Download Print this page

virtual access GW1000 Series User Manual

Hide thumbs Also See for GW1000 Series:

Quick start manual (38 pages)

Table Of Contents

page of 463

/ 463
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

GW1000 Series User Manual

GW1000

GW1000M

Issue:

2.3

Date:

20 September 2018

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the GW1000 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for virtual access GW1000 Series

Page 1 GW1000 Series User Manual GW1000 GW1000M Issue: Date: 20 September 2018...
Page 2: Table Of Contents
Document scope ..................10 Using this documentation ................. 10 GW1000 and GW1000M Series router hardware ......... 13 GW1000 Series router hardware model features ......... 13 GW1000 Series router dimensions............. 13 GW1000M Series router hardware model features ........14 GW1000M Series router dimensions ............15 GSM technology ..................
Page 3 Configuring an Ethernet interface using command line ....... 101 11.5 Interface diagnostics ................103 12 Configuring VLAN ..................107 12.1 Maximum number of VLANs supported ............ 107 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 3 of 463...
Page 4 Configuring static routes using the web interface ........158 18.3 Configuring IPv6 routes using the web interface ........159 18.4 Configuring routes using command line ........... 159 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 4 of 463...
Page 5 Configuring automatic operator selection via the web interface ....219 24.3 Configuring via UCI ................242 24.4 Configuring no PMP + roaming using UCI ..........247 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 5 of 463...
Page 6 Configuring firewall using UCI ..............314 31.4 IPv6 notes ................... 317 31.5 Implications of DROP vs. REJECT ............317 31.6 Connection tracking ................318 31.7 Firewall examples ................. 318 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 6 of 463...
Page 7 Httpclient: Activator configuration using package options ......377 37.10 User management using UCI ............... 378 37.11 Configuring the management user password using UCI ......379 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 7 of 463...
Page 8 Terminal Server diagnostics ..............456 43 Configuring terminal package ..............459 43.1 Configuration packages used ..............459 43.2 Configuring terminal package using the web interface ....... 459 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 8 of 463...
Page 9 44 Serial interface ..................461 44.1 Overview ..................... 461 44.2 Monitoring serial interfaces using the web interface ........461 44.3 Monitoring serial interfaces using command line ........462 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 9 of 463...
Page 10: Introduction
GW1000 Series and GW1000M Series are described in separate sections. 1.1.1 GW1000 Series routers The Virtual Access GW1000 Series router is a compact 3G, 4G/LTE router with WiFi, designed with a lightweight plastic case with optional carrier for use in vehicles and a wide range of site-based applications.
Page 11 However the documentation usually assumes that a section label is not configured. The table below shows fields from a variety of chapters to illustrate the explanations above. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 11 of 463...
Page 12 Diagnostics are explained at the end of each feature’s chapter. 1.2.4 UCI commands For detailed information on using UCI commands, read chapters ‘Router File Structure’ and ‘Using Command Line Interface’. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 12 of 463...
Page 13: Gw1000 And Gw1000M Series Router Hardware
2: GW1000 and GW1000M Series router hardware _______________________________________________________________________________________________________ 2 GW1000 and GW1000M Series router hardware 2.1 GW1000 Series router hardware model features Figure 1: GW1000 Series router front Figure 2: GW1000 Series router back GW1032: Dual SIM sockets Dual antenna SMA connectors for 3G main and aux GPS antenna with 3.3V active power feed...
Page 14: Gw1000M Series Router Hardware Model Features
GPS antenna with 3.3V active power feed Two 10/100 Mbps Ethernet ports Dual WiFi internal antennas Dual WiFi SMA female connectors Concurrent Access Point and Station mode Metal casing Carrier bracket _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 14 of 463...
Page 15: Gw1000M Series Router Dimensions
No WiFi Metal casing Carrier bracket 2.4 GW1000M Series router dimensions Unit size: 114W 114D 38Hmm Unit size with carrier: 120W 120D 42Hmm Unit weight: 450g _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 15 of 463...
Page 16: Gsm Technology
850/900/1900/ -40°C to 70°C -RFB Asia 1900 2100 Europe 850/900/1800/ 850/900/1900/2100 B1/B2/B3/B5/B7/B -30°C to 70°C -RFC Asia 1900 8/B20 Worldwide B3/B7/B20/B31 -20°C to 60°C -RFD _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 16 of 463...
Page 17: Antenna
Table 2: RF bands with operating temperatures 2.10 Antenna The GW1000 Series router has two SMA connectors for connection of two antennas for antenna diversity. Antenna diversity helps improve the quality of a wireless link by mitigating problems associated with multipath interference.
Page 18: Gw1000 And Gw1000M Series Components
Ethernet cable. RJ45 connector at both ends. Power supply unit. Right angle antenna for Virtual Access supplies a wide range of antennas for 3G or 4G network. 3G or 4G networks. Please visit our website: www.virtualaccess.com or contact Virtual Access for more information.
Page 19: Inserting A Sim Card
2: GW1000 and GW1000M Series router hardware _______________________________________________________________________________________________________ Right angle or straight Virtual Access supplies a wide range of antennas for WiFi. Please stubby antenna for WiFi visit our website: www.virtualaccess.com or contact Virtual Access connection for more information. 1 x fused automotive...
Page 20: Reset Button
Solid on Releasing after 30 seconds performs a normal reset. Table 5: GW1000 Series router reset behaviour 2.17.1 Recovery mode Recovery mode is a fail-safe mode where the router can load a default configuration from the routers firmware. If your router goes into recovery mode, all config files are kept intact.
Page 21: Gw1000 And Gw1000M Series Led Behaviour
3 GW1000 and GW1000M Series LED behaviour 3.1 Main LED behaviour There are five LEDs on the GW1000 and GW1000M Series router Figure 7: LEDs on the GW1000 Series router Figure 8: LEDs on the GW1000M Series router The possible LED states are: •...
Page 22: Gw1000 And Gw1000M Series Ethernet Port Led Behaviour
The Ethernet port has two physical LEDs, one is green and one is amber. When looking at the port the green LED is on the left and is the only active LED. Figure 9: Ethernet LED on the rear of the GW1000 Series router No physical Ethernet link detected...
Page 23: Installing A Router Into A Vehicle
4.2 Installing a router into a vehicle using a fused power cable Install the router using the vehicle installation power cable 840-00105 provided. Figure 11: 840-00105 3 core power cable _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 23 of 463...
Page 24 Connect the BLUE wire to a 12V switched vehicle ignition wire. • Connect the RED wire to a 12V permanent wire. • Plug the 6 pin connector into the router. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 24 of 463...
Page 25: Factory Configuration Extraction From Sim Card
5: Factory configuration extraction from SIM card _______________________________________________________________________________________________________ 5 Factory configuration extraction from SIM card Virtual Access routers have a feature to update the factory configuration from a SIM card. This allows you to change the factory configuration of a router when installing the SIM.
Page 26: Accessing The Router
The default settings are shown below. The username and password are case sensitive. In the username field, type root. In the Password field, type admin. Click Login. The Status page appears. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 26 of 463...
Page 27: Accessing The Router Over Ethernet Using An Ssh Client
SCP server. No dedicated SPC client is supported; select the SCP client software of your own choice. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 27 of 463...
