Page 1: User Manual
FireBrick FB6502 User Manual FB6000 Versatile Network Appliance...
Page 4: Table Of Contents
1.1.1. Where do I start? ....................1 1.1.2. What can it do? ....................1 1.1.2.1. FB6502 Gigabit core VoIP SIP switch for ISTP use ........2 1.1.3. Ethernet port capabilities ..................2 1.1.4. Product variants in the FB6000 series ..............2 1.2.
Page 5 FireBrick FB6502 User Manual 4.1.4.2. Logged in IP address ................22 4.1.4.3. Restrict by profile ................. 22 4.1.5. Password change ..................... 22 4.1.6. One Time Password (OTP) ................22 4.2. General System settings ....................23 4.2.1. System name (hostname) .................. 23 4.2.2.
Page 6 FireBrick FB6502 User Manual 7.2. Routing targets ......................41 7.2.1. Subnet routes ....................41 7.2.2. Routing to an IP address (gateway route) ............. 41 7.2.3. Special targets ....................42 7.3. Dynamic route creation / deletion ................. 42 7.4. Routing tables ......................42 7.5.
Page 7 FireBrick FB6502 User Manual 12.2. Configuring VRRP ....................60 12.2.1. Advertisement Interval ..................60 12.2.2. Priority ......................60 12.3. Using a virtual router ....................60 12.4. VRRP versions ......................60 12.4.1. VRRP version 2 .................... 60 12.4.2. VRRP version 3 .................... 61 12.5.
Page 8 FireBrick FB6502 User Manual B.2. How the FireBrick allocates MAC addresses ..............82 B.2.1. Interface ......................82 B.2.2. Subnet ......................82 B.2.3. PPPoE ......................82 B.2.4. Base MAC ....................82 B.2.5. Running out of MACs ..................83 B.3. MAC address on label ....................83 B.4.
Page 9 FireBrick FB6502 User Manual F.2.14. Check access to services ................. 97 F.3. BGP commands ......................97 F.4. VoIP commands ......................97 F.5. Advanced commands ....................97 F.5.1. Panic ......................97 F.5.2. Reboot ......................97 F.5.3. Screen width ....................97 F.5.4. Make outbound command session ..............97 F.5.5.
Page 10 FireBrick FB6502 User Manual I.2.21. portdef: Port grouping and naming ..............120 I.2.22. interface: Port-group/VLAN interface settings ............ 120 I.2.23. subnet: Subnet settings .................. 121 I.2.24. vrrp: VRRP settings ..................122 I.2.25. dhcps: DHCP server settings ................123 I.2.26. dhcp-attr-hex: DHCP server attributes (hex) ............124 I.2.27.
Page 11 FireBrick FB6502 User Manual I.3.26. bgpmode: BGP announcement mode ..............147 I.3.27. sampling-mode: Sampling mode ..............147 I.3.28. sfoption: Source filter option ................147 I.3.29. peertype: BGP peer type ................147 I.3.30. switch: Profile manual setting ................. 148 I.3.31. voip-format: Number presentation format ............148 I.3.32.
Page 12 List of Figures 2.1. Initial web page in factory reset state ..................7 2.2. Initial "Users" page ......................7 2.3. Setting up a new user ......................8 2.4. Configuration being stored ....................8 3.1. Main menu ........................11 3.2. Icons for layout controls ..................... 12 3.3.
Page 13 List of Tables 2.1. IP addresses for computer ..................... 6 2.2. IP addresses to access the FireBrick ..................6 2.3. IP addresses to access the FireBrick ..................6 3.1. Special character sequences ....................17 4.1. User login levels ....................... 21 4.2.
Page 14 FireBrick FB6502 User Manual I.15. telnet-service: Attributes ....................113 I.16. http-service: Attributes ..................... 114 I.17. dns-service: Attributes ..................... 114 I.18. dns-service: Elements ...................... 115 I.19. dns-host: Attributes ......................115 I.20. dns-block: Attributes ....................... 115 I.21. radius-service: Attributes ....................116 I.22. radius-service: Elements ....................117 I.23.
Page 15 FireBrick FB6502 User Manual I.71. syslog-severity: Syslog severity ..................141 I.72. syslog-facility: Syslog facility ................... 142 I.73. month: Month name (3 letter) ................... 142 I.74. day: Day name (3 letter) ....................143 I.75. radiuspriority: Options for controlling platform RADIUS response priority tagging ..... 143 I.76.
Page 16: Preface
IPv6-capable networking software, written from scratch in-house by the FireBrick team. Custom designed hardware, manufactured in the UK, hosts the new software, and ensures FireBrick are able to maximise performance from the hardware, and maintain exceptional levels of quality and reliability.
Page 17: Introduction
The remainder of this chapter provides an overview of the FB6000's capabilities, and covers your product support options. The latest version of the QuickStart guide for the FB6000 can be obtained from the FireBrick website at : http://www.firebrick.co.uk/pdfs/quickstart-6000.pdf 1.1.2. What can it do? The FB6000 series of products is a family of high speed ISP/telco grade routers and firewalls providing a range of specific functions.
Page 18: Fb6502 Gigabit Core Voip Sip Switch For Istp Use
Introduction • Gigabit performance The FB600 series are provided in a number of variants. This manual is for the FB6502. This variant includes: • Border Gateway Protocol, to allow routes to be announced and accepted from peering BGP routers. • SIP VoIP caller server, providing core call routing and registration functions for a voice network operator.
Page 19: Intended Audience
1.2.4. Document style At FireBrick, we appreciate that different people learn in different ways - some like to dive in, hands-on, working with examples and tweaking them until they work the way they want, referring to documentation as required.
Page 20: Comments And Feedback
FireBrick are building a library of Application Note documents that you can refer to - each Application Note describes how to use and configure a FireBrick in specific scenarios, such as using the device in a multi-tenant Serviced Office environment, or using the FireBrick to bond multiple WAN connections together.
Page 21: Training Courses
Introduction 1.3.5. Training Courses FireBrick provide training courses for the FB2x00 series products, and also training course on general IP networking that are useful if you are new to networking with IP. obtain information about upcoming courses, please contact e-mail...
Page 22: Getting Started
• Method 3 - use an existing DHCP server to configure the FireBrick. If your LAN already has a DHCP server, you can connect port 4 of your FireBrick to your LAN, and it will get an address. Port 4 is configured, by default, not to give out any addresses and as such it should not interfere with your existing network.
Page 23: Add A New User
2.2.1. Add a new user You now need to add a new user with a password in order to gain full access to the FireBrick's user interface. Click on the "Users" icon, then click on the "Add" link to add a user. The "Users" page is shown below, with the "Add"...
Page 24: Setting Up A New User
Getting Started Figure 2.3. Setting up a new user You may also want to increase the login-session idle time-out from the default of 5 minutes, especially if you are unfamiliar with the user-interface. To do that, tick the checkbox next to timeout, and enter an appropriate value as minutes, colon, and seconds, e.g.
Page 25: Configuration
Chapter 3. Configuration 3.1. The Object Hierarchy The FB6000 has, at its core, a configuration based on a hierarchy of objects, with each object having one or more attributes. An object has a type, which determines its role in the operation of the FB6000. The values of the attributes determine how that object affects operation.
Page 26: Formal Definition Of The Object Model
XML. If the User Interface does not generate valid XML - i.e. when saving changes to the configuration the FireBrick reports XML errors, then this may be a bug - please check this via the appropriate support channel(s).
Page 27: User Interface Layout
The User Interface has the following general layout :- • a 'banner' area at the top of the page, containing the FireBrick logo, model number and system name • a main-menu, with sub-menus that access various parts of the user interface ; the main-menu can be shown vertically or horizontally - sub-menu appearance depends on this display style : if the main-menu is vertical, sub-menus are shown by 'expanding' the menu vertically ;...
Page 28: Config Pages And The Object Hierarchy
FB6000 will automatically be recalled next time you use the same computer/browser to connect to that FB6000. It is also possible to configure an external CSS to use with the FireBrick web control pages which allows a great deal of control over the overall layout and appearance. This can be usful for dealers or IT support companies to set up FireBricks in a style and branding of their choice.
Page 29: Object Settings
Erase. Simply going back "Up" or moving to another part of the config will leave this newly created empty object and that could have undesirable effects on the operation of your FireBrick if saved. 3.4.2.2. Object settings The details of an object are displayed as a matrix of boxes (giving the appearance of a wall of bricks), one for each attribute associated with that object type.
Page 30: Editing An "Interface" Object
Configuration Figure 3.5. Editing an "Interface" object By default, more advanced or less frequently used attributes are hidden - if this applies to the object being edited, you will see the text shown in Figure 3.6. The hidden attributes can be displayed by clicking on the link "Show all".
Page 31: Navigating Around The User Interface
FB6000. All changes are initially held in-memory (in the web browser itself), and are committed back to the FireBrick only when you press the Save button.
Page 32: Backing Up / Restoring The Configuration
You should be careful that you don't inadvertently add incompletely setup objects this way, as they may affect operation of the FireBrick, possibly with a detrimental effect. If you have added an object, perhaps for the purposes of looking at what attributes can be set on it, remember to delete the object before you navigate away -- the "Erase"...
Page 33: The Root Element -
'read-only', and so is 'safe' in as much as you can't accidentally change the configuration. 3.5.4. Example XML configuration An example of a simple, but complete XML configuration is shown below, with annotations pointing out the main elements <?xml version="1.0" encoding="UTF-8"?> <config xmlns="http://firebrick.ltd.uk/xml/fb2700/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://firebrick.ltd.uk/xml/fb2700/ timestamp="2011-10-14T12:24:07Z" patch="8882">...

