Arris NVG599 Administrator's Handbook

Vdsl2 gateway

Hide thumbs Also See for NVG599:

Administrator's manual (50 pages)

Self-installation manual (3 pages)

Self-installation manual (2 pages)

Table of Contents

Quick Links

Troubleshooting

Need help?

Do you have a question about the NVG599 and is the answer not in the manual?

Questions and answers

Tammy

June 28, 2025

The gateway has AC power but none of the status indicator light are lit up. All are blank. Does this mean the gateway needs to be replaced?

Summary of Contents for Arris NVG599

Page 1 Administrator’s Handbook ARRIS Embedded Software Version 9.1.0 ® ARRIS NVG599 VDSL2 Gateway ®...
Page 2 Copyright ©ARRIS Enterprises, Inc. 2013 All rights reserved. No part of this publication may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from ARRIS Enterprises, Inc.
Page 3: Table Of Contents
........17 Set up the ARRIS Gateway .
Page 4 Administrator’s Handbook Home Network Tab ........39 Configure .
Page 5 Table of Contents WAN Commands ..........116 About CONFIG Commands .
Page 6 Open Source Software Information ........189 Appendix A - ARRIS Gateway Captive Portal Implementation ..213 Overview .
Page 7: Chapter 1 Introduction
This guide describes the wide variety of features and functionality of the ARRIS NVG599 Gateway, when used in Router mode. The NVG599 device can also be delivered in Bridge mode. In Bridge mode, the NVG599 acts as a pass-through device and allows the workstations on your LAN to have public addresses directly on the Internet.
Page 8: Documentation Conventions
Administrator’s Handbook Documentation Conventions This manual uses the following conventions to present information. General The following typographic conventions are used in this guide. Convention Description bold sans serif Menu commands and button names underlined sans serif Web GUI page links Computer display text terminal User-entered text...
Page 9: Organization
It includes a table of style conventions. Chapter 2, “Device Configuration” — Describes how to get up and running with your NVG599. Chapter 3, “Basic Troubleshooting” — Gives some simple suggestions for troubleshooting problems with the initial configuration of your NVG599.
Page 10 Administrator’s Handbook...
Page 11: Chapter 2 Device Configuration
Most users will find that the basic Quick Start configuration is sufficient to meet their needs. The Quick Start section may be all that you need to configure and use your ARRIS NVG599 Gateway. For more advanced users, a rich feature set is available. The following instructions cover installation in Router mode.
Page 12: Important Safety Instructions
Important Safety Instructions POWER SUPPLY INSTALLATION Connect the power supply cord to the power jack on the NVG599. Plug the power supply into an appropriate electrical outlet. There is no power (on / off) switch to power off the device.
Page 13: Status Indicator Lights
Status Indicator Lights Colored LEDs on your NVG599 indicate the activity status of various ports. ARRIS NVG599 Status Indicator Lights Side View Power Battery Ethernet WiFi HomePNA Broadband 1 Broadband 2 Service Phone 1 Phone 2 Activity Solid Green = The device is powered.
Page 14 Administrator’s Handbook Activity Solid Green = Powered device connected to the associated port (includes devices with wake-on-LAN capability where a slight voltage is supplied to the Ethernet connection). Flickering Green = Activity seen from devices associated with the port. The flickering of the light is Ethernet synchronized to actual data traffic.
Page 15: Rear View
Off = The device is not powered, or no powered devices are connected to the associated ports. NOTE: The NVG599 supports two VoIP lines over one RJ14 (FXS) VoIP port. In order to connect two phone lines, the supplied inner/outer pair splitter adapters must be attached to the RJ14 (FXS) VoIP port in order to terminate both lines.
Page 16: Battery Installation (Optional)
The battery used in this device may present a risk of fire or chemical burn if mistreated. Do not disassemble, heat above manufacturer’s maximum temperature limit, or incinerate. Replace battery with ARRIS P/N 586185-002-00 only. Use of another battery may present a risk of fire or explosion.
Page 17: Battery Door Instructions
Battery Door Instructions 1. Place NVG599 unit on a tabletop with the battery door side up. 2. Push in and upward to open the battery door as shown in Figure 1. Figure 1 Figure 2 Figure 3 3. Swing back the battery door. See Figure 2.
Page 18: Set Up The Arris Gateway
Set up the ARRIS Gateway Refer to your Quick Start Guide for instructions on how to connect your NVG599 to your power source, PC, or local area network, and your Internet access point, whether it is a dedicated DSL outlet or a DSL or cable modem.
Page 19 Windows Vista 3. Set the radio buttons to the values shown above, and click the OK button.
Page 20: Macintosh Macos 8 Or Higher Or Mac Os X
Administrator’s Handbook Macintosh MacOS 8 or higher or Mac OS X: 1. Access the TCP/IP or Network control panel. Mac OS X follows a path like this: Apple Menu -> System Preferences -> Network MacOS Classic follows a path like this: Apple Menu ->...
Page 21: Accessing The Web Management Interface
1. Run your Web browser application, such as Firefox or Microsoft Internet Explorer, from the computer con- nected to the NVG599 device. 2. Enter http://192.168.1.254 in the Location text box. While the NVG599 is determining the broadband network type, the following screen appears. The Device Status page appears.
Page 22: Broadband Network Redirect Pages
Administrator’s Handbook 3. Check to make sure the Broadband and Service LEDs on your NVG599 device are lit to verify that the GREEN connection to the Internet is active. Congratulations! Your installation is complete. You can now surf to your favorite Web sites by typing a URL in your browser’s location box or by selecting one of your favorite Internet bookmarks.
Page 23: Ip Diagnostics Page Redirect
IP Diagnostics Page Redirect In the event that your connection to the Internet fails, the on your NVG599 device flashes Broadband LED and you are redirected to the page. IP Diagnostics Follow the on-screen troubleshooting suggestions. For additional troubleshooting information, see “Diagnostics”...
Page 24: Device Status Page
Administrator’s Handbook Device Status Page After you have performed the basic Easy Login configuration, any time you log in to your NVG599 you will access the NVG599 Home page. To access the Home page, type http://192.168.1.254 in your Web browser’s location box.
Page 25 The Device Status page appears. DeviceStatusWindow...
Page 26 Network ID (SSID) The name or ID that is displayed to a client scan. The default SSID for the NVG599 is attxxx where xxx is the last 3 digits of the serial (WiFi) number located on the side of the NVG599.
Page 27: Tab Bar
Tab Bar The tab bar is located at the top of every page, allowing you to move freely about the site. The tabs reveal a succession of pages that allow you to manage or configure several features of your Gateway. Each tab is described in its own section.
Page 28: Device List
When you click the link, the Device List page appears. The page displays the following summary information for each home network device connected to the NVG599 device on your local area network: IPv4 address, network name, MAC address, and other status information.
Page 29: System Information
System Information Manufacturer Manufacturer’s identifier name. Model Number Manufacturer’s model number. Serial Number Unique serial number of your device. Software Version Version number of the current embedded software in your device. MAC Address Unique hardware address of this NVG599 unit.
Page 30: Access Code
Administrator’s Handbook First Use Date Date and time the NVG599 device is first used. This field changes to the current date and time after a reset to factory defaults. Time Since Last Reboot Elapsed time since last reboot of the device in days:hr:min:sec.
Page 31: Remote Access
Numeric (number) characters Special characters (! @ # $ % ^ & * , etc) 2. If necessary, set a custom port number for secure HTTP access to the NVG599 remote access session in the Port Value field. 3. Click the radio button that describes the type of remote access to allow: Read only access - to allow the remote access session to view, but not change, the configuration and col- lected statistics of the gateway.
Page 32: Battery
Link: Battery The Battery page shows the condition and status of the NVG599 internal battery, and provides control over the battery condition audible alarm. The battery condition audible alarm provides an on-hook ringing signal on a connected telephone if the NVG599 battery needs recharging or replacing.
