaces created in the network package, enter: root@VA_router:~# cat /var/const_state/network Figure 90: Output from the command cat /var/const_state/network _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 180 of 309...
  • Page 181 Automatic operator selection _______________________________________________________________________________________________________ To check the status of the interface you are currently using, enter: root@VA_router:~# cat /var/const_state_/mobile Figure 91: Output from the command cat /vat/const_state_/mobile _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 181 of 309...

  • Page 182: Configuring Ipsec

    If you need to create an IPSec template for DMVPN, read the chapter ‘Dynamic Multipoint Virtual Private Network (DMVPN)’. The number of IPSec tunnels supported by Virtual Access’ routers is not limited in any way by software; the only hardware limitation is the amount of RAM installed on the device.
  • Page 183 Debug enabled. Most verbose logging also includes sensitive information such as keys. Table 64: Information table for IPSec common settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 183 of 309...
  • Page 184 24: Configuring IPSec _______________________________________________________________________________________________________ 24.2.2 Configure connection settings Figure 93: The connections settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 184 of 309...
  • Page 185 Defines the Subnet of remote LAN. UCI: strongswan.@connection[X]. remotelanmask Opt:remotelanmask Web: Local Protocol Restricts the connection to a single protocol on the local side. UCI: strongswan.@connection[X].localproto Opt: localproto _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 185 of 309...
  • Page 186 3des aes128 aes256 serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is aes128-sha-modp1536. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 186 of 309...
  • Page 187 UCI: strongswan.@connection[X].keyringtries for one, before giving up. The value %forever means 'never Opt: keyringtries give up'. Relevant only locally, other end need not agree on _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 187 of 309...
  • Page 188 Defines the local address this secret applies to. UCI: strongswan.@secret[X].localaddress Opt: localaddress Web: ID selector Defines the remote address this secret applies to. UCI: strongswan.@secret[X]. remoteaddress Opt: remoteaddress _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 188 of 309...

  • Page 189: Configuring Ipsec Using Uci

    'yes' option strictcrlpolicy 'no' option uniqueids 'yes' option cachecrls 'no' option debug 'none' 24.3.2 Connection settings touch /etc/config/strongswan uci add strongswan connection uci set strongswan.@connection[0].ikelifetime=3h _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 189 of 309...
  • Page 190 '1h' option rekeymargin '9m' option keyingtries '3' option dpddelay '30s' option dpdtimeout '150s' option enabled 'yes' option name '3G_Backup' option auto 'start' option type 'tunnel' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 190 of 309...

  • Page 191: Shunt Connection

    This will create the following output: config connection option name 'local' option enabled 'yes' option locallan '10.1.1.1' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 191 of 309...
  • Page 192 If xauth is defined as the authentication method then you must include an additional config secret section, as shown in the example below. # Commands to add a secret for xauth auth touch /etc/config/strongswan _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 192 of 309...

  • Page 193: Configuring An Ipsec Template For Dmvpn Via The Web Interface

    Connection Settings Together, these sections define the required parameters for a two-way IKEv1 tunnel. Secret Settings 24.4.1 Configure common settings Figure 95: The common settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 193 of 309...
  • Page 194 Local LAN IP Address Mask • Remote LAN IP Address • Remote LAN IP Address Mask • Scroll down from the common settings section to view connection settings. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 194 of 309...
  • Page 195 24: Configuring IPSec _______________________________________________________________________________________________________ Figure 96: The connections settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 195 of 309...
  • Page 196 (leave it blank for DMVPN) remotelanmask Opt:remotelanmask Web: Local Protocol Restricts the connection to a single protocol on the local side. UCI: strongswan.@connection[X].localproto Opt: localproto _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 196 of 309...
  • Page 197 3des aes128 aes256 serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is: aes128-sha-modp1536. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 197 of 309...
  • Page 198 UCI: one, before giving up. The value %forever means 'never give strongswan.@connection[X].keyringtries up'. Relevant only locally, other end need not agree on it. Opt: keyringtries _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 198 of 309...
  • Page 199 Defines the local address this secret applies to. UCI: strongswan.@secret[X].localaddress Opt: localaddress Web: ID selector Defines the remote address this secret applies to. UCI: strongswan.@secret[X]. remoteaddress Opt: remoteaddress _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 199 of 309...