Page 34 </system> <user name="peter" full-name="Peter Smith" password="FB105#4D42454D26F8BF5480F07DFA1E41AE47410154F6" timeout="PT3H20M" config="full" level="DEBUG"/> <log name="default"/> <log name="fb-support"> <email to="crashlog@firebrick.ltd.uk" comment="Crash logs emailed to FireBrick Support"/> </log> <services> <ntp timeserver="pool.ntp.org"/> <telnet log="default"/> <http /> <dns domain="watchfront.co.uk" resolvers="81.187.42.42 81.187.96.96"/> </services> <port name="WAN" ports="1"/> <port name="LAN"...
Page 35: Downloading/Uploading The Configuration
3.6. Downloading/Uploading the configuration The XML file may be retrieved from the FireBrick, or uploaded to the FireBrick using HTTP transfers done via tools such as curl. Using these methods, configuration of the FB6000 can be integrated with existing administrative systems.
Page 36: System Administration
Chapter 4. System Administration 4.1. User Management You will have created your first user as part of the initial setup of your FB6000, as detailed in either the QuickStart Guide or in Chapter 2 in this manual. To create, edit or delete users, browse to the config pages by clicking the "Edit" item in the sub-menu under the "Config"...
Page 37: Configuration Access Level
System Administration Table 4.1. User login levels Level Description No access to any menu items, but can access control NOBODY switches for which the user has access. Guest user, access to some menu items GUEST Normal unprivileged user USER System administrator ADMIN System debugging user DEBUG...
Page 38: Logged In Ip Address
This can be useful for firewall rules where you may have to log in to the FireBrick, even as a NOBODY level user, just to get your IP address in an access list to allow further access to a network from that IP.
Page 39: General System Settings
System Administration If OTP is configured you can leave the pasword blank (which is not normally allowed) and hence use the authenticator code as the entire password, though this is not recommended for secuiry reasons as it also means the TOTP seed is recoverable from the config.. Note Technical details to allow you to create configs with password and OTP seed hashes are described in Appendix H.
Page 40: Software Upgrades
As a matter of policy, FireBrick software upgrades are always free to download for all FireBrick customers. To complement the responsive UK-based development process, the FB6000 is capable of downloading and installing new software directly from Firebrick's servers, providing the unit has Internet access.
Page 41: Identifying Current Software Version
System Administration a replacement attribute should be used instead. A release where such an change has been made, and existing configurations will need modifying, are termed Breakpoint software releases. Breakpoint releases are special as they are able to automatically update an existing configuration - used with the previous software release - so that it is compatible with the new release, and functionality is retained where- ever possible.
Page 42: Controlling Automatic Software Updates
This method is entirely manual, in the sense that the brick itself does not download new software from the FireBrick servers, and responsibilty for loading breakpoint releases as required lies with the user. In order to do this, you will first need to download the required software image file (which has the file extension .img) from the FB6000 software downloads website [http://www.firebrick.co.uk/software.php?
Page 43: Boot Process
System Administration 4.4. Boot Process The FB6000 contains internal Flash memory storage that holds two types of software :- • main application software (generally referred to as the app) • a bootloader - runs immediately on power-up, initialises system, and then loads the app It is possible for only one of these types of software, or neither of them, to be present in the Flash, but when shipped from the factory the unit will contain a bootloader and the latest factory-release application software.
Page 44: Event Logging
5.1. Overview Many events in the operation of the FireBrick create a log entry. These are a one-line string of text saying what happened. This could be normal events such as someone logging in to the web interface, or unusual events such as a wrong password used, or DHCP not being able to find any free addresses to allocate.
Page 45: Logging To The Console
Event Logging 5.1.1.2. Logging to the Console The console is the command line environment described in Chapter 15. You can cause log entries to be displayed as soon as possible on the console (assuming an active console session) by setting console="true" on the log target.
Page 46: Email
XML is shown below, from which you can see that in many cases, you only need to specify the to attribute (the comment attribute is an optional, general comment field) :- <log name="fb-support" comment="Log target for sending logs to FireBrick support team"> <email to="crashlog@firebrick.ltd.uk" comment="Crash logs emailed to FireBrick Support team"/>...
Page 47: E-Mail Process Logging
5.5. Performance The FireBrick can log a lot of information, and adding logs can causes things to slow down a little. The controls in the config allow you to say what you log in some detail. However, logging to flash will always slow things down a lot and should only be used where absolutely necessary.
Page 48: Viewing Logs In The Cli Environment
Event Logging All log targets can be viewed via the web User Interface, regardless of whether they specify any external logging (or logging to Flash memory). 5.6.2. Viewing logs in the CLI environment The command line allows logs to be viewed, and you can select which log target, or all targets. The logging continues on screen until you press a key such as RETURN.
Page 49: Interfaces And Subnets
Chapter 6. Interfaces and Subnets This chapter covers the setup of Ethernet interfaces and the definition of subnets that are present on those interfaces. 6.1. Relationship between Interfaces and Physical Ports The FB6000 features two Gigabit Ethernet (1Gb/s) ports. These ports only work at gigabit speeds. Each port features a green and amber LED, the functions of which can be chosen from a range of options indicating link speed and/or traffic activity.
Page 50: Defining Subnets
Interfaces and Subnets The primary attributes that define an interface are the name of the physical port group it uses, an optional VLAN ID, and an optional name. If the VLAN ID is not specified, it defaults to "0" which means only untagged packets will be received by the interface.
Page 51: Source Filtering
Interfaces and Subnets 6.2.1.1. Source filtering The interface has an option to source-filter traffic received from the interface. This means checking the source IP of all traffic that arrives. Setting source filtering to true will only allow IPs that would be routed back down that interface. That is the most restrictive setting, and can be useful for restricting customer connections to only originate traffic from their assigned IP addresses.
Page 52: Fixed/Static Dhcp Allocations