Page 33: Restart Device
Link: Restart Device When the NVG599 is restarted, it will disconnect all users, initialize all its interfaces, and load the operating system software. In some cases, when you make configuration changes, you may be required to restart for the changes to take...
Page 34: Broadband Tab
Administrator’s Handbook Broadband Tab Links available on the Broadband tab provide access to pages that allow you to view information about the broadband connection and configure connection details. Link: Broadband Status Broadband When you click the tab, the Broadband page is the first to appear. Status...
Page 35 NVG599 device’s WAN connection(s) to the Internet. Status Broadband Status Broadband Connection The communications technology providing the NVG599 broadband uplink. Source Broadband Connection May be Up (connected) or Down (disconnected). Broadband IPv4 Address The public IP address of your device, whether dynamically or statically assigned.
Page 36 Administrator’s Handbook Loss of Signal The absence of any signal for any reason, such as a disconnected cable or loss of power. Loss of Frame A signal is detected but the device cannot sync with signal because of mismatched protocols, wrong ISP connection configuration, or faulty cable. FEC Errors Forwarded Error Correction errors.
Page 37: Configure
Link: Configure Configure When you click the link, the Broadband screen appears. Here you can reconfigure your Configure type of broadband connection should it change in the future. - Auto (automatically detected), DSL - Line 1, DSL - Line 2, DSL - Line 1 / Line -2 Broadband Source Override (Bonded), or Ethernet WAN.
Page 38: Igmp Stats
Administrator’s Handbook Link: IGMP Stats IGMP Stats When you click the link, the screen appears. The IGMP statistics screen reports IGMP IGMP Stats proxy groups and multicast forwarding information. It also displays a packet counter.
Page 39: Home Network Tab
Home Network When you click the tab, the Home Network Status page appears. The Home Network Status page displays information about the NVG599 device’s local area network. Run Congestion Detection If you click the button, the device will generate statistics for each of the 11...
Page 40 May be either On or Off for the 2.4 Ghz radio only. Network Name (SSID) The name or ID that is displayed to a client scan. The default SSID for the NVG599 is attxxx where xxx is the last 3 digits of the serial number located on the side of the NVG599 device.
Page 41: Wireless Scan
Password Shows the information of the security encryption key in use. WiFi Network Statistics Transmit Bytes Number of bytes transmitted on the Wi-Fi network. Receive Bytes Number of bytes received on the Wi-Fi network. Transmit Packets Number of packets transmitted on the Wi-Fi network. Receive Packets Number of packets received on the Wi-Fi network.
Page 42: Configure
Administrator’s Handbook Link: Configure Configure When you click the link, the page for the Ethernet LAN appears. Configure For each Ethernet Port, 1 through 4, you can select: – Auto (the default self-sensing rate), 10M full- or half-duplex, 100M full- or half-duplex, or 1G Ethernet full- or half-duplex.
Page 43: Wifi
May be either On or Off for the 2.4 Ghz radio only. Network Name (SSID) The name or ID that is displayed to a client scan. The default SSID for the NVG599 is attxxx where xxx is the last 3 digits of the serial number located on the side of the device.
Page 44 WiFi Operation abled, and the wireless access point will not provide or broadcast its wireless LAN services. – The drop-down menu allows you to select and lock the NVG599 into the wireless transmission mode Mode you want: A/C, B/G/N, B-only, B/G, G-only, or N-only.
Page 45: Wireless Security
Wireless Security By default, wireless security is set to WPA-PSK with a pre-defined WPA-Default Key Other options are available from the Security drop-down menu: WEP security is a privacy option that is based on encryption between the router and any PCs WEP - Manual: (clients) you have with wireless cards.
Page 46: Mac Filtering
Administrator’s Handbook : You must enter a key using hexadecimal digits. For 40/64-bit encryption, you need ten digits; 26 digits for 128-bit WEP. Hexadecimal characters are 0 – 9, and a – f. Examples: 40 bits: 02468ACE02 128 bits: 0123456789ABCDEF0123456789 Any WEP-enabled client must have an identical key of the same length as the router, in order to successfully receive and decrypt the traffic.
Page 47: Subnets & Dhcp
Save Click the button. You can add or delete any of your entries later by returning to this page. Link: Wireless Scan Your device automatically checks for the best channel to broadcast wireless services. However, in some cases it may be useful to switch to a different channel (1 through 11, for North America) on which the network will broadcast.
Page 48 The server configuration determines the functionality of your DHCP settings. This functionality enables the NVG599 to assign your LAN computer(s) a “private” IP address and other parameters that allow network communication. This feature simplifies network administration because the NVG599 maintains a list of IP address assignments.
Page 49: Ip Allocation
IP address for a client device. When IP allocation is enabled for a client, that device is assigned a pre-determined IP address by the DHCP server of the NVG599. IP allocation lets you set up client devices as common DHCP systems, but ensures that they always receive the same IP address from the gateway.
Page 50 Administrator’s Handbook The IP Allocation window for the client opens. 3. Scroll through the New Allocation values and select the address or method to use for the client’s DHCP assignment: • Click Address from DHCP Pool to set the client to accept any valid DHCP address available (standard operation).
Page 51: Hpna
When you click the link, the HPNA Network page appears. The HPNA Network page displays information about the NVG599 gateway’s HPNA-connected devices in 15-minute intervals. You can test the performance of each station to Run extended Test station pair by clicking the button.
Page 52 Administrator’s Handbook Interval statistic fields supply the following information: Label Statistic Displayed Short Tx Pkt Transmitted Packets Short Rx Pkt Received Packets CRC Errors Rx Receipt errors Dropped Tx Transmit packets dropped Dropped Rx Receipt packets dropped Tx Error % Percentage of transmitted errors Rx Error % Percentage of receipt errors...
Page 53: Voice
Voice When you click the Voice tab, the Voice Status page appears. Voice-over-IP (VoIP) refers to voice telephone calls transmitted over the Internet. This type of service differs from traditional phone service that uses the Public Switched Telephone Network (PSTN). VoIP calls use an Internet protocol, Session Initiation Protocol (SIP), to transmit sound over a network or the Internet in the form of data packets.
Page 54: Line Details
Administrator’s Handbook Link: Line Details Line Details When you click the link, the Line Details page appears. Register If your service provider has enabled your VoIP phone lines, you can register them by clicking the Line 1 Register Line 2 button.
Page 55: Call Statistics
Link: Call Statistics Call Statistics When you click , the Call Statistics page appears.
Page 56 Administrator’s Handbook , the two available phone lines, the Call Statistics page displays the following information: Line 1 Line 2 Call Statistics - Line 1 and Line 2 Last Call/Cumulative – Incoming/Outgoing RTP Packet Loss Real-time Transport Protocol packets dropped RTP Packet Loss percentage Percent of Real-time Transport Protocol packets dropped Total RTCP Packets...
Page 57 , the two available phone lines, the Call Summary section displays the following Line 1 Line 2 information: Call Summary - Line 1 and Line 2 Current Call/Last Completed Call Call Timestamp Date and time of the current call Type May be Incoming or Outgoing Duration Length of time in seconds of call connection...
Page 58 Administrator’s Handbook The following table shows VoIP line states during various conditions. VoIP Line Hook state WAN IP Reg-state Tone Voltage On/Off-hook Idle Disabled On-hook Registered Solid Enabled Off-hook Registered Dial tone Blink Enabled On/Off hook Failure Enabled On/Off hook Down Idle Enabled...
Page 59: Firewall
Firewall Firewall When you click the tab, the Firewall Status page appears. The Firewall page displays the status of your system firewall elements. All computer operating systems are vulnerable to attack from outside sources, typically at the operating system or Internet Protocol (IP) layers. Stateful Inspection firewalls intercept and analyze incoming data packets to determine whether they should be admitted to your private LAN, based on multiple criteria, or blocked.