  • Page 200: Configuring An Ipsec Template To Use With Dmvpn

    _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 200 of 309...
  • Page 201 '30s' option keyingtries '%forever' option dpdaction 'hold' option dpddelay '30s' option dpdtimeout '150s' config secret option enabled 'yes' option secrettype 'psk' option secret 'secret' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 201 of 309...

  • Page 202: Ipsec Diagnostics Using The Web Interface

    10.68.234.133/32[gre] === 192.168./32[gre] dmvpn_89_101_154_151{1}: INSTALLED, TRANSPORT, ESP in UDP SPIs: cca7b970_i d874dc90_o dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 89.101.154.151/32[gre] To view a list of IPSec commands, enter: root@VA_router:~# ipsec –help _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 202 of 309...

  • Page 203: Configuring A Gre Interface

    DHCP or PPP to dial into the provider network. In the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 99: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 203 of 309...
  • Page 204 IP address, TTL, tunnel key and MTU. Advanced Settings 'Bring up on boot' and 'monitor interface state' settings. Firewall settings Assign a firewall zone to the connection. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 204 of 309...
  • Page 205 Web: MTU Configures MTU (maximum transmission unit) size of PDUs using this interface. UCI: network.<if name>.mtu 1472 Opt: mtu Range Table 71: Information table for GRE _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 205 of 309...
  • Page 206 After you have configured the GRE interface, you must configure a static route to route the desired traffic over the GRE tunnel. To do this, go to Network->Static Routes. For more information, read the chapter ‘Configuring Static Routes’. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 206 of 309...

  • Page 207: Gre Configuration Using Command Line

    ‘172.255.255.100’ option ttl '128' option key '1234' option mtu '1472' option auto ‘1’ To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 207 of 309...

  • Page 208: Gre Diagnostics

    Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1465 errors:0 dropped:0 overruns:0 frame:0 TX packets:1465 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 208 of 309...
  • Page 209 255.255.255.248 U gre-Tunnel1 172.19.101.3 13.13.13.1 255.255.255.255 UGH gre-Tunnel1 Note: a GRE route will only be displayed in the routing table when the interface is up. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 209 of 309...

  • Page 210: Dynamic Multipoint Virtual Private Network (Dmvpn)

    New hubs can be added to the network to improve the performances and • reliability. Ability to carry multicast and main routing protocols traffic (RIP, OSPF, BGP). • DMVPN can be deployed using Activator, the Virtual Access automated • provisioning system. • Simplifies branch communications by enabling direct branch to branch connectivity.

  • Page 211: Dmvpn Scenarios

    Then it initiates VPN IPSec connection to spoke2. When an IPSec tunnel is established, spoke1 and spoke2 can send traffic directly • to each other. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 211 of 309...
  • Page 212 Note: if an IPSec tunnel fails to be established between the spokes then packets between the spokes are sent via the hub. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 212 of 309...

  • Page 213: Configuration Packages Used

    Selects the IPSec connection, defined in strongSwan, to be used as a template. UCI: dmvpn.common.ipsec_template_name Opt: ipsec_template_name Table 73: Information table for DMVPN general settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 213 of 309...

  • Page 214: Dmvpn Hub Settings

    Web: LED state indication LED to use for indicating if the VPN is up. UCI: dmvpn.@interface[X].led Opt: led Table 74: Information table for DMVPN hub settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 214 of 309...

  • Page 215: Dmvpn Diagnostics

    :~# opennhrpctl show Status: ok Interface: gre-GRE Type: local Protocol-Address: 11.11.11.7/32 Alias-Address: 11.11.11.3 Flags: up Interface: gre-GRE Type: local Protocol-Address: 11.11.11.3/32 Flags: up Interface: gre-GRE Type: cached _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 215 of 309...
  • Page 216 Security Associations (1 up, 0 connecting): dmvpn_89_101_154_151[1]: ESTABLISHED 2 hours ago, 10.68.234.133[10.68.234.133]...89.101.154.151[89.101.154.151] dmvpn_89_101_154_151{1}: REKEYING, TRANSPORT, expires in 55 seconds dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 192.168./32[gre] _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 216 of 309...
  • Page 217 Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 Flags: used up Expires-In: 0:18 Interface: gre-GRE Type: static Protocol-Address: 11.11.11.1/29 NBMA-Address: 89.101.154.151 Flags: up _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 217 of 309...