Not all devices cope with this so it is recommended that an explicit range is used, e.g. 192.168.1.100-199. You do not, however, have to be careful of either the FireBrick's own addresses or subnet broadcast addresses as they are automatically excluded. When using the default (0.0.0.0/0) range network addresses are also omitted, as are any other addresses not within a subnet...
Page 53: Special Dhcp Options
Interfaces and Subnets single character, respectively. The value specified for the mac attribute can be a list of partial MAC addresses, where each item can be less than a full 6-byte address. Any device whose MAC's leading bytes match one of the items in the mac list is acceptable.
Page 54: Dhcp Relay Agent
The top level dhcp-relay configuration allows you to configure the FireBrick to be the remote server for a DHCP/BOOTP Relay Agent. The relay attribute allows specific pools to be set up for specific relays. The table and allow allow you to limit the use of the DHCP Remote server to requests from specific sources - note that renewal requests come from the allocated IP, or NAT IP if behind NAT and not necessarily from the relay IP.
Page 55: Defining Port Led Functions
Interfaces and Subnets Note If you do not set the autoneg attribute (checkbox is unticked), and you set both port speed and duplex mode to values other than auto, auto-negotiation will be disabled ; this behaviour is to reduce the potential for duplex mis-match problems that can occur when connecting the FB6000 to some vendors' (notably Cisco) equipment that has auto-negotation disabled by default.
Page 56: Routing
Chapter 7. Routing 7.1. Routing logic The routing logic in the FB6000 operates primarily using a conventional routing system of most specific prefix, which is commonly found in many IP stacks in general purpose computers and routers. Conventional routing determines where to send a packet based only on the packet's destination IP address, and is applied on a 'per packet' basis - i.e.
Page 57: Routing Targets
Routing 7.2. Routing targets A route can specify various targets for the packet :- Table 7.1. Example route targets Target Notes an Ethernet interface (locally-atached subnet) requires ARP or ND to find the device on the LAN to which the traffic is to be sent. a specific IP address (a "gateway") the packet is forwarded to another router (gateway) ;...
Page 58: Special Targets
Routing 7.2.3. Special targets It is possible to define two special targets :- • 'black-hole' : packets routed to a black-hole are silently dropped. 'Silent' refers to the lack of any ICMP response back to the sender. • 'nowhere' (also called Dead End) : packets routed to 'nowhere' are also dropped but the FB6000 generates ICMP error responses back to the sender.
Page 59 Routing To make this work to the best effect, set the tx speed of the shapers on the links to match the actual link speed. E.g. for broadband lines, set the speed to match the uplink from the FB6000.
Page 60: Profiles
Chapter 8. Profiles Profiles allow you to enable/disable various aspects of the FB6000's configuration (and thus functionality) based on things such as time-of-day or presence/absence of Ping responses from a specified device. 8.1. Overview A profile is a two-state control entity - it is either Active or Inactive ("On" or "Off", like a switch). Once a profile is defined, it can be referenced in various configuration objects where the profile state will control the behaviour of that object.
Page 61: Tests
Profiles • recover : the duration that the overall test must have been passing for before the profile state changes to Active The timeout and recover parameters do not apply to manually set profiles (see Section 8.2.4) and those based on time-of-day (see Section 8.2.2.2). 8.2.2.
Page 62: Manual Override
Profiles 8.2.4. Manual override You can manually override all tests, and force the profile state using the set attribute - a value of true forces the state to Active, and false forces it to Inactive. You can also configure the set attribute with a value of control-switch. This causes the profile to be set manually based on a control switch which is not stored in the configuration itself.
Page 63: Traffic Shaping
Chapter 9. Traffic Shaping The FB6000 includes traffic shaping functionality that allows you to control the speed of specific traffic flows through the FB6000. The FB6000 also provides graphing functionality, allowing specific traffic flows to be plotted on a graph image (PNG format) that the FB6000 generates. Within the FB6000, traffic shaping and graphing are closely associated, and this is reflected in how you configure traffic shaping - in order to be able to perform traffic shaping, you must first graph the traffic flow.
Page 64: Shapers
Traffic Shaping 9.1.2. Shapers Once you have graphed a (possibly bi-directional) traffic flow, you can then also define speed restrictions on those flows. These can be simple "Tx" and "Rx" speed limits or more complex settings allowing maximum average speeds over time. You define the speed controls associated with the graphed traffic flow(s) by creating a shaper top-level object.
Page 65: Basic Principles
Traffic Shaping • The ingress interface can have a defined shaper • It is possible to create a bonded gateway route where multiple routes exist for the same target (typically a default gateway) and each route as a speed set, which is itself a shaper. This is used to control how much traffic goes via each of the bonded routes.
Page 66: System Services
Chapter 10. System Services A system service provides general functionality, and runs as a separate concurrent process alongside normal traffic handling. Table 10.1 lists the services that the FB6000 can provide :- Table 10.1. List of system services Service Function SNMP server provides clients with access to management information using the Simple Network Management Protocol...
Page 67: Http Server Configuration
System Services If specified, then the service only accepts requests/connections on the specified table routing table. If not specified then the service works on any routing table. Where the service is also a client then this specifies the routing table to use (default 0). If specified then this is a list of ranges of IP addresses and ip group names from allow which connections are allowed.
Page 68: Access Control
LAN. This is done by telling the FireBrick the domain for your local network. Any name that is within that domain which matches a client name of a DHCP allocation that the FireBrick has made will return the IP address assigned by DHCP. This is applied in reverse for reverse DNS mapping an IP address...
Page 69: Ntp Configuration
Time Protocol (NTP) server. There are public NTP servers available for use on the Internet, and a factory reset configuration does not specify an NTP server which means a default of ntp.firebrick.ltd.uk. You can set your preferred NTP server instead.
Page 70: Server Blacklisting
However, it is quite possible for a server to go away when there are no current RADIUS requests, or even come back when not being used for current requests. To allow for this the FireBrick sends status-server requests to the server periodically, and records the responses in the 64 bit response queue. This means a blacklisted server will be recorded as usable again once it starts answering such requests.