Page 28: Accessing The Router Over Ethernet Using A Telnet Client
In the Router Password section, type your new password in the password field and then retype the password in the confirmation field. Scroll down the page and click Save & Apply. Note: the username ‘root’ cannot be changed. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 28 of 463...
Page 29: Configuring The Password Using Uci
'$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw option password ‘newpassword’ The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 29 of 463...
Page 30: Accessing The Device Using Radius Authentication
'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' config 'pam_auth' option enabled 'yes' option pamservice 'luci" option pammodule 'auth' option pamcontrol 'sufficient' option type 'radius' servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 30 of 463...
Page 31: Accessing The Device Using Tacacs+ Authentication
TACACS+ authentication can be configured for accessing the router over SSH, web or local console interface. package system config system 'main' option hostname 'VirtualAccess' option timezone 'UTC' config pam_auth option enabled 'yes' option pamservice 'sshd' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 31 of 463...
Page 32 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' config pam_auth option enabled 'yes' option pamservice 'luci' option pammodule 'account' option pamcontrol 'sufficient' option type 'tacplus' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 32 of 463...
Page 33 'service=ppp' config pam_auth option enabled 'yes' option pamservice 'login' option pammodule 'session' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 33 of 463...
Page 34: Ssh
SSH allows you to access remote machines over text-based shell sessions. SSH uses public key cryptography to create a secure connection. These connections allow you to issue commands remotely via a command line. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 34 of 463...
Page 35: Gw1000 Series User Manual
In the top menu, click System -> Administration. The Administration page appears. Scroll down to the SSH Access section. Figure 16: The SSH access section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 35 of 463...
Page 36: Package Dropbear Using Uci
Table 10: Information table for SSH access settings 6.12 Package dropbear using UCI root@VA_router:~# uci show dropbear dropbear.@dropbear[0]=dropbear dropbear.@dropbear[0].PasswordAuth=on dropbear.@dropbear[0].RootPasswordAuth=on dropbear.@dropbear[0].GatewayPorts=0 dropbear.@dropbear[0].IdleTimeout=30 dropbear.@dropbear[0].Port=22 dropbear.@dropbear[0].MaxLoginAttempts=3 Package dropbear using package options _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 36 of 463...
Page 37: Certs And Private Keys
There is support for IPSec, OpenVPN and VA certificates and keys. If you have generated your own SSH public keys, you can input them in the SSH Keys section, for SSH public key authentication. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 37 of 463...
Page 38: Configuring A Router's Web Server
To configure the router’s HTTP server parameters, in the top menu, select Services -> HTTP Server. The HTTP Server page has two sections. Main Settings Server configurations Certificate Settings SSL certificates. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 38 of 463...
Page 39 ASN.1/DER private key used to serve HTTPS connections. If no listen_https options are given the key options are ignored. UCI: uhttpd.main.key /etc/uhttpd.key Opt: key Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 39 of 463...
Page 40 Does not follow symbolic links if enabled. UCI: uhttpd.main.no_symlinks Disabled. Opt: no_symlinks Enabled. Web: N/A Does not generate directory listings if enabled. UCI: uhttpd.main.no_dirlists Disabled. Opt: no_symlinks Enabled. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 40 of 463...
Page 41 '0.0.0.0:443' option home '/www' option rfc1918_filter '1' option cert '/etc/uhttpd.crt' option key '/etc/uhttpd.key' option cgi_prefix '/cgi-bin' option script_timeout '60' option network_timeout '30' option config '/etc/http.conf' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 41 of 463...
Page 42 Activation, this must be set to the serial number (Eth0 UCI: uhttpd.commonname MAC address) of the device. Opt: commonname Table 12: Information table for HTTP server certificate settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 42 of 463...
Page 43: Basic Authentication (Httpd Conf)
/etc/shadow or /etc/passwd. If you use $p$… format, uhttpd will compare the client provided password against the one stored in the shadow or passwd database. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 43 of 463...
Page 44: Securing Uhttpd
The following example shows how to display serial number and mobile signal strength. Note: this can only be configured via the command line. Figure 21: Example login screen displaying serial and signal strength _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 44 of 463...
Page 45 'local hue = (sig + 113) * 2' list text 'local hue = math.min(math.max(hue, 0), 120) %>' list text 'Signal strength: <h3 style="color:hsl(<%=hue%>, 90%, 50%); display:inline;"><%=sig%></h3> dBm _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 45 of 463...
Page 46: Router File Structure
Figure 22: Example of the status page System information is also available from the CLI if you enter the following command: root@VA_router:~# va_vars.sh _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 46 of 463...
Page 47: Identify Your Software Version
In the Firmware Version row, the first two digits of the firmware version identify the hardware platform, for example LIS-15; while the remaining digits: .00.72.002, show the software version. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 47 of 463...
Page 48: Image Files
To show the configuration to run after the next reboot, enter: root@VA_router:~# va_config.sh next To set the configuration to run after the next reboot, enter: root@VA_router:~# va_config.sh -s [factconf|config1|config2|altconfig] _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 48 of 463...
Page 49: Configuration File Syntax
Configurations can also be managed using directory manipulation. To remove the contents of the current folder, enter: root@VA_router:/etc/config1# rm –f * Warning: the above command makes irreversible changes. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 49 of 463...
Page 50: Exporting A Configuration File
In the top menu, select System > Backup/Flash Firmware. The Flash operations page appears. Figure 25: The flash operations page In the Backup/Restore section, select Generate Archive. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 50 of 463...
Page 51: Importing A Configuration File
7.9.1. If you have software version 72.002 or above, to import a configuration file using the web interface go to section 7.9.2. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 51 of 463...
Page 52 Upload archive. Figure 28: The system – restoring…page When the ‘waiting for router’ icon disappears, the upgrade is complete, and the login homepage appears. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 52 of 463...
Page 53 OK to return to the Flash Operations page. There you can manually select Made Active (after reboot). Then click Reboot Now in the ‘Reboot using Active Configuration’ section. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 53 of 463...
Page 54 <paste in config file> <CTRL-D> Note: it is very important that the config file is in the correct format otherwise it will not import correctly. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 54 of 463...
Page 55: Using The Command Line Interface
_______________________________________________________________________________________________________ 8 Using the Command Line Interface This chapter explains how to view Virtual Access routers' log files and edit configuration files using a Command Line Interface (CLI) and the Unified Configuration Interface (UCI) system. Some commands may vary between router models.
Page 56 0 Jul 3 11:37 usr lrwxrwxrwx 1 root root 4 Jul 16 2012 var -> /tmp drwxr-xr-x 4 root root 67 Jul 16 2012 www _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 56 of 463...
Page 57 444 S -ash 374 root 344 R ps ax 375 root 400 S /bin/sh /sbin/hotplug button 384 root 396 R /bin/sh /sbin/hotplug button 385 root [keventd] _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 57 of 463...
Page 58: Using Unified Configuration Interface (Uci)