  • Page 218: Configuring Firewall

    The General Zone, or defaults, section declares global firewall settings that do not belong to any specific zones. These default rules take effect last and more specific rules take effect first. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 218 of 309...
  • Page 219 Rejected packets are blocked by the firewall and ICMP message is returned to the source host. Drop Dropped packets are blocked by the firewall. Table 76: Information table for general settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 219 of 309...
  • Page 220 (NAT/PAT/DNAT/SNAT) is not limited in any way by software; the only hardware limitation is the amount of RAM installed on the device. 27.2.2.1 Firewall zone: general settings Figure 110: The firewall zone general settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 220 of 309...
  • Page 221 Defines protocol family (ipv4, ipv6 or any) to generate iptables rules for. UCI: firewall.<zone label>.family Opt: family Table 77: Information table for firewall zone settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 221 of 309...
  • Page 222 Opt: log Web: Limit log messages Limits the amount of log messages per interval. UCI: firewall.<zone label>.log_limit Opt: log_limit Table 78: Information table for zone settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 222 of 309...
  • Page 223 Note: the rules generated for forwarding traffic between zones relay connection tracking to be enabled on at least one of the source or destination zones. This can be enabled through the conntrack option or through masq. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 223 of 309...
  • Page 224 Web: Internal IP address Specifies the internal (LAN) IP address for the traffic to be redirected UCI: firewall.<redirect label>.dest_ip Opt: dest_ip _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 224 of 309...
  • Page 225 -m policy --dir in for IPSec. The UCI: firewall.<redirect label>.extra arguments are entered as text strings. Opt: extra Table 81: Information table for port forward edits fields _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 225 of 309...
  • Page 226 27.2.4 Firewall traffic rules Rules can be defined to allow or restrict access to specific ports, hosts or protocols. Figure 115: The firewall traffic rules page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 226 of 309...
  • Page 227 For DNAT, redirects matched incoming traffic to the given port on the internal host. UCI: firewall.<rule label>.dest_port For SNAT, matches traffic directed at the given ports. Opt: dest_port _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 227 of 309...
  • Page 228 Iptables rules can be defined here. Custom rules are applied after all other rules are applied. Consult official iptables documentation for exact syntax and details. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 228 of 309...
  • Page 229 Extra arguments to pass to iptables, this is mainly useful to specify additional match options, like -m policy --dir in for IPSec. Table 84: Information table for custom rules commands _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 229 of 309...

  • Page 230: Configuring Firewall Using Uci

    27.3.3 Inter-zone forwarding To enable forwarding of traffic from WAN to LAN, enter: uci add firewall forwarding uci set firewall.@forwarding[1].dest=wan uci set firewall.@forwarding[1].src=lan _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 230 of 309...
  • Page 231 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 231 of 309...

  • Page 232: Ipv6 Notes

    This can actually harm if the firewall is attacked with many simultaneous connection _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 232 of 309...

  • Page 233: Connection Tracking

    NOTRACK. It should appear as option 'conntrack' '1' in the right zone in /etc/config/firewall. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 233 of 309...

  • Page 234: Firewall Examples

    'redirect' option 'name' 'ssh' option 'src' 'wan' option 'proto' 'tcpudp' option 'src_dport' '5555' option 'dest_ip' '192.168.1.100' option 'dest_port' '22' option 'target' 'DNAT' option 'dest' 'lan' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 234 of 309...

  • Page 235: True Destination Port Forwarding

    27.7.5 Block access to a specific host The following rule blocks all connection attempts to the specified host address. config rule option src _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 235 of 309...

  • Page 236: Restricted Forwarding Rule

    The example below creates a forward rule rejecting traffic from LAN to WAN on the ports 1000-1100. config rule option src option dest option dest_port 1000-1100 option proto tcpudp option target REJECT _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 236 of 309...

  • Page 237: Simple Dmz Rule

    27.7.11 Simple DMZ rule The following rule redirects all WAN ports for all protocols to the internal host 192.168.1.2. config redirect option src option proto option dest_ip 192.168.1.2 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 237 of 309...
  • Page 238 3128 27.7.14 IPSec passthrough This example enables proper forwarding of IPSec traffic through the WAN. # AH protocol config rule option src option dest _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 238 of 309...