Page 71: Network Diagnostic Tools
Chapter 11. Network Diagnostic Tools Various network diagnostic tools are provided by the FB6000, accessible through either the web user interface or the CLI :- • Packet dump : low level diagnostics to for detailed examination of network traffic passing through the FB6000 •...
Page 72: Packet Dumping
This address is not on a local Ethernet subnet and so not allowed access. 11.2. Packet Dumping The FireBrick includes the ability to capture packet dumps for diagnostic purposes. This might typically be used where the behaviour of the FB6000 is not as expected, and can help identify whether other devices are correctly implementing network protocols - if they are, then you should be able to determine whether the FB6000 is responding appropriately.
Page 73: Security Settings Required
Network Diagnostic Tools 11.2.2. Security settings required The following criteria must be met in order to use the packet dump facility :- • You must be accessing from an IP listed as trusted in the HTTP service configuration (see Section 10.3). •...
Page 74: Using The Web Interface
Linebreaks are shown in the example for clarity only - they must not be entered on the command-line In this example we have used username name and password pass to log-in to a FireBrick on address 1.2.3.4 - obviously you would change the IP address (or host name) and credentials to something suitable for your FB6000.
Page 75: Vrrp
Note You can disable the use of the special MAC if you wish, and use a normal FireBrick MAC. However, this can lead to problems in some cases.
Page 76: Configuring Vrrp
VRRP 12.2. Configuring VRRP VRRP operates within a layer 2 broadcast domain, so VRRP configuration on the FB6000 comes under the scope of an interface definition. As such, to set-up your FB6000 to participate in a Virtual Router group, you need to create a vrrp object, as a child object of the interface that is in the layer 2 domain where the VRRP operates.
Page 77: Vrrp Version 3
Note that the FB6000 has non-standard support for some specific packets sent to the VRRP virtual addresses. This includes answering pings (configurable) and handling DNS traffic. Other VRRP devices may not operate in the same way and so may not work in the same way if they take over from the FireBrick.
Page 78: Voip
Chapter 13. VoIP 13.1. What is VoIP? Voice over IP (VoIP) is simply a means of carrying voice (telephone calls) over Internet Protocol (the Internet). Instead of using pairs of wires to carry the signal electrically, the sound is sampled and converted to a sequence of bytes.
Page 79: Core Call Routing Switch
To do this you define a carrier-url in the VoIP settings. The FireBrick does a simple http GET on this periodically (set carrier-update to control frequency). The response is expected to be plain text containing space or comma separated values:- •...
Page 80: Number Plan
• The FireBrick can make use of the current Internet Protcol (IPv6). At present there are few carriers and handsets that work with IPv6, but this is improving all of the time. IPv6 avoids the need for NAT. The FireBrick acts as a media gateway which makes firewalling rules simple even when using IPv6, and allows IPv4 and IPv6 devices to interwork with no problems.
Page 81: Voip Call Carriers
For a carrier that sends calls to the FB6000 without registration, you will need to know how the FireBrick recognises the call is from a carrier.
Page 82: Hunt Groups
VoIP controls, such as limiting concurrent calls, etc, and you can reference a configured carrier in the RADIUS call routing reply. 13.8. Hunt groups Hunt groups are normally provided by sending details of multiple endpoints on the RADIUS call routing response.
Page 83: Call Routing By Radius
Access requests are made even when from a recognised carrier. In such case the carrier is validated by the FireBrick directly, and then the access request is made to decide call routing. To identify such requests, the User-Name is the configured name of the carrier prefixed with an @ character.
Page 84: Call Recording
The recording server can be any SIP endpoint, such as an asterisk box. A linux based call recording app is available to FireBrick customers for this purpose, and some VOIP carriers may offer this as a service. If the SIP endpoint supports stereo A-law then the recording is made in stereo with each side of the conversation on a channel.
Page 85: Voicemail And Ivr Services
VoIP 13.13. Voicemail and IVR services Voicemail is still in development. The FB6000 will simply pass the call to a voicemail server via SIP. This could be a local device on the network, or a service provided by a carrier. We will include a software package to run on a linux box that will save the recording.
Page 86: Technical Details
• The FireBrick always acts as an audio media endpoint, i.e. it is always in the media path. This minimises call routing and firewalling issues. The FireBrick uses the same IP for media and control messages on each call.
Page 87 30ms@400Hz 10ms 30ms@400Hz 6000ms 125ms@400Hz 125ms 20000ms@1400Hz 200ms@400Hz 400ms 2000ms@400Hz 400ms Accessing a url on the FireBrick of /voip/ring.wav serves a WAV format of the tone. You can test tones using a URL like /voip/tone.wav?100ms@1000Hz+200ms@2000Hz but ensure you URL escape the query string.
Page 88: Bgp
Chapter 14. BGP 14.1. What is BGP? BGP (Border Gateway Protocol) is the protocol used between ISPs to advise peers of routes that are available. Each ISP tells its peers the routes it can see, being the routes it knows itself and those that it has been advised by other peers.
Page 89: Simple Example Setup
• RFC2385 TCP MD5 protection • RFC2796 Route reflector peers • RFC3392 Capabilities negotiation • RFC3065 Confederation peers • RFC5082 TTL Security • Multiple independent routing tables allowing independent BGP operations • Multiple AS operation 14.2.3. Simple example setup A typical installation may have transit connections from which a complete internet routing table is received, peers which provide their own routes only, internal peers making an IBGP mesh, customers to which transit is provided and customer routes may be accepted.
Page 90: Route Filtering
confederate For EBGP that is part of a confederation. Confederation rules apply Peers only with different Must be EBGP, and sets default of no-fib and not add-own-as. Routes from this peer are marked as IXP routes which affects filtering on route announcements. Only announced on EBGP not IBGP.
Page 91: Well Known Community Tags
14.2.7. Announcing black hole routes The FireBrick allows black hole routes to be defined using the the blackhole object. Routing for such addresses is simply dropped with no ICMP error. Such routes can be marked for BGP announcement just like any other routes.
Page 92: Announcing Dead End Routes
Any route installed as network are announced with this community. Note, this is not set automatically on a nowhere route, allowing a route to be announced to get to this FireBrick to be propagated via IBGP. The effect of this is that your network can include one (or more) source of top level network routes which, within your network, are installed as dead ends at each point.