Page 60: Packet Filter
ARRIS’s packet filters are designed to provide security for the Internet connections made to and from your network. You can customize the ’s filtersets for a variety of packet filtering applications.
Page 61 Parts of a Filter A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the following attributes: The source IP address (where the packet was sent from) The destination IP address (where the packet is going) The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP Other Filter Attributes There are three other attributes to each filter:...
Page 62: Working With Packet Filters
Administrator’s Handbook Working with Packet Filters To work with filters: 1. Accessing the Packet Filter page by clicking the Packet Filter link. Enable/Disable Packet Filters 2. Globally turn filters on or off by clicking the button. Add a ‘Drop’ Rule Add a ‘Pass’...
Page 63 If the Force Routing filter is applied to source IP addresses, it may inadvertently block communication with the router itself. You can avoid this by preceding the Force Routing filter with a filter that matches the desti- nation IP address of the NVG599 device itself.
Page 64 Administrator’s Handbook Example: Assume a configured Custom Service/Hosted Application for an internal web server whose global port range is 8080-8080. Also assume that we want to allow only one external subnet access to this internal server: 207.53.17.0/24. And finally, assume that we want to disallow one IP address on that subnet, 207.53.17.9, from access to that same server (perhaps they were abusing the system in some way).
Page 65 Example 2 The following example uses the GUI to detail how to create a public subnet. 1. Select Home Network -> Subnets & DHCP from the Web management GUI. 2. Select On from the Public Subnet Enable drop-down menu. 3. Enter all applicable public subnet IP address information and select Save at the bottom of the view. 4.
Page 66 Administrator’s Handbook 6. Select the Add Match button below the new rule created above. This opens the Match Entry view. 7. For this example, the filter will be made based on a TCP port. Select Protocol from the Match Type drop- down menu.
Page 67: Nat/Gaming
Link: NAT/Gaming NAT/Gaming When you click the link, the NAT/Gaming page appears. The NAT/Gaming feature allows you to host internet applications when NAT (network address translation) is enabled. You can host different games and software on different PCs. From the drop-down menu, you can select any of a large number of predefined games and software.
Page 68 Administrator’s Handbook For each supported game or service, you can view the protocols and port ranges used by the game or service Service Details by clicking the button. For example: 1. Select a hosting device from the Needed by Device drop-down menu. 2.
Page 69: Custom Services
Range of ports on which incoming traffic will be received. Global Port Range: The port number at the start of the port range your NVG599 device should use when for- Base Host Port: warding traffic of the specified type(s) to the internal IP address.
Page 70 Administrator’s Handbook Each time you add a custom service, your entry will be added to the list of service names displayed on the Custom Services page. Changes are saved immediately. Delete To remove this Service, click the button. Edit To edit this Service, click the button.
Page 71 List of Supported Games and Software AIM Talk Act of War - Direct Action Age of Empires II Age of Empires, v.1.0 Age of Empires: The Rise of Rome, Age of Mythology v.1.0 Age of Wonders America's Army Apache Asheron's Call Azureus Baldur's Gate I and II Battlefield 1942...
Page 72 Administrator’s Handbook Midtown Madness, v 1.0 Monster Truck Madness 2, v 2.0 Monster Truck Madness, v 1.0 Motocross Madness 2, v 2.0 Motocross Madness, v 1.0 NNTP Need for Speed 3, Hot Pursuit Need for Speed, Porsche Net2Phone Operation FlashPoint Outlaws POP-3 PPTP...
Page 73: Ip Passthrough
IP Passthrough The IP Passthrough feature allows a single PC on the LAN to have the ARRIS Gateway’s public address assigned to it. It also provides PAT (port address translation) (or NAPT – network address and port translation) via the same public IP address for all other hosts on the private LAN subnet.
Page 74 . Changes take effect upon restart. A Restriction Because both the NVG599 device and the passthrough host will use the same IP address, new sessions that conflict with existing sessions will be rejected by the NVG599. For example, suppose you are a teleworker using an IPSec tunnel from the router and from the passthrough host.
Page 75 The NAT default server feature allows you to: Direct your NVG599 device to forward all externally initiated IP traffic (TCP and UDP protocols only) to a default host on the LAN, specified by your entry in the Internal Address field.
Page 76: Firewall Advanced
Stateful Inspection parameters are active on a WAN interface only if enabled on your NVG599 device. Stateful inspection can be enabled on a WAN interface whether NAT is enabled or not. DoS Protection – Denial-of-service (DoS) attacks are common on the Internet, and can render an individual PC or a whole network practically unusable by consuming all its resources.
Page 77 Menu item Function Flood Limit Whether packet flooding should be detected and offending packets be dropped; On or Off. Flood rate limit Specifies the number limit of packets per second before dropping the remainder. Flood burst limit Specifies the number limit of packets in a single burst before dropping the remainder.
Page 78: Diagnostics
Administrator’s Handbook Diagnostics Diagnostics When you click the tab, the Troubleshoot page appears. This automated multi-layer test examines the functions of the router from the physical connections to the data traffic being sent by users through the router. Run Full Diagnostics You can run all the tests in order by clicking the button.
Page 79 Internet access tests send a ping from the modem to either the LAN or WAN to verify connectivity. A ping could be either an IP address (163.176.4.32) or domain name (www.arris.com). You enter a Web address URL or an IP address in the respective field.
Page 80 Administrator’s Handbook Each test generates one of the following result codes: Result Meaning * PASS: The test was successful. * FAIL: The test was unsuccessful. * SKIPPED: The test was skipped because a test on which it depended failed. * PENDING: The test timed out without producing a result.
Page 81: Logs
NOTE: Some browsers, such as Internet Explorer for Windows XP, require that you specify the ARRIS device’s URL as a “Trusted site” in “Internet Options: Security.” This is necessary to allow the download of the log text file to...
Page 82 Administrator’s Handbook The following is an example log portion saved as a .TXT file:...
Page 83: Update
When you click , the Update page appears. Operating system software is what makes your NVG599 device run, and occasionally it needs to be updated. Your Current software version is displayed at the top of the page. To update your software from a file on your PC, you must first download the software from your service provider's support site to your PC's hard drive.
Page 84: Resets
In some cases, you may need to clear all the configuration settings and start over again to program the ARRIS NVG599 device. You can perform a factory reset to do this. It might also be useful to reset your connection to the Internet without deleting all of your configuration settings.
Page 85: Syslog
Link: Syslog Syslog When you click the link the Syslog configuration page appears. You can configure a UNIX-compatible (BSD Syslog protocol - RFC 3164) Syslog client to report a number of subsets of the events entered in the device logs. You can enable or disable the Syslog client dynamically.
Page 86: Event Notifications
When you click the link, the NAT Table page appears. The NAT Table page displays the network address translation sessions in use by the NVG599 device. You can use the drop-down menu to limit the displayed sessions to selected IP addresses.
Page 87: Chapter 3 Basic Troubleshooting
CHAPTER 3 Basic Troubleshooting This chapter gives some simple suggestions for troubleshooting problems with your NVG599 VDSL2 Gateway’s initial configuration. This chapter covers the following topics: Status Indicator Lights on page 88 Factory Reset Switch on page 95 Event Log Messages on...
Page 88: Status Indicator Lights