  • Page 239: Manual Iptables Rules

    After a configuration change, to rebuild firewall rules, enter: root@VA_router:/# /etc/init.d/firewall restart Executing the following command will flush all rules and set the policies to ACCEPT on all standard chains: root@VA_router:/# /etc/init.d/firewall stop _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 239 of 309...

  • Page 240: Debug Generated Rule Set

    1 (one): root@VA_router:/# FW_TRACE=1 fw reload To direct the output to a file for later inspection, enter: root@VA_router:/# FW_TRACE=1 fw reload 2>/tmp/iptables.lo _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 240 of 309...

  • Page 241: Configuring Snmp

    Configuring SMNP using the web interface In the top menu, select Services -> SNMP. The SNMP Service page appears. 28.2.1 System and agent settings Figure 117: The SNMP service page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 241 of 309...
  • Page 242 Map community names into security names based on the community name and the source subnet. Use the first source/community combination that matches the incoming packet. Figure 118: The COM2Sec settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 242 of 309...
  • Page 243 Web: Security Name An already defined security name that is being included in this group. UCI: snmpd.group[x].secname Opt: secname Table 87: Information table for group settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 243 of 309...
  • Page 244 Access settings map from a group of users/communities, in a specific context and with a particular SNMP version and minimum security level, to one of three views, depending on the request being processed. Figure 121: The access settings section _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 244 of 309...
  • Page 245 28.2.6 Trap receiver Trap receiver settings define a notification receiver that should be sent SNMPv1 TRAPs and SNMPv2c TRAP2. Figure 122: The trap receiver settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 245 of 309...

  • Page 246: Configuring Snmp Using Command Line

    Table 91: Information table for trap receiver settings 28.3 Configuring SNMP using command line The configuration files are stored on /etc/config/snmpd 28.3.1 System settings using UCI root@VA_router:~# uci show snmpd snmpd.system=system _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 246 of 309...
  • Page 247 Note: the security names of “ro” and “rw” here are simply names – the fact of a security name having read only or read-write permissions is handled in the access section and dealt with at a group granularity. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 247 of 309...
  • Page 248 Similarly, requests from the security name “rw” in all protocols are mapped to the “private” group. 28.3.4.1 Group settings using UCI snmpd.grp_1_v1=group snmpd.grp_1_v1.version=v1 snmpd.grp_1_v1.group=public snmpd.grp_1_v1.secname=ro snmpd.grp_1_v2c=group snmpd.grp_1_v2c.version=v2c snmpd.grp_1_v2c.group=public snmpd.grp_1_v2c.secname=ro snmpd.grp_1_usm=group snmpd.grp_1_usm.version=usm _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 248 of 309...
  • Page 249 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 249 of 309...
  • Page 250 'rw' config 'group' 'private_v2c' option group 'private' option version 'v2c' option secname 'rw' config 'group' 'private_usm' option group 'private' option version 'usm' option secname 'rw' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 250 of 309...
  • Page 251 'access' 'public_access' option group 'public' option context 'none' option version 'any' option level 'noauth' option prefix 'exact' option read 'all' option write 'none' option notify 'none' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 251 of 309...
  • Page 252 # for SNMPv2c inform request receiver config informreceiver option host 'IPADDR[:PORT]' option community 'COMMUNITY STRING' An additional option was added to the 'agent' subsection: option authtrapenabled '0|1 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 252 of 309...

  • Page 253: Configuring Vrrp

    To configure VRRP through the web interface, in the top menu, select Network -> VRRP. The VRRP page appears. To access configuration settings, click ADD. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 253 of 309...
  • Page 254 Sets the initial role in which a VRRP router starts up. In a cluster of VRRP routes, set one as a Master and the others as Backup. UCI: vrrp.g1.init_state BACKUP Opt: init_state MASTER _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 254 of 309...

  • Page 255: Configuring Vrrp Using Uci

    'yes' option interface 'lan1' list track_iface 'lan' option init_state 'BACKUP' option router_id '1' option priority '115' option advert_int_sec '2' option password 'secret' option virtual_ipaddr '10.1.10.150/16' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 255 of 309...
  • Page 256 To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 256 of 309...

  • Page 257: Configuring Multicasting Using Pim And Igmp Interfaces

    To configure PIM through the web interface, in the top menu, select Network -> PIM. The PIM page appears. To access the Global settings, click Add. Figure 125: The global settings interface _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 257 of 309...