-f <file> use <file> as input instead of stdin when importing, merge data into an existing package _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 58 of 463...
Page 59 Note: all operations do not act directly on the configuration files. A commit command is required after you have finished your configuration. root@VA_router:~# uci commit _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 59 of 463...
Page 60 To show the configuration ‘tree’ for a given config, enter: root@VA_router:/# uci show network network.loopback=interface network.loopback.ifname=lo network.loopback.proto=static network.loopback.ipaddr=127.0.0.1 network.loopback.netmask=255.0.0.0 network.lan=interface network.lan.ifname=eth0 network.lan.proto=dhcp network.wan=interface network.wan.username=foo _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 60 of 463...
Page 61 To show the image running currently, enter: root@VA_router:~# vacmd show current image To set the image to run on next reboot, enter: root@VA_router:~# vacmd set next image [image1|image2|altimage] root@VA_router:~# reboot _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 61 of 463...
Page 62 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 62 of 463...
Page 63: Configuration Files
8.3 Configuration files The table below lists common package configuration files that can be edited using uci commands. Other configuration files may also be present depending on the specific options available on the Virtual Access router. File Description Management...
Page 64 It is important to note that identifiers and config file names may only contain the characters a-z, A-Z, 0-9 and _. However, option values may contain any character, as long they are properly quoted. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 64 of 463...
Page 65: Upgrading Router Firmware
To check which software version your router is running, in the top menu, browse to Status -> Overview. Figure 31: The status page showing a software version prior to 72.002 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 65 of 463...
Page 66 9.1.2 Upgrading router firmware for software versions pre- 72.002 Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab -> Backup/Flash Firmware. The Flash operations page appears.
Page 67 To verify that the router has been upgraded successfully, click Status in the top menu. The Firmware Version shows in the system list. Figure 36: The system status list _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 67 of 463...
Page 68 9.1.3 Upgrading router firmware for software version 72.002 and above Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab > Flash operations. The Flash operations page appears.
Page 69 To regain access to the router you must login again. If any part of the processes encounters an error the reboot does not occur and a report is given. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 69 of 463...
Page 70 Version shows in the system list and also in the right top corner of the menu bar. Figure 42: The system status list showing current firmware version _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 70 of 463...
Page 71: Upgrading Firmware Using Cli
Windows it requires an additional application. The usage example below is for a Unix machine and therefore assumes the image file is in the current folder. scp LIS-15.00.72.002.image root@x.x.x.x:/tmp/LIS-15.00.72.002.image _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 71 of 463...
Page 72 After the write process has finished, you must complete a post verification of the firmware. To verify the checksum of downloaded firmware, enter: va_image_csum.sh /tmp/LIS-15.00.72.002.image _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 72 of 463...
Page 73: Firmware Recovery
Change the boot configuration to factory configuration after ten failed restarts • By design this feature is intended to allow recovery from firmware problems and therefore excludes restarts due to power loss. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 73 of 463...
Page 74: System Settings
A filter matches specific log messages and then determines an action for them. 10.2 Configuration package used Package Sections system main syslog_fillter timeserver _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 74 of 463...
Page 75: Configuring System Properties
Defines the interval in minutes to store the local time for use on next reboot. UCI: system.main.timezone Opt: time_save_interval_min Table 14: Information table for general settings section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 75 of 463...
Page 76 Store system log in RAM. Lost on circular reboot. Viewed using logread File Store system log in flash. file Maintained through reboot. Viewed using cat /log_file _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 76 of 463...
Page 77 UCI: system.main.log_hostname Magic values %hostname (system hostname), %ser (serial), and %mon (Monitor dev_reference) are also recognised. Opt: log_hostname Range Empty Use router hostname for syslog messages. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 77 of 463...
Page 78 Defines the maximum size audit data can take in flash in 1024 byte units. UCI: system.main.audit_cfg_max_size_kb Range Opt: audit_cfg_max_size_kb 1024 6 hours Table 15: Information table for the logging section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 78 of 463...
Page 79 NTP server. It is enabled as an NTP client by default and individual interfaces can be configured to respond to NTP requests. Figure 46: The time synchronization section in system properties _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 79 of 463...
Page 80 Ensure you have saved all your configuration changes before you reboot. Figure 47: The reboot page Check the Reboot now check box and then click Reboot. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 80 of 463...
Page 81: System Settings Using Command Line
'system' config 'system' 'main' option 'hostname' "VA_router" option 'timezone' "UTC" option 'log_ip' "1.1.1.1" option 'log_port' "514" option remoteloglevel '8' option log_file '/root/syslog.messages' option log_size '400' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 81 of 463...
Page 82: System Diagnostics
Critical conditions error Error conditions warning Warning conditions notice Normal but significant info Informational debug Debug-level messages none No priority Table 19: Syslog message severity list _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 82 of 463...
Page 83 'UTC' option timezone 'GMT0' option conloglevel '8' option cronloglevel '8' option time_save_interval_hour '10' option log_hostname '%serial' option log_ip '1.1.1.1' option log_port '514' option log_file '/root/syslog.messages' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 83 of 463...
Page 84 0.000000] SoC: xRX330 rev 1.1 0.000000] bootconsole [early0] enabled 0.000000] CPU0 revision is: 00019556 (MIPS 34Kc) 0.000000] adding memory size:267386880 from DT 0.000000] MIPS: machine is Virtual Access GW6600V series 0.000000] Determined physical RAM map: 0.000000] memory: 0ff00000 @ 00000000 (usable) 0.000000] User-defined physical RAM map:...
Page 85: Advanced Filtering Of Syslog Messages
Filters are defined in the syslog_filter configuration section of the system package. A set of filters can be either local or remote. All messages are matched against both local and remote filter rules, if configured. • _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 85 of 463...
Page 86 Use the wildcard '*' to match all facilities. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 86 of 463...
Page 87 Log all ipsec messages to filepath ‘va/log/ipsec’. Do not log anywhere else locally. For everything else, apply default local logging. No remote filter rules defined, so apply default remote logging to all messages. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 87 of 463...
Page 88 '*.=debug mem ~' list text 'auth,authpriv.* /var/log/auth' list text '*.*(ipsec:) /var/log/ipsec' list text '*.* default' config syslog_filter 'remote' list text 'auth,authpriv.* ~' list text '*.* ignore' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 88 of 463...
Page 89 10: System settings _______________________________________________________________________________________________________ 10.6.4 Filter diagnostics To view configured filters, enter cat /var/conf/syslog.conf root@VA_router:~# cat /var/conf/syslog.conf [local] auth,authpriv.* /var/log/auth *.*(ipsec:) /var/log/ipsec default [remote] auth,authpriv.info *.* ignore _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 89 of 463...