Administrator’s Handbook Status Indicator Lights The first step in troubleshooting is to check the status indicator lights (LEDs) in the order outlined below. ARRIS NVG599 VDSL2 Gateway Status Indicator Lights Side View Power Battery Ethernet Wireless HomePNA Broadband 1 Broadband 2...
Page 89 Flashing Green = Indicates a telephone is off-hook on the associated VoIP line. Off = VoIP not in use, line not registered, or NVG599 power off. Solid Green = Powered device connected to the associated port (includes devices with wake-on-LAN capability where a slight voltage is supplied to the Ethernet connection).
Page 90 Off = The device is not powered, or no powered devices are connected to the associated ports. NOTE: The NVG599 supports two VoIP lines over one RJ11 VoIP port. In order to con- nect two phone lines the supplied inner/outer pair splitter adapters must be attached to the RJ11 VoIP port in order to terminate both lines.
Page 91: Led Function Summary Matrix
LED Function Summary Matrix Solid Green Flashing Green Orange/Amber Flashing Red Off = The unit Power The device is A power-on self- Firmware POST failure (not has no AC power. powered. test (POST) is in upgrade (see bootable) or “Power during progress.
Page 92 Off = VoIP not in Phone 1, 2 The associated Indicates a tele- use, line not reg- VoIP line has phone is off-hook istered or been registered on the associated NVG599 power with a SIP proxy VoIP line. off. server.
Page 93 Solid Green Flickering Green Off = The device Powered device = Activity seen is not powered, connected to the from devices no cable or no associated port associated with powered devices (includes devices the port. The connected to the with wake-on- flickering of the associated ports.
Page 94 Administrator’s Handbook If a status indicator light does not look correct, look for these possible problems: LED Not Lit Possible Problems Make sure the power adapter is plugged into the DSL modem properly. Power Try a known good wall outlet. If a power strip is used, make sure it is switched on.
Page 95: Factory Reset Switch
Factory Reset Switch Lose your access code? This section shows how to use the factory reset switch to reset the NVG599 so that you can access the configuration screens once again. NOTE: Keep in mind that all of your settings will need to be reconfigured.
Page 96: Log Event Messages
Administrator’s Handbook Log Event Messages The system generates the log messages described in the following tables for events related to administrative access, system operation, DSL issues, packet access, or firewall issues. Administration-Related Log Messages 1. administrative access attempted: This log message is generated whenever the user attempts to access the router's management interface.
Page 97 DSL Log Messages (Most Common) 1. WAN: Data link This log message is generated when the DSL link comes up. activated at <Rate> Kbps (rx/tx) 2.WAN: Data link deactivated This log message is generated when the DSL link goes down. 3.
Page 98 Administrator’s Handbook Access-Related Log Messages 12. Telnet receive DoS attack - This log message is generated whenever TCP packets destined to the packets dropped: router's Telnet management interface are dropped due to overwhelming receive data. 13. dropped - reassembly timeout: This log message is generated whenever packets, traversing the router or destined to the router itself, are dropped because of reassembly timeout.
Page 99 Firewall Log Messages Detail (AT&T Requirement #841) Reason Enumeration ( C ) Log Text Representation Why the Packet Was Logged NM_LOGDROP_CAT_POLICY POLICY Policy (generic). This currently includes filterset rules, restricted hosts, IPv6 profiles. NM_LOGDROP_CAT_POLICY_INPUT POLICY-INPUT-GEN-DISCARD Packets destined for the CPE that are generically discarded (we spec- ify the packets we do want;...
Page 100 Administrator’s Handbook...
Page 101: Chapter 4 Command Line Interface
The NVG599 VDSL2 Gateway operating software includes a command line interface (CLI) that lets you access your NVG599 device over a Telnet connection. You can use the command line interface to enter and update the unit’s configuration settings, monitor its performance, and restart it.
Page 102 Administrator’s Handbook CONFIG Commands “Connection Commands” on page 121 “Filter Set Commands” on page 124 “Queue Commands” on page 129 “IP Gateway Commands” on page 132 “IPv6 Commands” on page 132 “IP DNS Commands” on page 139 “IP IGMP Commands” on page 139 “NTP Commands”...
Page 103: Overview
Overview The CLI has two major command modes: SHELL and CONFIG. Summary tables that list the commands are provided below. Details of the entire command set follow in this section. SHELL Commands Command Description Send ARP request clear Erase all stored configuration information clear_certificate Remove an SSL certificate that has been installed clear_https_certkey...
Page 104 Administrator’s Handbook CONFIG Commands Command Verbs Description delete Delete configuration list data help Display a list of Help command options save Save configuration data script Print configuration data Set configuration data validate Validate configuration settings view View configuration data Keywords conn Connection options TCP/IP protocol options...
Page 105: Starting And Ending A Cli Session
<ip_address> You must know the IP address of the NVG599 device before you can make a Telnet connection to it. By default, your NVG599 uses 192.168.1.254 as the IP address for its LAN interface. You can use a Web browser to configure the NVG599 IP address.
Page 106: Using The Cli Help Facility
Issue administrative commands to restart NVG599 device functions SHELL Prompt When you are in SHELL mode, the CLI prompt is the name of the NVG599 device followed by a right angle bracket (>). For example, if you open a CLI connection to the NVG599 device named “ARRIS-3000/9437188,”...
Page 107: Shell Commands
Sends an Address Resolution Protocol (ARP) request to match the nnn.nnn.nnn.nnn IP address to an Ethernet hardware address. clear [ yes ] Clears the configuration settings in an NVG599 device. You are prompted to confirm the clear command by entering yes. clear_certificate Removes an SSL certificate that has been installed.
Page 108 [-s size] [-c count ] [ hostname | ip_address ] Causes the NVG599 to issue a series of ICMP Echo requests for a device with the specified name or IP address. The hostname argument is the name of the device you want to ping; for example, ping ftp.arris.com.
Page 109 Clears the IPMap table (NAT). reset log Rewinds the diagnostic log display to the top of the existing NVG599 diagnostic log. The reset log command does not clear the diagnostic log. The next show log command will display information from the beginning of the log file.
Page 110: Show Crash
Administrator’s Handbook restart [ seconds ] Restarts your NVG599 device. If you include the optional seconds argument, your NVG599 will restart when the specified number of seconds have elapsed. You must enter the complete restart command to initiate a restart.
Page 111 General: Transmit OK : 253 Receive OK : 22 Tx Errors Rx Errors Receiver: Dropped Packets Transmitter: Collisions Dropped Packet Upper Layers: Rx No Handler Rx No Message Rx Octets : 4781 Rx Unicast Pkts : 22 Rx Multicast Pkts Tx Discards Tx Octets : 17204...
Page 112 Administrator’s Handbook Ethernet driver full statistics - WAN 10/100/1000 Ethernet Port Status: Link down Ethernet driver full statistics - 10/100 Ethernet Port Status: Link up Type: 100BASET Duplex: Full General: Transmit OK : 434 Receive OK : 267 Tx Errors Rx Errors Receiver: Incompl Packet Errors : 0...
Page 113 Displays the Ethernet address resolution table stored in your NVG599 device. show ip igmp Displays the contents of the IGMP Group Address table and the IGMP Report table maintained by your NVG599 device. show ip interfaces Displays the IP interfaces for your NVG599 device.
Page 114: Show Log
Displays IPv6 statistics information. show log Displays blocks of information from the NVG599 diagnostic log. To see the entire log, you can repeat the show log command, or you can enter show log all. show firewall-log Displays blocks of information from the NVG599 firewall log.
Page 115 TFTP server must be accessible on your Ethernet network. The server_address argument identifies the IP address of the TFTP server on which you want to store the NVG599 settings. The filename argument identifies the path and name of the configuration file on the TFTP server. If you include the optional confirm keyword, you will not be prompted to confirm whether or not you want to perform the operation.
Page 116: Wps Commands
[ vcc-id ] Releases the DHCP lease the NVG599 device is currently using to acquire the IP settings for the specified DSL port. The vcc-id identifier is an “index” letter in the range B-I, and does not directly map to the VCC in use.