Page 93: Diagnostics
14.2.15. TTL security The FireBrick supports RFC5082 standard TTL security. Simply setting ttl-security="1" on the peer settings causes all of the BGP control packets to have a TTL of 255 and expects all received packets to be TTL 255 as well.
Page 94: Command Line Interface
Chapter 15. Command Line Interface The FB6000 provides a traditional command-line interface (CLI) environment that can be used to check status information, and control some aspects of the unit's operation. The CLI is accessed via the 'telnet' protocol - the FB6000 implements a telnet server, which you can connect to using any common telnet client program.
Page 95: Cidr And Cidr Notation
Appendix A. CIDR and CIDR Notation Classless Inter-Domain Routing (CIDR) is a strategy for IP address assignment originally specified in 1993 that had the aims of "conserving the address space and limiting the growth rate of global routing state". The current specification for CIDR is in RFC4632 [http://tools.ietf.org/html/rfc4632].
Page 96 CIDR and CIDR Notation routing table entry - 10.1.2.0/24 and 10.1.3.0/24 - routing table entries for these subnets would appear in a downstream router. Note that in either a network/subnet or routing destination specification, the address will be the starting address of the IP address range being expressed, such that there will be M least significant bits of the address set to zero, where M = 32 - prefix_length Combined interface IP address and subnet definitions...
Page 97: Mac Addresses Usage
In principle the FireBrick could have a single MAC address for all operations. However, practical experience has led to the use of multiple MAC addresses on the FireBrick. A unique block of addresses is assigned to each FireBrick, with the size of the block dependent on the model.
Page 98: How The Firebrick Allocates Mac Addresses
ISP links as above where ports are locked to only accept one MAC. The way the FireBrick manages MAC addresses is designed to be a bit sticky so that a config change will not usually cause a MAC address assigned to a subnet or interface to change.
Page 99: Running Out Of Macs
MAC Addresses usage B.2.5. Running out of MACs The allocations are recorded in persistent data, so if an object is removed from the config and later put back it should get the same MAC address. If however there are not enough MAC addresses when loading a config, then previous assignments are re-used.
Page 100: Using With A Dhcp Server
MAC Addresses usage • the first address in the range has zero for the remaining digits (00) • the last address in the range has F for the remaining digits (FF) Therefore this range spans 00:03:97:14:7C:00 to 00:03:97:14:7C:FF inclusive (256 addresses). B.4.
Page 101: Vlans : A Primer
Appendix C. VLANs : A primer An Ethernet (Layer 2) broadcast domain consists of a group of Ethernet devices that are interconnected, typically via switches, such that an Ethernet broadcast packet (which specifies a reserved broadcast address as the destination Ethernet address of the packet) sent by one of the devices is always received by all the other devices in the group.
Page 102: Supported Radius Attribute/Value Pairs For Voip Operation
Authenticator Called-Station-Id 30 Local part of To: header Calling-Station-Id 31 Local part of From: header NAS-Identifier 32 Configured hostname of FireBrick NAS-IP-Address 4 Requestor IPv4 address if using IPv4 NAS-IPv6-Address 95 Requestor IPv6 address if using IPv6 NAS-Port 5 Requestor UDP port...
Page 103: Authentication Response
Supported RADIUS Attribute/ Value Pairs for VoIP operation Digest-CNonce 113 Digest CNonce Digest-Nonce-Count 114 Digest Nonce Count (NC) Digest-Username 115 Digest Username Digest-Opaque 116 Digest Opaque SIP-AOR 121 Contact URI Session-Timeout 27 Time from Expires header Acct-Terminate- 49 Only sent for a redirect call routing, the redirect code, e.g. 301/302 Cause D.2.
Page 104: Rejected Authentication
50 SIP Call ID for call leg Acct-Event- 55 Time call started trying Timestamp NAS-Identifier 32 Configured hostname of FireBrick NAS-IP-Address 4 Far end IPv4 address for SIP if using IPv4 NAS-IPv6-Address 95 Far end IPv6 address for SIP if using IPv6...
Page 105: Accounting Stop
Value Pairs for VoIP operation Acct-Event- 55 Time call answered Timestamp NAS-Identifier 32 Configured hostname of FireBrick NAS-IP-Address 4 Far end IPv4 address for SIP if using IPv4 NAS-IPv6-Address 95 Far end IPv6 address for SIP if using IPv6 NAS-Port...
Page 106: Change Of Authorisation
Supported RADIUS Attribute/ Value Pairs for VoIP operation D.7. Change of Authorisation A change of authorisation message is accepted as per RFC5176 Table D.10. Change-of-Authorisation No. Usage Acct-Session-Id 44 Unique ID for session...
Page 107: Firebrick Specific Snmp Objects
Appendix E. FireBrick specific SNMP objects This appendix details the SNMP objects that are specific to the FireBrick. E.1. Monitoring information General monitoring information. Table E.1. iso.3.6.1.4.1.24693.1 ...OID Type Meaning Integer (mV) Voltage: "A" power supply. Should be around 12V. May show a few volts when no...
Page 108: Monitoring Information
FireBrick specific SNMP objects IP.4 Integer Received IPv4 prefixes IP.5 Integer Seconds since last state change IP.6 Integer Received IPv6 prefixes E.3. Monitoring information General monitoring information. Table E.3. iso.3.6.1.4.1.24693.5060 ...OID Type Meaning Integer Number of active call legs Integer Number of RADIUS based incoming registrations 3.n.1...
Page 109: Command Line Reference
Shows how long since the FB6000 restarted. F.1.4. General status show status Shows general status information, including uptime, who owns the FireBrick, etc. This is the same as the Status on the web control pages. F.1.5. Memory usage show memory Shows memory usage summary.
Page 110: Logout
Command line reference F.1.8. Logout logout quit exit You can also use Ctrl-D to exit, or close the connection (if using telnet) F.1.9. See XML configuration show run show configuration Dumps the full XML configuration to the screen F.1.10. Load XML configuration import configuration You then send the XML configuration, ending with a blank line.
Page 111: Networking Commands
Command line reference Shows current DNS resolver list and status. F.2. Networking commands F.2.1. Subnets show subnets show subnet <integer> You can list all current subnets, or details of a specific subnet. This shows the same information as the web status pages for subnets.
Page 112: See Dhcp Allocations
Command line reference F.2.6. See DHCP allocations show dhcp [<IP4Addr>] [table=<routetable>] Shows DHCP allocations, with option to show details for specific allocation. F.2.7. Clear DHCP allocations clear dhcp [ip=<IP4Range>] [table=<routetable>] Allows you to remove one or more DHCP allocations. F.2.8. Lock DHCP allocations lock dhcp ip=<IP4Addr>...
Page 113: Check Access To Services
This can be useful to test fallback scenarios by simulating a fatal error. Note that panic crash logs are emailed to the FireBrick support by default, so please use a meaningful string. e.g. panic "testing fallback" confirm=yes F.5.2.
Page 114: Show Command Sessions