Page 90: Configuring An Ethernet Interface On A Gw1000 Router
To create and edit interfaces via the web interface, in the top menu, click Network -> Interfaces. The Interfaces overview page appears. Figure 48: The interfaces overview page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 90 of 463...
Page 91: Interface Overview: Editing An Existing Interface
To create a new interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 49: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 91 of 463...
Page 92 Configure the interface settings such as protocol, IP address, gateway, netmask, custom DNS servers, MTU and firewall configuration. IP-Aliases Assigning multiple IP addresses to the interface. DHCP Server Configuring DHCP server settings for this interface. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 92 of 463...
Page 93 Bridge interfaces, VLAN PCP to SKB priority mapping. Firewall settings Assign a firewall zone to the interface. 11.3.2.1 Common configuration – general setup Figure 50: The Ethernet connection common configuration settings page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 93 of 463...
Page 94 The IPv6 IP address if the interface. Optional if an IPv4 address is provided. UCI: network.<if name> .ip6addr CIDR notation for the IPv6 address is required. Opt: ip6addr _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 94 of 463...
Page 95 Example: option dependants ‘PPPADSL MOBILE’ This replaces the following previous options in child interfaces. option local_interface lt2p option src_ipaddr option wan1 wan2 6in4 option ipaddr 6to4 option ipaddr _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 95 of 463...
Page 96 Specifies if sspeed and duplex mode should be autonegotiated. UCI: network.<if name>.autoneg Disabled. Opt: autoneg Enabled. Web: Full Duplex Ability to change duplex mode. UCI: network.<if name>.fullduplex Disabled. Opt: fullduplex Enabled. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 96 of 463...
Page 97 This maps the IP-Alias to the interface. Opt: interface UCI: network.<alias name>.proto This maps the interface protocol to the alias. Opt: proto Table 25: Information table for IP-Aliases name assignment _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 97 of 463...
Page 98 Opt: bcast Web: DNS-Server Defines the DNS server for the IP alias. UCI: network.<alias name>.dns Opt: dns Table 27: Information table for IP-Alias advanced settings page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 98 of 463...
Page 99 Opt: mode Description DHCPv4 DHCP for IPv4 ipv4 DHCPv6 DHCP for IPv6 ipv6_dhcp IPv6 Router IPv6 RA ipv6_ra Advertisements DHCPv6 Prefix DHCPv6 prefix delegation ipv6_pd Delegation _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 99 of 463...
Page 100 Forces DHCP serving on the specified interface even if another DHCP server is detected on the same network segment. UCI: dhcp.@dhcp[x].force Disabled. Opt: force Enabled. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 100 of 463...
Page 101: Configuring An Ethernet Interface Using Command Line
11.4.1 Interface configuration using UCI root@VA_router:~# uci show network ….. network.newinterface=interface network.newinterface.proto=static network.newinterface.ifname=eth0 network.newinterface.monitored=0 network.newinterface.ipaddr=2.2.2.2 network.newinterface.netmask=255.255.255.0 network.newinterface.gateway=2.2.2.10 network.newinterface.broadcast=2.2.2.255 network.newinterface.vlan_qos_map_ingress=1:2 2:1 network.ethalias1=alias network.ethalias1.proto=static network.ethalias1.interface=newinterface network.ethalias1.ipaddr=10.10.10.1 network.ethalias1.netmask=255.255.255.0 network.ethalias1.gateway=10.10.10.10 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 101 of 463...
Page 102 'eth0' option monitored '0' option ipaddr '2.2.2.2' option netmask '255.255.255.0' option gateway '2.2.2.10' option broadcast '2.2.2.255' list vlan_qos_map_ingress '1:2' list vlan_qos_map_ingress '2:1' config alias 'ethalias1' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 102 of 463...
Page 103: Interface Diagnostics
The ATM bridges section is not used when configuring an Ethernet interface on a GW1000 router. 11.5 Interface diagnostics 11.5.1 Interfaces status To show the current running interfaces, enter: root@VA_router:~# ifconfig 3g-CDMA Link encap:Point-to-Point Protocol _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 103 of 463...
Page 104 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7710 errors:0 dropped:0 overruns:0 frame:0 TX packets:535 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:647933 (632.7 KiB) TX bytes:80978 (79.0 KiB) _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 104 of 463...
Page 105 Link partner advertised pause frame use: No Link partner advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full Port: MII PHYAD: 0 Transceiver: external Auto-negotiation: on Current message level: 0x000000ff (255) _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 105 of 463...
Page 106 11: Configuring an Ethernet interface on a GW1000 router _______________________________________________________________________________________________________ drv probe link timer ifdown ifup rx_err tx_err _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 106 of 463...
Page 107: Configuring Vlan
12: Configuring VLAN _______________________________________________________________________________________________________ 12 Configuring VLAN 12.1 Maximum number of VLANs supported Virtual Access’ routers support up to 4095 VLANs. 12.2 Configuration package used Package Sections Network 12.3 Configuring VLAN using the web interface 12.3.1 Create a VLAN interface To configure VLAN using the web interface, in the top menu, select Network - >Interfaces.
Page 108: Virtual Access
Enter a name, for example eth0.100. This will assign VLAN 100 to the eth0 interface. Opt: ifname Table 30: Information table for the create interface page Click Submit. The Interfaces page for VLAN1 appears. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 108 of 463...
Page 109 The IPv4 address of the interface. This is optional if an IPv6 address is provided. UCI: network.VLAN1.ipaddr Opt: ipaddr Web: IPv4 netmask Subnet mask to be applied to the IP address of this interface. UCI: network.VLAN1.netmask Opt: netmask _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 109 of 463...
Page 110: Viewing Vlan Interface Settings
To view the new VLAN interface settings, in the top menu, select Network -> Interfaces. The Interfaces Overview page appears. The example below shows two VLAN interfaces configured. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 110 of 463...
Page 111: Configuring Vlan Using The Uci Interface
When specifying the ifname ensure that it is written in dotted mode, that is, eth1.100 where eth1 is the physical interface assigned to VLAN tag 100. Note: VLAN1 is, by default the native VLAN and will not be tagged. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 111 of 463...
Page 112: Configuring Ignition Sense
You can configure the Vapowermond package using the web interface. In the top menu, click Services ->Power Monitor. The basic settings page appears. Figure 64: Power monitor basic settings page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 112 of 463...
Page 113 Table 32: Information table for power monitor basic settings 13.2.2 Power monitor advanced settings Click the Advance tab to access advanced settings. Figure 65: Power monitor advanced settings page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 113 of 463...
Page 114: Configuring Vapowermond Using The Command Line
‘main’ option enabled ‘1’ option timeout ‘30’ option voltage_sense_scripts_enable ‘0’ option voltage_on_script ‘/usr/bin/powermon_voltage_on.sh’ option voltage_off_script ‘/usr/bin/powermon_voltage_off.sh’ option voltage_msg ‘powermon’ option log_severity ‘5’ _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 114 of 463...
Page 115: Ignition Sense Diagnositcs
13.4.1 Monitoring Vapowermond status using the command line interface To view status information about the current ignition sense state, enter: root@VA_router:~# cat /sys/class/gpio/gpio29/value 1 for ignition on 0 for ignition off _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 115 of 463...
Page 116: Configuring A Wifi Connection