  • Page 258: Interfaces Configuration

    Enable SSM on given interface. UCI: pimd.interface[x].ssm Disabled. Opt: ssm Enabled. Table 94: Information table for interface settings To save your configuration updates, click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 258 of 309...

  • Page 259: Configuring Pim And Igmp Using Uci

    'wan' option ssm 'yes' option igmp 'no' Alternatively, enter: uci show pimd root@VA_router:/etc/config1# uci show pimd pimd.pimd=routing pimd.pimd.enabled=yes pimd.@interface[0]=interface pimd.@interface[0].enabled=yes pimd.@interface[0].interface=lan pimd.@interface[0].ssm=yes pimd.@interface[0].igmp=yes pimd.@interface[1]=interface pimd.@interface[1].enabled=yes _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 259 of 309...
  • Page 260 30: Configuring Multicasting using PIM and IGMP interfaces _______________________________________________________________________________________________________ pimd.@interface[1].interface=wan pimd.@interface[1].ssm=yes pimd.@interface[1].igmp=no To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 260 of 309...

  • Page 261: Configuring Terminal Server

    Configuration page appears. You must configure two main sections: Main Settings and Port Settings. 31.3.1 Configure main settings Figure 127: The terminal server main settings page _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 261 of 309...
  • Page 262 31.3.2.1 Port settings: general section In this section you can configure general port settings. The settings are usually the same for the central and the remote site. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 262 of 309...
  • Page 263 Web: Serial Forwarding Timeout (ms) Forwarding timeout in milliseconds (network to serial). UCI: tservd.@port[0]. sfwd_timeout Set to 0 to forward to serial immediately. Opt: sfwd_timeout 20 ms Range 0-10000 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 263 of 309...
  • Page 264 Note: • The displayed settings vary depending on options selected. DTR <--> DSR signalling is not available on GW2028 router models. • _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 264 of 309...
  • Page 265 31: Configuring Terminal Server _______________________________________________________________________________________________________ Figure 129: The serial section fields (portmode RS232 and usb serial disabled) _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 265 of 309...
  • Page 266 Note: this setting does not enable half- Opt: hd_mode duplex mode in the serial hardware of the router. Full duplex mode. Half duplex mode. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 266 of 309...
  • Page 267 Defines whether to use CRC32 or CRC16 in HDLC mode. Only displayed if Atmel USB serial card is enabled. UCI: tservd.@port[0].sync_crc32 Use CRC16. Opt: sync_crc32 Use CRC32. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 267 of 309...
  • Page 268 Range Web: Dual X.21 card bit reverse Enables bit reversal of all bits in 8 byte word during transmission. UCI: tservd.@port[0].bit_reverse Normal. Opt: bit_reverse Reverse. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 268 of 309...
  • Page 269 31.3.2.3 Port settings: network section In this section you can configure the network side of the Terminal Server. Note: the displayed settings vary depending on options selected. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 269 of 309...
  • Page 270 UCI: tservd.@port[0].ip_port2 Opt: ip_port2 Range 1 - 65535 Web: Remote IP 1 Destination peer IP 1 address. UCI: tservd.@port[0].remote_ip1 0.0.0.0 Opt: remote_ip1 Range IPv4 address _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 270 of 309...
  • Page 271 Defines the maximum number of remote UDP keepalive not received before UDP stream is considered broken. Only displayed UCI: tservd.@port[0].udpKaCount if transport mode is UDP. Opt: udpKaCount Range 0-65535 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 271 of 309...

  • Page 272: Terminal Server Using Uci

    '0.0.0.0' option remote_ip2 '0.0.0.0' 31.6 Terminal Server diagnostics The tservd process has to be running otherwise diagnostics options for terminal server will not be available. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 272 of 309...
  • Page 273 Tcp tx last error: 0 31.6.4 Terminal Server advanced debugging To see advanced debug commands for the terminal server, enter: root@VA_router:~# tserv === Termserv disgnostics. Command syntax: === _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 273 of 309...
  • Page 274 - show USB serial card CPLD programming status tserv upgrade userial - initiate upgrade of the USB serial card tserv quit - terminate termserv process _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 274 of 309...

  • Page 275: Configuring Vrf-Lite

    When VRF is enabled, config packages called vrf_<vrf name>_<config name> are extracted to a separate location and the VRF process is started, for example, vrf_customer1_network, vrf_customer1_strongswan _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 275 of 309...
  • Page 276 (where X is the sequence number). veX-1 can be then used in a VRF-specific network config as usual static interface. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 276 of 309...