Page 117 Resets the point-to-point connection over the specified virtual circuit. This command only applies to virtual circuits that use PPP framing. show atm [all] Displays ATM statistics for the NVG599 device. The optional all argument displays a more detailed set of ATM statistics. show ppp [{ stats | lcp | ipcp }] Displays information about open PPP links.
Page 118: About Config Commands
CONFIG Mode Prompt When you are in CONFIG mode, the CLI prompt consists of the name of the NVG599 device followed by your current node in the hierarchy and two right angle brackets (>>). For example, when you enter CONFIG mode...
Page 119: Guidelines: Config Commands
Displaying Current Gateway Settings You can use the view command to display the current CONFIG settings for your NVG599. If you enter the view command at the top level of the CONFIG hierarchy, the CLI displays the settings for all enabled functions. If you enter the view command at an intermediate node, you see settings for that node and its subnodes.
Page 120: Validating Your Configuration
You can use the validate CONFIG command to make sure that your configuration settings have been entered correctly. If you use the validate command, the NVG599 device verifies that all required settings for all services are present and that settings are consistent.
Page 121: Config Commands
CONFIG Commands This section describes the keywords and arguments for the various CONFIG commands. Connection Commands The conn commands are used to create connections, for example, a WAN or LAN connection. There may be more than one of each depending on your model. The name commands correspond to the system object IDs (OIDs), but you can name them yourself.
Page 122 Administrator’s Handbook set conn name name icmp-echo-drop [ off | on ] If set to on, drops echo-requests received on the particular interface. The default is off. set conn name name icmp-err-suppress [ off | on ] An additional option to suppress ICMP error messages on WAN IP interfaces. The default is off. set conn name name static ipaddr ipaddr Specifies a static IP address when the connection type has been set to static.
Page 123 If dhcp-server-enable is set to on, specifies the first address in the DHCP address range. The NVG599 can reserve a sequence of up to 253 IP addresses within a subnet, beginning with the specified address for dynamic assignment.
Page 124: Filter Set Commands
QoS and forwarding decisions to be made. These characteristics can be at the MAC layer, IP layer, TCP | UDP | ICMP layer(s), or (in applicable circumstances) 802.1q/p (VLAN-tagging) layer. Your NVG599 device is capable of adding and stripping 802.1Q tags to and from frames before transmission on its LAN interfaces. See also “Link Commands”...
Page 125 set filterset name filterset_name rule number match-eth-proto number Matches Ethernet protocol field to the supplied value. set filterset name filterset_name rule number match-eth-length number Matches Ethernet length field to the supplied value. set filterset name filterset_name rule number match-eth-p-bits number Matches VLAN priority bits.
Page 126 Administrator’s Handbook Or match the supplied DiffServ class. This value may be any of the BE, EF, AFxx or CSx classes. A full list is: { "CS0", 0x00 } { "CS1", 0x08 } { "CS2", 0x10 } { "CS3", 0x18 } { "CS4", 0x20 } { "CS5", 0x28 } { "CS6", 0x30 }...
Page 127 set filterset name filterset_name rule number action set-qos-marker qos_marker_string Tags the packet according to the queue marker name. See “Queue Commands” on page 129. set filterset name filterset_name rule number action set-tos number Sets the packet TOD field to the supplied value. set filterset name filterset_name rule number action set-dscp [ number | diffserv_class_string ] Sets the DSCP field to the supplied value.
Page 128: Global Filter Set ("Ipv6 Firewall") Commands
Administrator’s Handbook Global Filter Set (“IPv6 Firewall”) Commands Global filter sets exist at the root level of the hierarchy, outside the umbrella of both the “ip” and “ip6” subtrees, since they pertain to both. Global filter set rules allow for the specification of these match attributes: IP Protocol Source and/or destination port: TCP flags, for rules that specify TCP traffic...
Page 129: Queue Commands
| out-link-oid | icmp-type ] Matches on the following categories: (ip[4|6] address or subnet spec (type ip4 or ip6 only)) src-ip-addr (ip[4|6] address or subnet spec (type ip4 or ip6 only)) dst-ip-addr (0-255 or iana-defined string equivalents) ip-proto (1-65535[:1-65535], only if ip-proto == TCP or UDP) src-port (1-65535[:1-65535], only if ip-proto == TCP or UDP) dst-port...
Page 130 Administrator’s Handbook the router will have to buffer enough (about a full second worth of traffic) so that the burst of traffic doesn't get tail-dropped when it arrives and is enqueued at the same time in the same burst. On the other hand, it is undesirable to buffer too much data in the queue(s) since the packets may be stale by the time they are sent.
Page 131 set queue nam -mode [ bps | relative ] ip-proto Sets the mode of the weighted fair queue. The bps keyword indicates that weights are defined as bits-per- second. The relative keyword indicates that weights are defined as a proportion of the sum of the weights of all inputs to the wfq.
Page 132: Ip Gateway Commands
Specifies the conn of the gateway. Normally, this would be the WAN connection. Specifies whether the NVG599 should send packets to a default gateway if it does not know how to reach the destination host. set ip gateway conn-oid value Sets the default gateway to point to an associated link specified by the conn-oid value.
Page 133 set ip6 dhcp-server info-refresh-time 86400 set ip6 dns primary-address "" set ip6 dns secondary-address "" Default IPv6 security configuration values: set security spi ip6 src-mcast-drop off set security spi ip6 invalid-mcast-scope-drop on set security spi ip6 forbidden-addr-drop on set security spi ip6 deprecated-ext-hdr-drop on set security spi ip6 src-addr-from-lan-unassigned-drop on set security spi ip6 lan-assigned-src-addr-from-wan-drop on set security spi ip6 ula-drop on...
Page 134 Administrator’s Handbook set ip6 conn name name mcast-fwding [ off | on ] Turns IPv6 multicast forwarding for this connection off or on. The default is off. (not yet implemented) set ip6 conn name name old-prefix-purge-timer The time in seconds for which old, invalid prefixes are advertised with a lifetime of zero. The intent is to “flush out”...
Page 135 set ip6 conn name name 6rd-tunnel ipv4-common-bits value [ 0 - 31 ] The number of bits common to all IPv4 addresses within the 6rd domain. The top-most bits of the IPv4 address will be “subtracted” from the 6rd address. If the whole 32-bit IPv4 address is contained in the 6rd IPv6 address, this value is set to zero.
Page 136 Administrator’s Handbook set ip6 conn name name dp subnet-length value [ 0 - 16 ] The length of the subnet portion of the delegated prefix. Default is 0. set ip6 conn name name dp subnet-id value [ 0 - 65535 ] If a subnet length is specified, the value that would occupy the of the subnet portion of the connection's IPv6 prefix.
Page 137 set ip6 conn name name dhcp-server dns-server optional IPv6 address IPv6 address of advertised DNS server (optional). IPv6 DHCP Server set ip6 dhcp-server enable [ on | off ] Globally enables or disables DHCPv6 servers on all IPv6 LAN connections. The default is on. set ip6 dhcp-server information-only [ off | on ] The on parameter sets DHCPv6 servers on all IPv6 LAN connections to operate in stateless “information-only”...
Page 138 Administrator’s Handbook set ip6 dhcp-server T1 seconds set ip6 dhcp-server T2 seconds Sets global DHCPv6 T1, T2 values, per RFC 3315 for local NA addresses: The time at which the client contacts the server from which the addresses in the IA_NA were obtained to extend the lifetimes of the addresses assigned to the IA_NA;...
Page 139: Ip Dns Commands
Other uses include updating the address books of mobile computer users in the field, or sending out company newsletters to a distribution list. Since a router should not be used as a passive forwarding device, NVG599 devices use a protocol for forwarding multicasting: Internet Group Management Protocol (IGMP).
Page 140 Administrator’s Handbook You can set the following options: IGMP Snooping – Enables the NVG599 to “listen in” to IGMP traffic. The NVG599 discovers multicast group membership for the purpose of restricting multicast transmissions to only those ports which have requested them.