_______________________________________________________________________________________________________ 14 Configuring a WiFi connection This section explains how to configure WiFi on a Virtual Access router using the web interface or via UCI. WiFi can act as an Access Point (AP) to another device in the network or it can act as a client to an existing AP.
Page 117 Web: Transmit power Select the transmit power range range you require. UCI: wireless.radio0.txpower Range 0dBm(1mW)-17dBm(50mW) Opt: txpower 17dBM(50mW) Table 34: Information table for the device configuration section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 117 of 463...
Page 118 Web: RTS/CTS Threshold Defines the RTS/CTS threshold. UCI: wireless.radio0.rts None Router defaults applied Opt: rts Range Table 35: Information table for device configuration advanced settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 118 of 463...
Page 119 Use this section to configure the interface name, mode and network settings. Differing web options may be presented depending on the mode selected. Figure 69: The interface configuration general setup section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 119 of 463...
Page 120 Use this section to configure encryption, ciper and create a security key. Differing options will be defined depending on the encryption selected. Figure 70: The wireless security section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 120 of 463...
Page 121 Web: Radius Accounting -Port Defines the Radius port for EAP accounting. UCI:wireless.@wifi-iface[0].acct_port Opt: acc_port Web: Radius Accounting -Secret Defines the Radius secret for EAP accounting. UCI:wireless.@wifi-iface[0].acct_secret Opt: acct_secret _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 121 of 463...
Page 122: Configuring Wifi In Ap Mode
WiFi interface’, selecting a new interface for the Wireless Network in the Interface Configuration section. Next, in the top menu, select Network -> Interfaces. The Interface Overview page appears. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 122 of 463...
Page 123 UCI and package options. Opt:ifname Example: option ifname ‘eth2 eth3’ or network.<if name>.ifname=eth2 eth 3 Table 39: Information table for the physical section on the common configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 123 of 463...
Page 124: Configuring Wifi Using Uci
'US' config wifi-iface option device 'radio0' option mode 'ap' option disabled '1' option ssid 'Test_AP' option network 'newwifilan' option encryption 'psk' option key 'secretkey' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 124 of 463...
Page 125 'lan' option ifname 'eth0' option proto 'static' option ipaddr '192.168.100.1' option netmask '255.255.255.0' option type 'bridge' root@VA_router:~# uci export wireless package wireless _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 125 of 463...
Page 126 14.4.4 AP mode on an existing Ethernet interface using UCI root@VA_router:~# uci show network network.lan=interface network.lan.ifname=eth0 network.lan.proto=static network.lan.ipaddr=192.168.6.1 network.lan.netmask=255.255.255.0 network.lan.type=bridge root@VA_router:~# uci show wireless wireless.radio0=wifi-device wireless.radio0.type=mac80211 wireless.radio0.channel=11 wireless.radio0.phy=phy0 wireless.radio0.hwmode=11ng _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 126 of 463...
Page 127: Creating A Wifi In Client Mode Using The Web Interface
In the top menu, select Network -> Interfaces. The Interfaces Overview page appears. Click Edit in the newly created WiFi Client interface. The Common Configuration page appears. Figure 73: The client interface page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 127 of 463...
Page 128: Configuring Wifi In Client Mode Using Command Line
'radio0' option type 'mac80211' option channel '11' option phy 'phy0' option hwmode '11ng' option htmode 'HT20' list ht_capab 'SHORT-GI-40' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 128 of 463...
Page 129 14.6.2.1 uci show wireless root@VA_router:~# uci show wireless wireless.radio0=wifi-device wireless.radio0.type=mac80211 wireless.radio0.channel=11 wireless.radio0.phy=phy0 wireless.radio0.hwmode=11ng wireless.radio0.htmode=HT20 wireless.radio0.ht_capab=SHORT-GI-40 TX-STBC RX-STBC1 DSSS_CCK-40 wireless.radio0.txpower=17 wireless.radio0.country=US wireless.@wifi-iface[0]=wifi-iface wireless.@wifi-iface[0].device=radio0 wireless.@wifi-iface[0].ssid=Remote-AP wireless.@wifi-iface[0].mode=sta wireless.@wifi-iface[0].network= newwifiClient wireless.@wifi-iface[0].encryption=psk2 wireless.@wifi-iface[0].key=testtest _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 129 of 463...
Page 130: Configuring A Mobile Connection
To create a new mobile interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. In the examples below, 3G has been used for the interface name. Figure 74: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 130 of 463...
Page 131 Set up more in-depth features such as initialisation timeout, LCP echo failure thresholds and inactivity timeouts. Firewall settings Assign a firewall zone to the connection. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 131 of 463...
Page 132 PPP over Ethernet pppoe PPPoATM PPP over ATM pppoa LTE/UMTS/ CDMA, UMTS or GPRS GPRS/EV-DO connection using an AT-style 3G modem. PPP(PSTN- PPP v90 modem pppmodem Modem) _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 132 of 463...
Page 133 The Modem Configuration link at the bottom of the page is used for SIM pin code and SMS configuration. For more information, read the chapter ‘Configuring mobile manager’. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 133 of 463...
Page 134 Enable IPv6. Opt: ipv6 Web: Modem int timeout Maximum amount of seconds to wait for the modem to become ready. UCI: network.3G.maxwait Seconds Opt: maxwait Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 134 of 463...
Page 135 Closes an inactive connection after the given amount of seconds. Use 0 to persist connection. UCI: network.3G.demand Do not disconnect on inactivity. Opt: demand Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 135 of 463...
Page 136 Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it. Figure 77: Firewall settings page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 136 of 463...
Page 137: Configuring A Mobile Connection Using Cli
'0' option auto ‘1’ option sim 'any' option defaultroute '1' option metric ‘1’ option service_order 'auto lte umts gprs' option apn 'test.apn' option username ‘username’ _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 137 of 463...
Page 138: Diagnositcs
Information. The Mobile Information page appears. The information presented depends on the actual mobile hardware used; it might therefore differ from the samples shown here. Figure 78: The mobile information page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 138 of 463...
Page 139 15: Configuring a mobile connection _______________________________________________________________________________________________________ Figure 79: The advanced information page Figure 80: The cell information page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 139 of 463...
Page 140 SIM In : yes SIM Slot SIM1 ICCID : 8935301140701270414 Signal (dBm) : -107 Technology : UMTS Temperature (C) : 28 Hardware Revision : R1C0 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 140 of 463...
Page 141: Configuring Mobile Manager
Roaming Interface Configure Preferred Roaming List options. Template *Option available only for CDMA modules. 16.2.1 Mobile manager: basic settings Figure 81: The mobile manager basic page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 141 of 463...
Page 142 LTE bands range from 1 to 70. Table 44: Information table for mobile manager basic settings 16.2.2 Mobile manager: advanced settings Figure 82: The mobile manager advanced page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 142 of 463...
Page 143 Defines whether to use time obtained from the mobile carrier to update the system clock when NTP is enabled. UCI: mobile.main.disable_time Disabled. Opt: disable_time Enabled. Table 45: Information table for mobile manager advanced settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 143 of 463...
Page 144 Allows the station class mark for the MS to be changed. UCI: mobile.main.cdma_station_class_mark Opt: cdma_station_class_mark 0-255 Web: Slot Cycle Index The desired slot cycle index if different from the default. UCI: mobile.main.cdma_slot_cycle_index Opt: cdma_slot_cycle_index _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 144 of 463...