This allows a reverse telnet connection to be made. A TCP connection is made to the IP address (and port) where a user can login. This can be useful where a firewall policy prevents incoming access to allow someone to have access from outside, e.g. the FireBrick support team. F.5.5. Show command sessions show command sessions The FB6000 can have multiple telnet connections at the same time.
Page 115: Constant Quality Monitoring - Technical Details
Appendix G. Constant Quality Monitoring - technical details The FireBrick provides constant quality monitoring. The main purpose of this is to provide a graphical representation of the performance of an interface or traffic shaper • 100 second interval statistics available graphically as svg or png and in text as csv covering at least the last 25 hours (one day) •...
Page 116: Authenticated Access
Constant Quality Monitoring - technical details G.1.3. Authenticated access Authenticate access requires a prefix of a hex sha1 string. e.g. http://host:port/cqm/longhexsha1/circuit.png or http://host:port/cqm/longhexsha1/YYYY-MM-DD/circuit.png. The SHA1 is 40 character hex of the SHA1 hash made from the graph name, the date, and the http-secret. The date is in the form YYYY-MM-DD, and is today's date for undated access (based on local time).
Page 117: Other Colours And Spacing
Constant Quality Monitoring - technical details Table G.3. Text Text Clean output, clears all additional text fields Clean and clear, as z but also sets inside background and off-line colours to transparent so graphs are easy to merge with those other LNSs Line 1 top left text, default if not set in config is system name Line 2 top left text Line 3 top left text...
Page 118: Full Url Format
Constant Quality Monitoring - technical details day in the first 3 hours 46 minutes of the new day (2 hours 46 or 4 hours 46 when clocks change in previous day). As such it is recommended that over night archiving is done of the previous day just after midnight. The recommended command to run just after midnight is wget -m http://host:port/cqm/`date +%F -dyesterday`/z/ as this will create a directory for the server, cqm, date, and z, and then the files.
Page 119: Graph Scores
Constant Quality Monitoring - technical details G.4. Graph scores Graphs are scored based on settings in the config. Each 100 second sample has a score which is included in the csv and xml lists for any graph. The score is also totalled for a graph as a whole and included in the csv and xml list of all graphs.
Page 120: Hashed Passwords
It is still important to keep the configuration hashes safe, as someone could use the hashes to try millions of passwords off-line before trying to log in to a FireBrick. For this reason it is also important to use good passwords that cannot be guessed, and are not simply made from normal dictionary words.
Page 121: One Time Password Seed Hashing
OTP sequence to be generated, not simply checked (as is the case with a password hash). The issue with encrypting the OTP seed is that the FireBrick has to be able to decrypt it so as to check the OTP sequence used.
Page 122 Hashed passwords • N bytes: The OTP seed XOR with the hash made from the password with salt appended. If seed is longer than hash then only initial hash length bytes are XOR'd. • S bytes: Seed bytes, should be random. •...
Page 123: Configuration Objects
Appendix I. Configuration Objects This appendix defines the object definitions used in the FireBrick FB6502 (VoIP) configuration. Copyright © 2008-16 FireBrick Ltd. I.1. Top level I.1.1. config: Top level config The top level config element contains all of the FireBrick configuration data.
Page 124: Objects
Configuration Objects I.2. Objects I.2.1. system: System settings The system settings are the top level attributes of the system which apply globally. Table I.3. system: Attributes Attribute Type Default Description busy-threshold unsignedInt Max non-idle time before damping eth rx (millisec) comment string Comment...
Page 125: Link: Web Links
Configuration Objects link link Optional, unlimited Home page links I.2.2. link: Web links Links to other web pages Table I.5. link: Attributes Attribute Type Default Description comment string Comment name string Link name profile NMTOKEN Profile name source string Source of data, used in automated config management text string...
Page 126: Log: Log Target Controls
Configuration Objects comment string Comment full-name string Full name methods Set of eap-method Not optional Allowed methods name string Not optional User or account name password Secret Not optional User password profile NMTOKEN Profile name source string Source of data, used in automated config management subsystem eap-subsystem...
Page 127: Log-Email: Email Logger Settings
Configuration Objects severity syslog-severity NOTICE Severity setting source string Source of data, used in automated config management source-ip IPAddr Use specific source IP system-logs boolean Include generic system log messages as well table (unsignedByte 0-99) Routing table number for sending syslogs routetable I.2.7.
Page 128: Snmp-Service: Snmp Service Settings
Ethernet subnets only NMTOKEN Not logging Log events log-debug NMTOKEN Not logging Log debug log-error NMTOKEN Log as event Log errors ntpserver List of IPNameAddr ntp.firebrick.ltd.uk List of time servers (IP or hostname) from which time may be set by ntp...
Page 129: Telnet-Service: Telnet Service Settings
Configuration Objects poll duration 1:00:00 NTP poll rate profile NMTOKEN Profile name source string Source of data, used in automated config management table (unsignedByte 0-99) Routing table number routetable tz1-name string Timezone 1 name tz1-offset duration Timezone 1 offset from UTC tz12-date (unsignedByte 1-31) Timezone 1 to 2 earliest date in month...
Page 130: Dns-Service: Dns Service Settings
Configuration Objects Table I.16. http-service: Attributes Attribute Type Default Description access-control- string Additional header for cross site javascript allow-origin allow List Allow from List of IP ranges from which service can be IPNameRange anywhere accessed comment string Comment css-url string Additional CSS for web control pages local-only boolean...
Page 131: Dns-Host: Fixed Local Dns Host Settings
Configuration Objects resolvers-table (unsignedByte 0-99) as table / 0 Routing table for specified resolvers routetable source string Source of data, used in automated config management table (unsignedByte 0-99) Routing table number routetable Table I.18. dns-service: Elements Element Type Instances Description block dns-block Optional, unlimited Fixed local DNS host blocks...
Page 132: Radius-Service: Radius Service Definition
Configuration Objects table (unsignedByte 0-99) Routing table applicable routetable unsignedInt Time to live I.2.16. radius-service: RADIUS service definition RADIUS server and proxy definitions Table I.21. radius-service: Attributes Attribute Type Default Description acct-port unsignedShort 1813 Accounting UDP port auth-port unsignedShort 1812 Authentication UDP port authenticator boolean...
Page 133: Radius-Service-Match: Matching Rules For Radius Service