Page 141 set ip igmp query-response-interval value Sets the query-response interval range in deci-seconds (tenths of a second): 5 – 255. The default is 100 deci- seconds. set ip igmp unsolicited-report-interval value Sets the unsolicited report interval: the amount of time in seconds between repetitions of a particular computer’s initial report of membership in a group.
Page 142: Ntp Commands
Administrator’s Handbook NTP Commands set ip ntp enable [ on | off ] Enables or disables acquiring the time of day from an NTP (Network Time Protocol) server. set ip ntp server-address server_address set ip ntp alt-server-address alt_server_address Specifies the NTP server(s) to use for time updates. The NTP server-address and alt-server-address values can be entered as DNS names as well as IP addresses.
Page 143: Dynamic Dns Commands
[ normal | defaultserver ] Sets the WAN mode to direct your NVG599 to forward all externally initiated IP traffic (TCP and UDP protocols only) to a default host on the LAN, otherwise this feature is disabled. Default is normal.
Page 144 Administrator’s Handbook set link name name port-vlan ports [ lan-1... 4 | hpna | ssid-1...4 | ptm | vc-1 | vc- Specifies a port-based VLAN on the selected ports on the link named name. set link name name port-vlan priority [ 0 - 7 ] Specifies the 802.1p priority bit.
Page 145 [ on | off ] Specifies whether you want your NVG599 to send LCP echo requests. You should turn off LCP echoing if you do not want the NVG599 to drop a PPP link to a nonresponsive peer.
Page 146: Management Commands
Controls whether the NVG599 accepts name server addresses from the peer. The default is on, which means the NVG599 expects to get name server addresses when the PPP link comes up. This especially applies when the primary WAN connection is PPP.
Page 147 Turns TR-064 LAN side management services on or off. The default is off. set management shell idle-timeout [ 1...120 ] Specifies a timeout period of inactivity for Telnet access to the NVG599 device, after which a user must re-log in to the NVG599. Default is 15 minutes for Telnet.
Page 148: Remote Access Commands
Specifies a certificate from a trusted certificate authority to identify the secure Web access. set management web idle-timeout [ 1...120 ] Specifies a timeout period of inactivity for HTTP access to the NVG599 device, after which a user must log in to the NVG599. Default is 5 minutes for HTTP.
Page 149 Defaults to port 0. set management remote-access telnet-idle-timeout [ 1...120 ] Specifies a timeout period of inactivity for remote Telnet access to the NVG599 device, after which a user must log in to the device. Default is 5 minutes for Telnet.
Page 150: Physical Interfaces Commands
DSL Forum TR-064 (“LAN Side CPE Configuration”) is an extension of UPnP (Universal Plug-and-Play). It defines more services to locally manage the NVG599 device. While UPnP allows open access to configure the device's features, TR-064 requires a password to execute any command that changes the device's configuration.
Page 151 set physical dsl modulation annex-m [ off | on ] Turns Annex-M DSL modulation off or on. Default is off. set physical dsl profile-8a [ on | off ] Enables or disables VDSL2 profile 8a governing upstream and downstream bandwidth. Default is on. set physical dsl profile-8b [ on | off ] Enables or disables VDSL2 profile 8b governing upstream and downstream bandwidth.
Page 152 Administrator’s Handbook set physical dsl nlnm-threshold [ 0 - 480 ] Specifies the New Low Noise Model (NLNM) value between 0 and 480. Default is 60. set physical dsl transport [ atm | ptm | auto | off ] Sets the DSL transport mode: Asynchronous (atm), Packet (ptm), Automatic (auto), or none (off). Default is ptm.
Page 153 set physical dsl atm vcc 2 vci [ 32 - 65535 ] Sets the virtual channel identifier (VCI) for the circuit. Default is 35. set physical dsl atm vcc vcc_num tx-queue queue_name Attaches the egress queue template to the ATM VC when the queue type is egress. set physical dsl atm vcc vcc_num rx-queue queue_name Attaches the ingress queue to the ATM VC when the queue type is ingress.
Page 154 [ 1 - 4 ] mac-addr-override mac_addr You can override your NVG599 device’s Ethernet MAC address with any necessary setting. Some ISPs require your account to be identified by the MAC address, among other things. Enter your 12-character Ethernet MAC...
Page 155 SSID as the client. Defaults to 6. set physical wireless power [ 1 - 100 ] Sets some value lower than 100 percent transmit power if your NVG599 device is located close to other Wi-Fi devices and causes interference. Defaults to 100 (percent).
Page 156 If set to , blocks wireless clients from communicating with other wireless clients on the WLAN side of the NVG599. Defaults to off. set physical wireless ssid 1 security [ none | wep | wpa ] Sets the wireless privacy type: none, wep, or wpa-psk. Default is none.
Page 157: Pppoe Relay Commands
Specifies the maximum number of PPPoE relay sessions. Default is 4. NAT Pinhole Commands NAT pinholes let you pass specific types of network traffic through the NAT interfaces on the NVG599. NAT pinholes allow you to route selected types of network traffic, such as FTP requests or HTTP (Web) connections, to a specific host behind the NVG599 transparently.
Page 158: Security Stateful Packet Inspection (Spi) Commands
Administrator’s Handbook Security Stateful Packet Inspection (SPI) Commands set security firewall-level [ low | high | off ] All computer operating systems are vulnerable to attack from outside sources, typically at the operating system or Internet Protocol (IP) layers. Stateful inspection firewalls intercept and analyze incoming data packets to determine whether they should be admitted to your private LAN, based on multiple criteria, or blocked.
Page 159 ARRIS 9.x DSL gateways use the relevant session information about whether the packet flow was initiated from the LAN side (upstream) or WAN side (downstream). If the parameter security.spi.ip6.allow-inbound is set to off, then sessions which are initiated from the WAN side are disallowed.
Page 160: Voip Commands
VoIP Profile Settings set voip profile [ 1 - 4 ] prof-enable [ on | off ] Enables or disables the use and configuration of the specified VoIP profile on the NVG599. set voip profile [ 1 - 4 ] proxy-server address Specifies the IP address or fully-qualified domain name of the SIP proxy server that stations using the profile will connect to.
Page 161 set voip profile [ 1 - 4 ] sip-user-domain name Sets the SIP user domain value to be used by the VoIP profile. set voip profile [ 1 - 4 ] sip-user-port [ 1 - 65535 ] Specifies the SIP user port for the specified phone, Default is 5060. set voip profile [ 1 - 4 ] sip-user-transport [ tcp | udp ] Assigns a transport protocol to the identified VoIP SIP profile.
Page 162 Administrator’s Handbook set voip profile [ 1 - 4 ] sip-publish-invocation never Sets the specified profile to never invoke PUBLISH. set voip profile [ 1 - 4 ] sip-publish-interval seconds Assigns the publication interval to the specified profile. set voip profile [ 1 - 4 ] sip-publish-count -1 Sets the number of SIP publication events for the profile.
Page 163 set voip profile [ 1 - 4 ] sip-advanced-setting sip-qos-tos [ 0 - 255 ] Specifies the SIP DiffServ type of service (ToS) values for Quality of Service (QoS) assignment. Default: 160. set voip profile [ 1 - 4 ] sip-advanced-setting sip-qos-p-bit [ 0 - 7 ] Assigns a Quality of Service priority bit (p-bit) value to the SIP profile.
Page 164 Administrator’s Handbook set voip profile [ 1 - 4 ] sip-advanced-setting sip-timer-e-value 500 Assigns a SIP E timer (UDP non-INVITE retransmit interval) value to the profile. set voip profile [ 1 - 4 ] sip-advanced-setting sip-timer-f-value 32000 Assigns a SIP F timer (non-INVITE retransmit interval) value to the profile. set voip profile [ 1 - 4 ] sip-advanced-setting sip-timer-g-value 500 Assigns a SIP G timer (INVITE response retransmit interval) value to the profile.
Page 165 set voip profile [ 1 - 4 ] rtp-advanced-setting rtp-port-range-start [value] Defines the beginning of the VoIP Real Time Protocol port range assigned to the profile. Default: 6002. set voip profile [ 1 - 4 ] rtp-advanced-setting rtp-port-range-end [value] Defines the end of the VoIP Real Time Protocol port range assigned to the profile. Default: 6200. set voip profile [ 1 - 4 ] rtp-advanced-setting rtcp-option [ on | off ] Configures the Real Time Control Protocol (RTCP) setting for the VoIP profile.