Page 145 Allows specification of SID:NID pairs, this takes the form "SID1,NID1,SID2,NID2, UCI: mobile.main.cdma_sid_nid_pairs Opt:cdma_sid_nid_pairs Format SID1 (0-65535),NID (0-65535) Table 46: Information table for mobile manager CDMA settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 145 of 463...
Page 146: Configuring Mobile Manager Using Command Line
The following example shows how to enable the SMS functionality to receive and respond from certain caller ID numbers. root@VA_router:~# uci show mobile uci set mobile.main=mobile _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 146 of 463...
Page 147 '0000' option sim2pin '0000' option roaming_sim 'none' option sms '1' option hdr_password '5678' option hdr_userid '1234' option init_get_iccids '1' option sim1_lte_bands '3,20' option sim2_lte_bands '4,5' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 147 of 463...
Page 148: Monitoring Sms
To monitor using SSH, login and enter: logread –f & Or, when logging system messages to a flash file at /root/syslog.messages tail –f /root/syslog.messages & _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 148 of 463...
Page 149: Sending Sms From The Router
Multiple commands can be sent in a single SMS using a semicolon (;) separator. For example, to set the router to factcory config and then reboot. vacmd set next config factconf;reboot _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 149 of 463...
Page 150: Configuring A Gre Interface
DHCP or PPP to dial into the provider network. In the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 86: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 150 of 463...
Page 151 IP address, TTL, tunnel key and MTU. Advanced Settings 'Bring up on boot' and 'monitor interface state' settings. Firewall settings Assign a firewall zone to the connection. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 151 of 463...
Page 152 Subnet mask, in CIDR notation, to be applied to the tunnel. Typically '30' for point-to-point tunnels. UCI: network.<if name>.mask_length Opt: mask_length Range 0 - 30 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 152 of 463...
Page 153 UCI: network.<if name>.mtu 1472 Opt: mtu Range Table 49: Information table for GRE 17.2.2 GRE connection: common configuration-advanced settings Figure 88: GRE advanced settings page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 153 of 463...
Page 154 Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it. Figure 89: GRE firewall settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 154 of 463...
Page 155: Gre Configuration Using Command Line
'tunnel1' option proto 'gre' option monitored ‘0’ option ipaddr '172.255.255.2' option mask_length '24' option local_interface 'wan' option remote_ip ‘172.255.255.100’ option ttl '128' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 155 of 463...
Page 156: Gre Diagnostics
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:912 (912.0 B) TX bytes:884 (884.0 B) Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 156 of 463...
Page 157 Tunnel1 172.19.101.3 13.13.13.1 255.255.255.255 UGH 0 gre- Tunnel1 Note: a GRE route will only be displayed in the routing table when the interface is up. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 157 of 463...
Page 158: Configuring Static Routes
UCI: network.@route[0].target Opt: target Web: netmask Defines the route netmask. If omitted, 255.255.255.255 is assumed, which makes the target a host address. UCI: network.@route[0].netmask Opt: netmask _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 158 of 463...
Page 159: Configuring Ipv6 Routes Using The Web Interface
By default all routes are named ‘route’, it is identified by @route then the route’s position in the package as a number. For example, for the first route in the package using UCI: network.@route[0]=route network.@route[0].interface=lan _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 159 of 463...
Page 160: Ipv4 Routes Using Uci
The command line example routes in the subsections below do not have a configured name. root@VA_router:~# uci show network network.@route[0]=route network.@route[0].interface=lan network.@route[0].target=3.3.3.10 network.@route[0].netmask=255.255.255.255 network.@route[0].gateway=10.1.1.2 network.@route[0].metric=3 network.@route[0].mtu=1400 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 160 of 463...
Page 161: Ipv4 Routes Using Package Options
IPv6 routes using packages options root@VA_router:~# uci export network package network …. config route option interface 'lan' option target '2001:0DB8:100:F00:BA3::1/64' option gateway '2001:0DB8:99::1' option metric ‘1’ option mtu '1500' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 161 of 463...
Page 162: Static Routes Diagnostics
Flags Metric Ref Use Iface 192.168.100.0 255.255.255.0 0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 162 of 463...
Page 163: Configuring Bgp (Border Gateway Protocol)
In the top menu, select Network -> BGP. BGP configuration page appears. The page has three sections: Global Settings, BGP Neighbours and BGP Route Map. Figure 91: The BGP page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 163 of 463...
Page 164 UCI: bgpd.bgpd.debug_events Enabled. Opt: debug_events Disabled. Web: Log filters Defines whether to enable BGP filter events to the system log. UCI: bgpd.bgpd.debug_filters Enabled. Opt: debug_filters Disabled. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 164 of 463...
Page 165 Matches IP address. Opt: match_type IP Next Hop Matches next hop IP address. AS-Path Matches AS-path. Route Metric Matches route metric. Matches BGP community. Community _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 165 of 463...
Page 166 Sets route map name to use with this neighbour. UCI: bgpd.@peer[0].route_map Opt: route_map Web: Route Map Direction Defines what direction to apply to the route map. UCI: bgpd.@peer[0].route_map_in Opt: route_map_in _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 166 of 463...
Page 167: Configuring Bgp Using Command Line
You can also configure BGP using UCI. The configuration file is stored on /etc/config/bgpd root@VA_router:~# uci show bgpd bgpd.bgpd=routing bgpd.bgpd.enabled=yes bgpd.bgpd.router_id=3.3.3.3 bgpd.bgpd.asn=1 bgpd.bgpd.network=11.11.11.0/29 192.168.103.1/32 bgpd.@peer[0]=peer bgpd.@peer[0].route_map_in=yes bgpd.@peer[0].ipaddr=11.11.11.1 bgpd.@peer[0].asn=1 bgpd.@peer[0].route_map=ROUTEMAP bgpd.@peer[0].ipv6=0 bgpd.@peer[0].next_hop_self=0 bgpd.@peer[0].holdtime_sec=0 bgpd.@peer[0].keepalive_sec=0 bgpd.@peer[0].connect_sec=0 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 167 of 463...
Page 168 'ROUTEMAP' option ipv6 ‘0’ option next_hop_self ‘0’ option holdtime_sec ‘0’ option keepalive_sec ‘0’ option connect_sec ‘0’ config routemap 'ROUTEMAP' option order '10' option permit 'yes' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 168 of 463...
Page 169: View Routes Statistics
19.4 View routes statistics To view routes statistics, in the top menu click Status -> Routes. The routing table appears. Figure 95: The routing table _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 169 of 463...
Page 170 To view routes via the command line, enter: root@support:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.1.0.0 0.0.0.0 255.255.0.0 0 br-lan2 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 170 of 463...
Page 171: Configuring Ospf (Open Shortest Path First)
A topology table containing a list of all possible routes to all known networks • within an area A routing table containing the best route for each known network • _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 171 of 463...
Page 172 Dead Interval is 40 seconds for broadcast and point-to-point interfaces, and 120 seconds for non-broadcast and point-to-multipoint interfaces. By default, the Dead Interval timer is four times the Hello interval. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 172 of 463...
Page 173 The router with the highest priority becomes the DR; second highest becomes the BDR. If there is a tie in priority, whichever router has the highest Router ID will become the DR. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 173 of 463...
Page 174 For example, point to Point-to-Multipoint Frame Relay. OSPF characteristics are: OSPF will not elect DRs and BDRs. All OSPF traffic is multicast to 224.0.0.5. Neighbours do not need to be manually specified. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 174 of 463...