  • Page 277: Event System

    _______________________________________________________________________________________________________ 33 Event system Virtual Access routers feature an event system. It allows you to forward router events to predefined targets for efficient control and management of devices. This chapter explains how the event system works and how to configure it using UCI commands.

  • Page 278: Supported Targets

    The configuration is composed of a main section and as many forwardings, targets and connection testers as required. 33.7.1 Va_eventd: main section 33.7.1.1 Main using UCI root@VA_router:~# uci show va_eventd va_eventd.main=va_eventd va_eventd.main.enabled=yes va_eventd.main.event_queue_file=/tmp/event_buffer va_eventd.main.event_queue_size=128K _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 278 of 309...
  • Page 279 To define a forwarding label of Monitor using UCI, enter: va_eventd.Monitor=forwarding In the examples below no forwarding label has been defined. 33.7.3 Forwarding using UCI root@VA_router:~# uci show va_eventd va_eventd.@forwarding[0]=forwarding va_eventd.@forwarding[0].enabled=1 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 279 of 309...
  • Page 280 UCI: va_eventd.<forwarding Only generate events with the given className and the given label>.eventName eventName. The eventName is optional and can be omitted. Opt: eventName _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 280 of 309...

  • Page 281: Ping Connection Tester

    If successful, the event system assumed the connection is valid for a configurable amount of time. 33.7.6.2 Ping connection tester using UCI va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].name=pinger va_eventd.@conn_tester[0].enabled=1 va_eventd.@conn_tester[0].type=ping _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 281 of 309...
  • Page 282 A link connection tester tests a connection by checking the status of the interface being used. 33.7.6.6 Link connection tester using UCI va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].name=linktest va_eventd.@conn_tester[0].enabled=1 va_eventd.@conn_tester[0].type=link va_eventd.@conn_tester[0].link_iface=eth0 Link connection tester using package options _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 282 of 309...
  • Page 283 When a syslog target receives an event, it sends it to the configured syslog server. In the examples below no target label has been defined. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 283 of 309...

  • Page 284: Email Target

    33.7.7.5 Email target When an email target receives an event, it sends it to the configured email address. 33.7.7.6 Email target using UCI va_eventd.@target[0]=target va_eventd.@target[0].name=email1 va_eventd.@target[0].enabled=1 va_eventd.@target[0].type=email _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 284 of 309...
  • Page 285 '0' option tls_starttls '0' option tls_forcessl3 '0' option timeout_sec "10" option from x@example.com option to y@example.com option subject_template "%{severityName} %{eventName}!!!" option body_template "%{eventName} (%{class}.%{subclass}) happened!" _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 285 of 309...
  • Page 286 Opt: body_template UCI: va_eventd.<target Name of the connection tester to use for this target. label>.conn_tester Opt: conn_tester Table 106: Information table for email target settings _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 286 of 309...

  • Page 287: Snmp Target

    IP address of the SNMP Manager. label>.target_addr Opt: target_addr UCI: va_eventd.<target Optional IP address to use as the trap source IP address. label>.agent_addr Opt: agent_addr _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 287 of 309...

  • Page 288: Event System Diagnostics

    Table 108: Information table for exec target settings 33.8 Event system diagnostics 33.8.1 Displaying VA events To view a list of all available class names, events and severity levels, enter: vae_cli -d _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 288 of 309...
  • Page 289 | ethernet 2 | LinkDown | notice | Ethernet %{p1} down | auth 2 | BadPasswordSSH | warning | SSH login attempt from %{p2}: ba.. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 289 of 309...
  • Page 290 1 | WiFiConnectedToAP | notice | WiFi %{p1} connected to AP %{p2} | wifi 2 | WiFiDisconnectedFromAP | notice | WiFi %{p1} disconnected from AP _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 290 of 309...
  • Page 291 3 | QueryTimeout | warning | NTP query to %{p1} timed out. Ne.. | ntp 4 | QueryFailed | warning | NTP query failed: %{p1} _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 291 of 309...
  • Page 292 'l2tp' option eventName 'CannotFindTunnel' option severity 'debug-critical' option target 'syslog' config forwarding option enabled 'yes' option className 'mobile' option severity 'notice-critical' option target 'snmp' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 292 of 309...
  • Page 293 'yes' option type 'syslog' option target_addr '192.168.100.254:514' option conn_tester 'mon_server' config target option name 'email' option enabled 'yes' option type 'email' option smtp_addr '89.101.154.148:465' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 293 of 309...
  • Page 294 '192.168.100.254' option agent_addr '192.168.100.1' option conn_tester 'mon_server' config target option name 'logit' option enabled 'yes' option type 'exec' option cmd_template 'logger -t eventer %{eventName}' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 294 of 309...