Page 166 Administrator’s Handbook set voip profile [ 1 - 4 ] advanced-telephony-setting battery-notification-setting battery-notification-tod-start "[HH:MM]AM | [HH:MM]PM" Assigns a start time for battery notification message generation to the profile. set voip profile [ 1 - 4 ] advanced-telephony-setting battery-notification-setting battery-notification-tod-end "[HH:MM]AM | [HH:MM]PM" Assigns an end time for battery notification message generation to the profile.
Page 167 set voip profile [ 1 - 4 ] user-account [ 1 - 4 ] sip-user-auth-id “[string]” Defines a user authentication ID value for the user account on the VoIP profile. Default: 1000. set voip profile [ 1 - 4 ] user-account [ 1 - 4 ] sip-uri "" Assigns a SIP Uniform Resource Identifier (URI) to the specified user account.
Page 168 Administrator’s Handbook set voip profile [ 1 - 4 ] user-account [ 1 - 4 ] codec G726_16 payload-type [value] Assigns a payload value to the 16 kbit/s G.726 codec on the user account. Default: 102. set voip profile [ 1 - 4 ] user-account [ 1 - 4 ] codec G726_16 packetization-time [value] Assigns a packetization time value to the 16 kbit/s G.726 codec on the user account.
Page 169 set voip profile [ 1 - 4 ] user-account [ 1 - 4 ] codec AMR payload-type [value] Assigns a payload value to the AMR codec on the user account. Default: 120 set voip profile [ 1 - 4 ] user-account [ 1 - 4 ] codec AMR packetization-time [value] Assigns a packetization time value to the AMR codec on the user account.
Page 170 Administrator’s Handbook set voip profile [ 1 - 4 ] user-account [ 1 - 4 ] call-feature subscribe-mwi-option [ on | off ] Enables or disables the message waiting indicator for the user account. set voip profile [ 1 - 4 ] user-account [ 1 - 4 ] call-feature subscribe-send-mes- sage [ on | off ] Enables or disables message sending for the user account.
Page 171: Targeted Ad Insertion Commands
Targeted Ad Insertion Commands set targeted-ad-insertion enable [ on | off ] Turns targeted ad insertion on or off. Default is on. set targeted-ad-insertion v-zone-ad [ on | off ] Specifies whether the targeted ad is zone-specific. Default is on. set targeted-ad-insertion sender-ssrc [ 0...
Page 172 Administrator’s Handbook set targeted-ad-insertion hello-retransmit-min seconds Specifies a minimum interval for retransmission of ad insertion in seconds. Default is 15 seconds. set targeted-ad-insertion hello-retransmit-max seconds Specifies a maximum interval for retransmission of ad insertion in seconds. Default is 300 seconds. set targeted-ad-insertion vcc-ip-address ip_address Specifies the VCC IP address of the ad carousel server.
Page 173: System Commands
ARRIS-7000/9437188. A system name can be 1 – 255 characters long. Once you have assigned a name to your NVG599, you can enter that name in the address text field of your browser to open a connection to your NVG599.
Page 174 Specifies the password for the update server. The default is guest. set system calendar-update fwverfile filename Specifies the firmware version filename to the update server. For the AT&T NVG599 the file is netopiaNVG599_64.txt. set system calendar-update day day_of_month Specifies the numerical day of the month for the update server to be polled, for example, 21.
Page 175 CPE (is in its trust list). Default is on. set system syslog enable [ on | off ] Enables or disables the NVG599 Syslog function. The Syslog function is disabled by default. If Syslog is enabled, the following additional Syslog settings may be configured: set system syslog server-ip <IPv4/IPv6 Address>...
Page 176 [ 0 ... 7 ] Sets the severity level of Syslog messages the NVG599 will send to the Syslog server. Each severity level includes all higher-level messages (e.g; a level of 2 [Critical] will also send Alert and Emergency messages). The...
Page 177 [ low | medium | high | alerts | failures ] Specifies the types of log messages you want the NVG599 device to record. All messages with a level equal to or greater than the level you specify are recorded. For example, if you specify set system diagnostic-level medium, the diagnostic log will retain medium-level informational messages, alerts, and failure messages.
Page 178: Debug Commands
Debug Commands When you are in SHELL mode, the Debug prompt consists of the name of the NVG599 device followed by the word “DEBUG” and a right angle bracket (>). For example, if you open a CLI connection to the NVG599 named “ARRIS-3000/9437188”...
Page 179: Chapter 5 - Technical Specifications And Safety Information
1.28 lbs (.58 kg) (without integrated battery) 1.77 lbs (.80 kg) (with integrated battery) Communications interfaces: The ARRIS Gateways have a 4-port 10/100/1000Base-T Ethernet switch for your LAN connections, an FXS port for VoIP connections, a HomePNA 3.1 coax port, a USB 2.0 network port, and a 400 mW wireless radio for Wi-Fi connections.
Page 180: Agency Approvals
Administrator’s Handbook Security: Stateful Packet Inspection Firewall; Virtual DMZ/IP pass-through; Denial of Service (DoS) protection; VPN Pass-through (PPTP, L2TP, IPSec) Wi-Fi Security. WEP (64-bit, 128-bit, 256-bit) encryption 802.1x, WPA, WPA-PSK, 802.11i/WPA2, WPA2-PSK EAP-TLS, EAP-TTLS, EAP-SIM MAC Address filtering Management/configuration methods: HTTP (Web server), telnet command line interface Diagnostics: Ping, event logging, routing table displays, statistics counters, web-based management, traceroute, nslookup, and diagnostic commands.
Page 181: Manufacturer's Declaration Of Conformance
Manufacturer’s Declaration of Conformance WARNING: This is a Class B product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures. Adequate measures include increasing the physical dis- tance between this product and other electrical devices.
Page 182 Administrator’s Handbook Canada. This Class B digital apparatus meets all requirements of the Canadian Interference -Causing Equipment Regulations. Cet appareil numérique de la classe B respecte toutes les exigences du Réglement sur le matériel brouilleur du Canada. Declaration for Canadian users NOTICE: The Canadian Industry Canada label identifies certified equipment.
Page 183: Important Safety Instructions
Important Safety Instructions Caution DO NOT USE BEFORE READING THE INSTRUCTIONS: Do not connect the Ethernet ports to a carrier or carriage service provider’s telecommunications network or facility unless: a) you have the written consent of the network or facility manager, or b) the connection is in accordance with a connection permit or connection rules.
Page 184: 47 Cfr Part 68 Information
For earlier products, the REN is separately shown on the label. e) If this equipment, the NVG599 device, causes harm to the telephone network, the telephone company will notify you in advance that temporary discontinuance of service may be required. But if advance notice isn’t practical, the telephone company will notify the customer as soon as possible.
Page 185: Rf Exposure Statement
If your home has specially wired alarm equipment connected to the telephone line, ensure that the installation of this ARRIS NVG599 VDSL2 Gateway does not disable your alarm equipment. If you have questions about what will disable alarm equipment, consult your telephone company or qualified installer.
Page 186: Caring For The Environment By Recycling
Contact your local authorities for information about practices established for your region. If collection systems are not available, call ARRIS Customer Service for assistance. Beskyttelse af miljøet med Genbrug af dit ARRIS-udstyr Dette produkt må ikke bortskaffes sammen med husholdningsaffald eller genbrug erhvervsaffald.
Page 187: Milieubewust Recycleren
ARRIS, não autoridades locais. Se não houver sistemas de coleta disponíveis, entre em descarte o produto junto com contato com o Serviço ao Cliente da ARRIS para obter assistência. lixo residencial ou comercial. Var rädd om miljön Återvinning av din ARRIS-utrustning...
Page 188 Administrator’s Handbook...
Page 189: Copyright Acknowledgments
Open Source Software Information For instructions on how to obtain a copy of any source code being made publicly available by ARRIS related to software used in this ARRIS product you may send your request in writing to: ARRIS Group, Inc.
Page 190 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright (c) ARRIS India Electronics dhcp (dhcp-isc) 4.1.1-P1 Copyright © 2004-2011 by Internet Systems Consortium, Inc. ("ISC") Copyright ©...
Page 191 All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
Page 192 WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. GNU General Public License 2.0 (GPL) This ARRIS product contains the following open source software packages licensed under the terms of the GPL 2.0 license: • Linux 2.6.30 •...
Page 193 When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs;...
Page 194 Administrator’s Handbook c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License.