Configuration Objects tagged boolean Tag all attributes that can be target-hostname string Hostname for L2TP connection target-ip List of IPNameAddr - Target IP(s) or hostname for primary L2TP connection target-secret Secret Shared secret for L2TP connection test List of IPAddr List of IPs that must have routing for this target to be valid (deprecated) tunnel-assignment-...
Page 134: Radius-Server: Radius Server Settings
Configuration Objects nas-ip List Match NAS-IP address in RADIUS request IPNameRange nsn-conditional boolean Only send NSN settings if username is not same as calling station id nsn-tunnel-override- unsignedByte Additional response for GGSN usage username nsn-tunnel-user- unsignedInt Additional response for GGSN usage auth-method order radiuspriority...
Page 135: Ethernet: Physical Port Controls
Configuration Objects profile NMTOKEN Profile name queue unsignedInt Concurrent requests over all of these servers (per type) scale-timeout unsignedByte Timeout scaling factor secret Secret Not optional Shared secret for RADIUS requests source string Source of data, used in automated config management table (unsignedByte 0-99)
Page 136: Portdef: Port Grouping And Naming
Configuration Objects comment string Comment (unsignedShort 1500 576-2000) mtu name string Name profile NMTOKEN Profile name protocol sampling-protocol sflow Protocol used to export sampling data sample-flush duration 1 sec for sFlow; 30 Sample max cache time for IPFIX sample-rate (unsignedShort 1000 Sample rate (uniform random prob 1/N) 100-10000) sample-...
Page 137: Subnet: Subnet Settings
Optional, unlimited IP subnet on the interface vrrp vrrp Optional, unlimited VRRP settings I.2.23. subnet: Subnet settings Subnet settings define the IP address(es) of the FireBrick, and also allow default routes to be set. Table I.30. subnet: Attributes Attribute Type Default...
Page 138: Vrrp: Vrrp Settings
Test link state using ARP/ND for this IP unsignedByte TTL for originating traffic via subnet I.2.24. vrrp: VRRP settings VRRP settings provide virtual router redundancy for the FireBrick. Profile inactive does not disable vrrp but forces vrrp low priority. Table I.31. vrrp: Attributes Attribute...
Page 139: Dhcps: Dhcp Server Settings
Configuration Objects priority unsignedByte Normal priority profile NMTOKEN Profile name source string Source of data, used in automated config management test List of IPAddr List of IPs to which routing must exist else low priority (deprecated) use-vmac boolean true Whether to use the special VMAC or use normal MAC version3 boolean...
Page 140: Dhcp-Attr-Hex: Dhcp Server Attributes (Hex)
Configuration Objects send dhcp-attr-hex Optional, unlimited Additional attributes to send (hex) send-ip dhcp-attr-ip Optional, unlimited Additional attributes to send (IP) send-number dhcp-attr-number Optional, unlimited Additional attributes to send (numeric) send-string dhcp-attr-string Optional, unlimited Additional attributes to send (string) I.2.26. dhcp-attr-hex: DHCP server attributes (hex) Additional DHCP server attributes (hex) Table I.34.
Page 141: Dhcp-Attr-Ip: Dhcp Server Attributes (Ip)
Configuration Objects vendor boolean Add as vendor specific option (under option 43) I.2.29. dhcp-attr-ip: DHCP server attributes (IP) Additional DHCP server attributes (IP) Table I.37. dhcp-attr-ip: Attributes Attribute Type Default Description comment string Comment force boolean Send even if not requested unsignedByte Not optional Attribute type code/tag...
Page 142: Blackhole: Dead End Networks
Configuration Objects bgpmode true BGP announce mode for routes comment string Comment List of IPPrefix Not optional One or more network prefixes localpref unsignedInt 4294967295 Localpref of network (highest wins) name string Name profile NMTOKEN Profile name source string Source of data, used in automated config management table (unsignedByte 0-99)
Page 143: Namedbgpmap: Mapping And Filtering Rules Of Bgp Prefixes
Configuration Objects name string Name profile NMTOKEN Profile name source string Source of data, used in automated config management table (unsignedByte 0-99) Routing table number routetable List of Community - List of community tags I.2.34. namedbgpmap: Mapping and filtering rules of BGP prefixes This defines a set of named rules for mapping and filtering of prefixes to/from a BGP peer.
Page 144: Bgp: Overall Bgp Settings
Configuration Objects I.2.36. bgp: Overall BGP settings The BGP element defines general BGP settings and a list of peer definitions for the individual BGP peers. Table I.45. bgp: Attributes Attribute Type Default Description unsignedInt Our AS blackhole- Community Community tag to mark black hole routes community cluster-id IP4Addr...
Page 145 Configuration Objects capability-mpe-ipv4 boolean true If supporting MPE for IPv4 capability-mpe-ipv6 boolean true If supporting MPE for IPv6 capability-route- boolean true If supporting Route Refresh refresh clean-shutdown- duration Send peers low priority and delay on wait shutdown comment string Comment drop-default boolean false...
Page 146: Bgpmap: Mapping And Filtering Rules Of Bgp Prefixes
Configuration Objects timer-openwait unsignedInt Time to wait for OPEN on connection timer-retry unsignedInt Time to retry the neighbour ttl-security byte Enable RFC5082 TTL security (if +ve, 1 to 127), i.e. 1 for adjacent router. If -ve (-1 to -128) set forced sending TTL, i.e. -1 for TTL of 1 sending, and not checking.
Page 147 Configuration Objects axis Colour black Axis colour background Colour white Background colour bottom unsignedByte Pixels space at bottom of graph dateformat string %Y-%m-%d Date format dayformat string Day format fail Colour Colour for failed (dropped) seconds fail-level unsignedInt Fail level not expected on low usage fail-level1 unsignedByte Loss level 1...
Page 148: Profile: Control Profile
Configuration Objects NMTOKEN Not logging Log events Colour green Colour for maximum latency Colour #008 Colour for minimum latency ms-max positiveInteger ms max height Colour #c8f Colour for off line seconds outside Colour transparent Colour for outer border Colour #f8c Colour for off line seconds right unsignedByte...
Page 149: Profile-Date: Test Passes If Within Any Of The Time Ranges Specified
Configuration Objects log-debug NMTOKEN Not logging Log additional information name NMTOKEN Not optional Profile name NMTOKEN Active if specified profile is inactive as well as all other tests passing, including 'and' List of NMTOKEN - Active if any of these other profiles are active regardless of other tests (including 'not' or 'and') ports...
Page 150: Profile-Time: Test Passes If Within Any Of The Date/Time Ranges Specified
Configuration Objects I.2.42. profile-time: Test passes if within any of the date/time ranges specified Time range test in profiles Table I.55. profile-time: Attributes Attribute Type Default Description comment string Comment days Set of day Which days of week apply, default all source string Source of data, used in automated config...
Page 151: Voip: Voice Over Ip Config
Configuration Objects I.2.45. voip: Voice over IP config Voice over IP config Table I.58. voip: Attributes Attribute Type Default Description area-code string Local area code (without national prefix) auth-source-ip4 IP4Addr Default IPv4 source address to use when sending authenticated messages auth-source-ip6 IP6Addr Default IPv6 source address to use when...