Page 175 Figure 97: OSPF hierarchy In the above example three areas exist: Area 0, Area 1, and Area 2. Area 0 is the backbone area for this autonomous system. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 175 of 463...
Page 176: Configuration Package Used
Have at least one interface in area 0. Autonomous System Have a connection to a separate autonomous system. Border Router (ABR) 20.2 Configuration package used Package Sections ospfd routing network interface _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 176 of 463...
Page 177: Configuring Ospf Using The Web Interface
Opt: default_info_originate Disabled. Enabled. Web: n/a Enable vty for OSPFd (telnet to localhost:2604) UCI: ospfd.ospfd.vty_enabled Opt: vty_enabled Table 59: Information table for OSPF global settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 177 of 463...
Page 178 OSPFv2 allows packets to be authenticated using either an insecure plain text password, included with the packet, or by a more secure MD5 based HMAC (keyed-Hashing for Message AuthentiCation). Enabling authentication prevents routes being updated by _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 178 of 463...
Page 179 OSPF. This is the only way to advertise non-OSPF links into stub areas. Disabled. Enabled. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 179 of 463...
Page 180: Configuring Ospf Using The Command Line
By default, all OSPF interface instances are named interface, instances are identified by @interface then the interface position in the package as a number. For example, for the first interface in the package using UCI: ospfd.@interface[0]=interface ospfd.@interface[0].ospf_interface=lan _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 180 of 463...
Page 181: Ospf Using Uci
OSPF using UCI root@VA_router:~# uci show ospfd ospfd.ospfd=routing ospfd.ospfd.enabled=yes ospfd.ospfd.default_info_originate=yes ospfd.ospfd.router_id=1.2.3.4 ospfd.@network[0]=network ospfd.@network[0].ip_addr=12.1.1.1 ospfd.@network[0].mask_length=24 ospfd.@network[0].area=0 ospfd.@network[0].stub_area=yes ospfd.@interface[0]=interface ospfd.@interface[0].ospf_interface=lan8 ospfd.@interface[0].hello_interval=10 ospfd.@interface[0].dead_interval=40 ospfd.@interface[0].network_type=broadcast ospfd.@interface[0].passive=yes ospfd.@interface[0].auth_mode=text ospfd.@interface[0].text_auth_key=secret ospfd.@interface[1]=interface ospfd.@interface[1].ospf_interface=lan7 ospfd.@interface[1].network_type=point-to-point _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 181 of 463...
Page 182: Ospf Using Package Options
'broadcast' option passive 'yes' option auth_mode 'text' option text_auth_key 'secret' config interface option ospf_interface 'lan7' option network_type 'point-to-point' option passive 'no' option hello_interval '30' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 182 of 463...
Page 183: Ospf Diagnostics
-i any -n proto ospf & root@VA_router:~# tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 183 of 463...
Page 184: Quagga/Zebra Console
O - OSPF, I - IS-IS, B - BGP, P - PIM, H - HSLS, o - OLSR, b - BATMAN, A - Babel, > - selected route, * - FIB route _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 184 of 463...
Page 185 Password: To see OSPF routing from OSPF debug console, enter: sh ip ospf route UUT> sh ip ospf route ============ OSPF network routing table ============ _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 185 of 463...
Page 186 OSPF not enabled on this interface eth1 is up ifindex 10, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,PROMISC,MULTICAST> OSPF not enabled on this interface eth2 is down _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 186 of 463...
Page 187 2, MTU 1500 bytes, BW 0 Kbit <BROADCAST,NOARP> OSPF not enabled on this interface ifb1 is down ifindex 3, MTU 1500 bytes, BW 0 Kbit <BROADCAST,NOARP> _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 187 of 463...
Page 188 Router Link States (Area 0.0.0.0) Link ID ADV Router Seq# CkSum Link count 1.1.1.1 1.1.1.1 873 0x80006236 0xd591 3 192.168.104.1 192.168.104.1 596 0x8000000a 0x3a2d 2 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 188 of 463...
Page 189 20: Configuring OSPF (Open Shortest Path First) _______________________________________________________________________________________________________ 192.168.105.1 192.168.105.1 879 0x8000000b 0x4919 2 Net Link States (Area 0.0.0.0) Link ID ADV Router Seq# CkSum 11.11.11.1 1.1.1.1 595 0x80000004 0x5712 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 189 of 463...
Page 190: Configuring Vrrp
VRRP. The VRRP page appears. There are two sections in the VRRP page: Section Description Global Settings Enables VRRP VRRP Group Configuration Configures the VRRP group settings. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 190 of 463...
Page 191 Disabled. Opt: Enabled Enabled. 21.3.2 VRRP group configuration settings The VRRP Group Configuration section configures vrrp package vrrp_group section. To access configuration settings, click ADD. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 191 of 463...
Page 192 For example, ‘lan’. The interface name is taken from the UCI: vrrp.@vrrp_group[X].interface network package and all configured interfaces will be displayed.. Opt: interface Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 192 of 463...
Page 193 Web: Advert intvl Sets the VRRP hello value in seconds. This value must match the value set on a peer. UCI: vrrp.@vrrp_group[X].advert_int_sec 120 seconds Opt: advert_int_sec Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 193 of 463...
Page 194: Configuring Vrrp Using Command Line
However, to better identify, it is recommended to give the vrrp_group instance a name. For example, to define a vrrp_group instance named ‘g1’ using UCI, enter: vrrp.g1.vrrp_group vrrp.g1.enabled=1 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 194 of 463...
Page 195 'main' option enabled 'yes' config vrrp_group 'g1' option enabled 'yes' option interface 'lan' list track_iface 'WAN' list track_iface 'MOBILE' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 195 of 463...
Page 196 '1' option priority '100' option advert_int_sec '120' option password 'secret' option virtual_ipaddr '10.1.10.150/16' option garp_delay_sec '5' option ipsec_connection 'Test' list track_ipsec 'conn1' list track_ipsec 'conn2' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 196 of 463...
Page 197: Configuring Routing Information Protocol (Rip)
4, only if the metric (hopcount) is equal. RIP uses a round-robin system of load-balancing between equal metric routes, which can lead to pinhole congestion. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 197 of 463...
Page 198: Configuration Package Used
RIPv2 routers will both send and receive only Version 2 updates • Virtual Access ripd package supports RIP version 2 as described in RFC2453 and RIP version 1 as described in RFC1058. It is part of Quagga suite of applications for routing.
Page 199: Configuring Rip Using The Web Interface
Configures the key_chain sections. Defines MD5 authentication settings. Chains 22.3.1 Global settings The web browser automatically names the routing section ‘ripd’. Figure 103: The RIP global settings configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 199 of 463...
Page 200 Garbage- Collection timer is cleared, the route is marked as valid again, and a new Timeout timer starts. Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 200 of 463...
Page 201 Defines the prefixes to match. UCI: ripd.@offset[0].match_network Format: A.B.C.D/mask Opt: match_network Table 64: Information table for RIP offset commands 22.3.3 Interfaces configuration Figure 105: The RIP interfaces configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 201 of 463...
Page 202 RIP routing table, to be queried remotely, potentially by anyone on the internet, using RIPv1. This section defines key_chains to be used for MD5 authentication. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 202 of 463...
Page 203: Configuring Rip Using Command Line
By default, all RIP key_chain instances are named key_chain, it is identified by @key_chain then the key_chain position in the package as a number. For example, for the first key_chain in the package using UCI: ripd.@key_chain[0]=key_chain ripd.@key_chain[0].key_chain_name=Keychain1 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 203 of 463...