Page 195 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject tothese terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
Page 196 END OF TERMS AND CONDITIONS GNU Lesser General Public License 2.1 (LGPL) This ARRIS product contains the following open source software packages licensed under the terms of the LGPL 2.1 license: • uClibc 0.9.27 (also Copyright (C) 2000-2006 Erik Andersen <andersen@uclibc.org>) Version 2.1, February 1999...
Page 197 The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0.
Page 198 Administrator’s Handbook 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.
Page 199 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all.
Page 200 Administrator’s Handbook lua 5.1 Lua is licensed under the terms of the MIT license reproduced below. This means that Lua is free software and can be used for both academic and commercial purposes at absolutely no cost. For details and rationale, see http://www.lua.org/license.html . Copyright (C) 1994.2012 Lua.org, PUC-Rio.
Page 201 OpenSSL 0.9.8k OpenSSL SSLeay License LICENSE ISSUES The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses.
Page 202 Administrator’s Handbook 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" HIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE MPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Page 203 4. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/ computing/)." CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Page 204 Administrator’s Handbook Copyright (C) 2002 Netservers This plugin may be distributed according to the terms of the GNU General Public License, version 2 or (at your option) any later version. See the respective source files to find out which copyrights apply. ------------------------------------------------------------------------------ Copyright (C) 2002 Roaring Penguin Software Inc.
Page 205 License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message- Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc.
Page 206 Administrator’s Handbook Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission.
Page 207 ------------------------------------------------------------ Copyright (C) 2000 by Roaring Penguin Software Inc. This program may be distributed according to the terms of the GNU General Public License, version 2 or (at your option) any later version. ------------------------------------------------------------ Copyright (C) 2000-2001 by Roaring Penguin Software Inc. Copyright (C) 2004 Marco d'Itri <md@linux.it>...
Page 208 Administrator’s Handbook Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
Page 209 THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGESWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Page 210 Administrator’s Handbook Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Page 211 strlcat() is (c) Todd C. Miller (included in util.c -- ) are from OpenSSH 3.6.1p2, and are licensed under the BSD-Modified license: Copyright (c) 1998 Todd C. Miller , < OWNER > All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 212 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Copyright (c) Mark Adler Portions Copyright ARRIS Group, Inc. 2009-2012 Portions Copyright Broadcom Corporation Portions Copyright AltoCom, Inc.
Page 213: Appendix Aarris Gateway Captive Portal Implementation
Appendix A ARRIS Gateway Captive Portal Implementation This section contains information about the ARRIS Gateway Captive Portal Support.
Page 214: Overview
The white list can be a combination of FQDN (fully qualified domain names) and White-IP address/CIDR. FQDNs will be resolved to IP addresses on boot and whenever a new list is pushed. For the NVG599, Captive Portal implementation only redirects port 80 traffic. Traffic to port 443 is allowed. DNS Traffic will not be blocked.
Page 215: Captive Portal Rpc
Captive Portal RPC RPC supported per 2Wire requirements that will set Captive Portal parameters. <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="urn:dslforum-org:cwmp-1-0" targetNamespace="urn:dslforum-org:cwmp-1-0" elementFormDefault="unqualified" attributeFormDefault="unqualified"> <xs:import namespace="http://schemas.xmlsoap.org/soap/envelope/" schemaLocation="soapenv.xsd"/> <xs:import namespace="http://schemas.xmlsoap.org/soap/encoding/" schemaLocation="soapenc.xsd"/> <xs:complexType name="CaptivePortalParamStruct"> <xs:sequence> <xs:element name="Enable" type="soapenc:boolean"> <xs:annotation> <xs:documentation>If true, the Captive Portal is enabled.< xs:documentation>...
Page 216: X_00D09E_Setcaptiveportalparams Rpc
Administrator’s Handbook  <xs:element name="X_00D09E_GetCaptivePortalParamsResponse"> <xs:annotation> <xs:documentation>X_00D09E_GetCaptivePortalParamsResponse response message for X_00D09E_GetCaptivePortalParams request.< xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:element name="CaptivePortalParamStruct" type="tns:CaptivePortalParamStruct"/> </xs:sequence> </xs:complexType> </xs:element> X_00D09E_SetCaptivePortalParams RPC:  <xs:element name="X_00D09E_SetCaptivePortalParams"> <xs:annotation> <xs:documentation>X_00D09E_SetCaptivePortalParams message to set the Captive Portal parameters on a CPE.</xs:documentation> </xs:annotation>...
Page 217: Appendix B Quality Of Service (Qos) Examples
Appendix B Quality of Service (QoS) Examples This section contains information about the ARRIS Gateway QoS implementation.
Page 218: Overview
Administrator’s Handbook Overview When packets arrive on a high speed interface and are forwarded to a low speed interface, there is contention for bandwidth. This is the use case for QoS: to make effective use of bandwidth. The basic steps for Quality of Service are to match and identify packets as belonging to a class of traffic, and to give each class of traffic a certain behavior such as priority queuing or bandwidth shaping across critical networking bottlenecks.
Page 219 Figure 4. Illustration of weighted fair queue scheduling Figure 5. Illustration of a hybrid queue that is both priority and WFQ, to both constrain bandwidth usage and expedite one of the queues. After the packet has been classified, it can be put in the proper queue. Queues are assigned to interfaces and can be constructed of several queue components to deliver the desired behavior.
Page 220: Upstream Qos: Priority And Shaping
Administrator’s Handbook There is an option to enable bandwidth sharing, so that unused bandwidth in idle queues can be shared to other queues. When the traffic resumes in the previously idle queue, the previously shared-out bandwidth is taken back. When bandwidth sharing is enabled, a secondary rate configuration appears on each input entry, the peak parameter.
Page 221: Downstream Qos: Ethernet Switch
Downstream QoS: Ethernet Switch The simplest way of handling downstream QoS (from WAN to LAN) is to use the per-port queues that are present in the Ethernet switch. This achieves the greatest efficiency since the queues are handled in the switch hardware, and should be used when a strict priority queue with 4 priorities is sufficient.
Page 222 Administrator’s Handbook...
Page 223: Index
Index Default Server designing a new filter set Symbols Detect Missing Filter !! command Device Access Code Device List DHCP lease table Diagnostic log Access Code Diagnostics Address resolution table Documentation conventions Administrator password Downstream QoS Arguments, CLI Command Ethernet statistics Event Notifications basic queues Broadband Network Redirect...
Page 224 Administrator’s Handbook ICMP Echo Packet Filters IGMP Password IGMP Snooping Administrator IGMP Stats User IP DNS commands Physical interfaces commands IP Gateway commands Ping IP IGMP commands Ping command IP interfaces IP Passthrough priority queue IP routes Prompt, CLI IPMap table Keywords, CLI Quality of Service LAN Ethernet Statistics...
Page 225 tab bar Targeted Ad Insertion Telnet Telnet command Test Web Access TFTP server Traceroute Trivial File Transfer Protocol Troubleshoot Truncation Update Upstream QoS User name User password View command view config Voice Voice-over-IP VoIP weighted fair queue WiFi-Key Wireless Wireless Security...
Page 226 Administrator’s Handbook...
Page 227 ® ARRIS DSL Gateways ARRIS Enterprises, Inc. 600 North U.S. Highway 45 Libertyville, Illinois 60048 USA Telephone: +1 847 523 5000 December 6, 2013...
Page 228 Administrator’s Handbook...

Arris NVG599 Administrator's Handbook

CHAPTER 1 Introduction

CHAPTER 2 Device Configuration

CHAPTER 3 Basic Troubleshooting

CHAPTER 4 Command Line Interface

CHAPTER 5 - Technical Specifications and Safety Information

Appendix Aarris Gateway Captive Portal Implementation

Appendix B Quality of Service (Qos) Examples

Index