  • Page 295: Configuring Sla Reporting On Monitor

    To enable all devices under a particular reseller for SLA, under the SLA tab, click ON. The user must have admin privileges for any change to be made. If they do not, they will be informed of this fact. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 295 of 309...

  • Page 296: Configuring Router Upload Protocol

    The graphs initially appear in an hourly format. To expand or reduce the time axis, use the appropriate zoom button. To navigate forwards or backwards chronologically, use the right and left arrow buttons. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 296 of 309...
  • Page 297 To view raw data, click each graph to produce the following information. Figure 135: Raw data information from each graph To change the range of the graph, click zoom. Figure 136: Altered range of graph information _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 297 of 309...
  • Page 298 If you remove a graph, you can add it back to the page by selecting its name in the Add SLA Element drop-down menu. If you have not removed any graphs, this drop-down menu is not available. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 298 of 309...

  • Page 299: Generating A Report

    34.5.1 Create a report Select Create Report. Enter the relevant parameters. Report name • Frequency of report • • Assigned devices • SLA Report Elements _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 299 of 309...
  • Page 300 After clicking Change, the select devices page appears, this allows you to select which devices are to be members of the report. Figure 141: Sample from the select devices page Click Continue and then add SLA report elements. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 300 of 309...
  • Page 301 • Click Add and when you have selected all graphs, click Save. View reports To view a report, in the header menu, select Statistic Reports. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 301 of 309...
  • Page 302 If you select Day, data will be shown for every day; if you select Week, data will be shown for every week, and so on. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4...

  • Page 303: Reporting Device Status To Monitor Using Uci

    A sample Monitor configuration is shown below. root@VA_router:~# uci show monitor monitor.main=keepalive monitor.main.enable=yes monitor.main.interval_min=1 monitor.main.dev_reference=mikesamazondev monitor.main.monitor_ip=10.1.83.36 root@VA_router:~# uci export monitor package 'monitor' config keepalive 'main' option enable 'yes' option interval_min '1' _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 303 of 309...
  • Page 304 34:Configuring SLA reporting on Monitor _______________________________________________________________________________________________________ option dev_reference 'mydevice' option enabled 'yes' list monitor_ip '10.1.83.36' config interface_stats 'stats' option enabled 'yes' option bin_period '1m' option bin_cache_size '1440 _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 304 of 309...

  • Page 305: Configuring Sla For A Router

    35 Configuring SLA for a router SLA reporting works in two parts: 1. The Virtual Access Monitor system server connects via SSH into the router and schedules the task of uploading statistics to Monitor. 2. The Virtual Access router monitors UDP keepalive packets. It creates and stores statistics in bins.
  • Page 306 UCI: slad.main.max_bin_count Opt: max_bin_count Table 110: Information table for SLA settings When you have made all your configuration changes, click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 306 of 309...

  • Page 307: Configuring Sla For A Router Using The Uci Interface

    Viewing SLA statistics using UCI To show all available statistic options, enter: root@VA_router:~# sla sla [current] | [all] | [oldest] | [newest] | [newest N] | [range: YYYMMDDHH-YYYYMMDDHH] _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 307 of 309...

  • Page 308: Virtual Access

    To show the newest statistics, enter: root@VA_router: ~# sla newest ---------------------------------------- Bin valid: Start time 01.01.1970 03:32:00 End time 01.01.1970 03:33:00 Pkts In: Pkts Out: Bytes In: _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 308 of 309...
  • Page 309 Avg Round Trip: 1 ms Min GSM signal quality: -63 dBm Max GSM signal quality: -63 dBm Avg GSM signal quality -63 dBm Availability: 100.00% _______________________________________________________________________________________________________ © Virtual Access 2016 GW2020 Series User Manual Issue: 1.4 Page 309 of 309...

This manual is also suitable for:

Gw2024p-4Gw2024p-8Gw1032Gw1042

Table of Contents