Page 152: Carrier: Voip Carrier Details
Send RADIUS auth to get challenge response radius-register string Name for RADIUS server config to use for registrations realm string FireBrick Default realm record-beep record-beep-option true Send beep at start of recording record-mandatory boolean Drop call if recording fails...
Page 153 Configuration Objects extn string Local number assumed for incoming call, use X for digits from end of called numbers force-dtmf boolean Always send DTMF in-band from string From SIP address for outbound registration and invites hold-tone boolean true Send hold tones to carrier incoming-format voip-format national...
Page 154: Telephone: Voip Telephone Authentication User Details
Configuration Objects I.2.47. telephone: VoIP telephone authentication user details VoIP telephone details Table I.61. telephone: Attributes Attribute Type Default Description allow List Allow from List of IP ranges from which registration IPNameRange anywhere accepted allow-pickup List of string Allow all if PABX Only allow pickup from these extensions mode allow-subscribe...
Page 155: Tone: Tone Definitions
Configuration Objects username string Authentication username wrap-up duration Wrap up time before new call I.2.48. tone: Tone definitions Definition of tones used Table I.62. tone: Attributes Attribute Type Default Description name NMTOKEN Not optional Tone name plan string Not optional Plan for frequency and duration, e.g.
Page 156: Dhcp-Relay: Dhcp Server Settings For Remote / Relayed Requests
Configuration Objects progress-time duration Time between each target called redirect boolean Allow calls to be diverted before ringing ring List of string Numbers to ring ringall-time duration Switch to ring all after this time at head of queue source string Source of data, used in automated config management type...
Page 157: User-Level: User Login Level
Configuration Objects none No access unless explicitly listed view View only access (no passwords) read Read only access (with passwords) full Full view and edit access I.3.3. user-level: User login level User login level - commands available are restricted according to assigned level. Table I.68.
Page 158: Syslog-Facility: Syslog Facility
Configuration Objects INFO Informational DEBUG Debug level messages NO-LOGGING No logging I.3.7. syslog-facility: Syslog facility Syslog facility, usually used to control which log file the syslog is written to. Table I.72. syslog-facility: Syslog facility Value Description KERN Kernel messages USER User level messges MAIL Mail system...
Page 159: Day: Day Name (3 Letter)
Configuration Objects April June July August September October November December I.3.9. day: Day name (3 letter) Table I.74. day: Day name (3 letter) Value Description Sunday Monday Tuesday Wednesday Thursday Friday Saturday I.3.10. radiuspriority: Options for controlling platform RADIUS response priority tagging Table I.75.
Page 160: Port: Physical Port
Configuration Objects authentication Authentication server accounting Accounting server control Allowed to send control (CoA/DM) I.3.12. port: Physical port Table I.77. port: Physical port Value Description Port 0 (left) Port 1 (right) I.3.13. Crossover: Crossover configuration Physical port crossover configuration. Table I.78. Crossover: Crossover configuration Value Description auto...
Page 161: Linkclock: Physical Port Gigabit Clock Master/Slave Setting
Configuration Objects send-pauses Can send pauses but does not support pause reception Can receive pauses and may send pauses if required I.3.17. LinkClock: Physical port Gigabit clock master/ slave setting Table I.82. LinkClock: Physical port Gigabit clock master/slave setting Value Description prefer-master Master status negotiated;...
Page 162: Linkfault: Link Fault Type To Send
Configuration Objects I.3.21. LinkFault: Link fault type to send Table I.86. LinkFault: Link fault type to send Value Description false No fault true Send fault off-line Send offline fault (1G) Send ANE fault (1G) I.3.22. sampling-protocol: Sampling protocol Table I.87. sampling-protocol: Sampling protocol Value Description sflow...
Page 163: Bgpmode: Bgp Announcement Mode
Configuration Objects false Don't set bit or answer on DHCPv6 true Set bit but do not answer on DHCPv6 dhcpv6 Set bit and do answer on DHCPv6 I.3.26. bgpmode: BGP announcement mode BGP mode defines the default advertisement mode for prefixes, based on well-known community tags Table I.91.
Page 164: Switch: Profile Manual Setting
Configuration Objects customer EBGP Allow export as if confederate, only accept peer AS internal IBGP allowing own AS reflector IBGP allowing own AS and working in route reflector mode confederate EBGP confederate Internet exchange point peer on route server, soft routes EBGP only I.3.30.
Page 165: Ring-Group-Order: Order Of Ring
Configuration Objects I.3.34. ring-group-order: Order of ring Table I.99. ring-group-order: Order of ring Value Description strict Order in config random Random order cyclic Cycling from last call oldest Oldest used phone first I.3.35. ring-group-type: Type of ring when one call in queue Table I.100.
Page 166 Configuration Objects NMTOKEN String with no spaces void Internal use IPAddr IP address IPNameAddr IP address or name IP4Addr IPv4 address IP6Addr IPv6 address IPPrefix IP address / bitlen IPRange IP address / bitlen or range IPNameRange IP address / bitlen or range or name IP4Range IPv4 address / bitlen or range IP4Prefix...
Page 167 Configuration Objects prefixlist List of IP Prefixes (IPPrefix) aslist List of AS numbers (unsignedIntList) unsignedIntList List of integers (unsignedInt) communitylist List of BGP communities (Community) filterlist List of IP Prefix filters (IPFilter) bgp-prefix-limit Maximum prefixes accepted on BGP session (1-10000) (unsignedInt) iprangelist List of IPranges (IPRange) sip-error...
Page 168: Index
defining, 33 Index Ethernet, 33 relationship with physical ports, 33 LEDs overview, 72 Power LED - status indications, 27 Boot process, 27 Log targets, 28 Breadcrumbs, 12 Logging (see Event logging) Configuration Navigation buttons backing up and restoring, 16 in user interface, 15 categories (user interface), 12 NTP (Network Time Protocol) methods, 10...
Page 169 Index list of, 50 Telnet service configuration, 51 Time-out login sessions, 21 Traffic shaping overview, 47 User Interface customising layout, 11 general layout, 11 navigation, 15 overview, 10 Users creating / configuring, 20 login level, 20 restricting logins by IP address, 21 Virtual Router Redundancy Protocol (VRRP), 59 virtual router, definition of, 59 VRRP versions, 60...

This manual is also suitable for:

Fb6102 Fb6302

FireBrick FB6502 User Manual

1 Introduction

2 Getting Started

3 Configuration

4 System Administration

5 Event Logging

6 Interfaces and Subnets

7 Routing

8 Profiles

9 Traffic Shaping

10 System Services

11 Network Diagnostic Tools

12 Vrrp

13 Voip

14 Bgp

15 Command Line Interface

Quick Links

User Manual

Need help?

Questions and answers

Related Manuals for FireBrick FB6502

Summary of Contents for FireBrick FB6502