Page 204 10.1.2.100 ripd.ripd.tb_update_sec=30 ripd.ripd.tb_timeout_sec=180 ripd.ripd.tb_garbage_sec=120 ripd.ripd.default_info_originate=yes ripd.ripd.redistribute_kernel_routes=yes ripd.@interface[0]=interface ripd.@interface[0].rip_interface=lan ripd.@interface[0].auth_mode=no ripd.@interface[0].split_horizon=1 ripd.@interface[0].poison_reverse=0 ripd.@interface[0].passive=0 ripd.@interface[1]=interface ripd.@interface[1].rip_interface=lan2 ripd.@interface[1].split_horizon=1 ripd.@interface[1].poison_reverse=0 ripd.@interface[1].passive=0 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 204 of 463...
Page 205 '10.1.1.100' list neighbor '10.1.2.100' option tb_update_sec '30' option tb_timeout_sec '180' option tb_garbage_sec '120' option default_info_originate 'yes' option redistribute_kernel_routes 'yes' config interface option rip_interface 'lan' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 205 of 463...
Page 206 'md5' option key_chain 'keychain1' config key_chain option key_chain_name 'Keychain1' option key_id '1' option auth_key '123' config offset option metric '1' option match_network '10.1.1.1/24' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 206 of 463...
Page 207: Rip Diagnostics
To stop tracing enter fg to bring tracing task to foreground, and then <CTRL-C> to stop the trace. root@VA_router:~# fg tcpdump -i any -n -p port 67 33 packets captured 33 packets received by filter 0 packets dropped by kernel _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 207 of 463...
Page 208 C>* 11.11.11.0/29 is directly connected, gre-GRE K>* 89.101.154.151/32 via 10.205.154.65, usb0 C>* 127.0.0.0/8 is directly connected, lo C>* 192.168.100.0/24 is directly connected, eth0 R>* 192.168.104.1/32 [120/3] via 11.11.11.4, gre-GRE, 15:54:47 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 208 of 463...
Page 209 Tag Time C(i) 11.11.11.0/29 0.0.0.0 1 self R(n) 192.168.104.1/32 11.11.11.4 3 11.11.11.1 0 02:48 C(i) 192.168.105.1/32 0.0.0.0 1 self R(n) 192.168.154.154/32 11.11.11.1 2 11.11.11.1 0 02:48 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 209 of 463...
Page 210 Interface Send Recv Key-chain gre-GRE Routing for Networks: 11.0.0.0/8 192.168.105.1/32 Routing Information Sources: Gateway BadPackets BadRoutes Distance Last Update 11.11.11.1 00:00:20 Distance: (default is 120) _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 210 of 463...
Page 211: Configuring Multi-Wan
23.2 Configuring Multi-WAN using the web interface In the top menu, select Network -> Multi-Wan. The Multi-WAN page appears. Figure 107: The multi-WAN page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 211 of 463...
Page 212 In the WAN interfaces section, enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters appears. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 212 of 463...
Page 213 23: Configuring Multi-WAN _______________________________________________________________________________________________________ Figure 108: Example interface showing failover traffic destination as the added multi-WAN interface _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 213 of 463...
Page 214 Opt: health_recovery_retries Range Web: Priority Specifies the priority of the interface. The higher the value, the higher the priority. UCI: multiwan.wan.priority Opt: priority Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 214 of 463...
Page 215: Configuring Multi-Wan Using Uci
Multi-WAN UCI configuration settings are stored on /etc/config/multiwan Run UCI export or show commands to see multiwan UCI configuration settings. A sample is shown below. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 215 of 463...
Page 216 '- 111' option rscp_threshold '-90' option ecio_threshold '-15' option ifup_timeout_sec '120' root@VA_router:~# uci show multiwan multiwan.config=multiwan multiwan.config.preempt=yes multiwan.config.alt_mode=no multiwan.config.enabled=yes multiwan.wan=interface multiwan.wan.disabled=0 multiwan.wan.health_interval=10multiwan.wan.health_fail_retries=3 multiwan.wan.health_recovery_retries=5 multiwan.wan.priority=2 multiwan.wan.manage_state=yes _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 216 of 463...
Page 217: Multi-Wan Diagnostics
'dns' option timeout '3' option health_fail_retries '3' option health_recovery_retries '5' option priority '1' option manage_state 'yes' option exclusive_group '0' option ifup_retry_sec '300' option ifup_timeout_sec '40' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 217 of 463...
Page 218 CLI). Enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters will appear. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 218 of 463...
Page 219: Automatic Operator Selection
24 Automatic operator selection This section describes how to configure and operate the Automatic Operator Selection feature of a Virtual Access router. When the roaming SIM is connected, the radio module has the ability to scan available networks. The router, using mobile and multi-WAN packages, finds available networks to create and sort interfaces according to their signal strength.
Page 220 24.2.1.3 Create a primary predefined interface In the web interface top menu, go to Network ->Interfaces. The Interfaces page appears. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 220 of 463...
Page 221 Type the short operator name in lower case, for example: Operator name First four alphanumeric numbers Vodafone UK voda O2 – UK o2uk Orange oran _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 221 of 463...
Page 222 UCI: network.[..x..].ifname Opt: ifname Table 69: Information table for the create interface page Click Submit. The Common Configuration page appears. Figure 111: The common configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 222 of 463...
Page 223 Click the link if you need to configure additional options from Mobile Manager. UCI: N/A Opt: N/A Table 70: Information table for the general set up section Click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 223 of 463...
Page 224 Figure 112: The multi-WAN page In the WAN Interfaces section, type in the name of the Multi-WAN interface. Click Add. The Multi-WAN page appears. Figure 113: The multi-WAN page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 224 of 463...
Page 225 UCI: multiwan.wan.icmp_interval Opt: icmp_interval Range Web: Health Monitor ICMP Count Defines the number of pings to send at each health check. UCI: multiwan.wan.icmp_count Opt: icmp_count Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 225 of 463...
Page 226 Uses the UCI: multiwan.[..x..].ecio_threshold value stored for ecio_db in mobile diagnostics. Opt: ecio_threshold -115 Disabled. Range -46 to -115 dB _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 226 of 463...
Page 227 CDMA* CDMA configuration Callers Configure callers that can use SMS. Roaming Interface Configure Preferred Roaming List options. Template *Option available only for Telit CE910-SL module. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 227 of 463...
Page 228 Note: currently only supported by Hucom/Wetelcom, SIMCom7100, Cellient MPL200 and Asiatel. Blank Range LTE bands range from 1 to 70. Table 72: Information table for mobile manager basic settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 228 of 463...
Page 229 Defines whether to use time obtained from the mobile carrier to update the system clock when NTP is enabled. UCI: mobile.main.disable_time Disabled. Opt: disable_time Enabled. Table 73: Information table for mobile manager advanced settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 229 of 463...
Page 230 Web: Ordered Registration triggers module Enables or disables rebooting the module after Order reboot Registration command is received from a network. UCI: mobile.main. Disabled. mobile.main.cdma_ordered_registration_rebo Enabled. ot_enabled Opt: cdma_ordered_registration_reboot_enabled _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 230 of 463...
Page 231 Opt: cdma_secondary_channel_a Web: Secondary Channel B Allows the secondary channel (B) to be changed. UCI: mobile.main.cdma_secondary_channel_b 1-2016 Any band class 5 channel number. Opt: cdma_secondary_channel_b _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 231 of 463...
Page 232 If checked, the router will return an SMS. Select Respond if you Web: Respond want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 75: Information table for mobile manager callers settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 232 of 463...
Page 233 Adds all generated interfaces to this zone. Select existing zone or click unspecified or create to create new zone. UCI: mobile.@roaming_template[0].firewall_zo Opt: firewall_zone Web: APN APN name of Mobile Network Operator. UCI: mobile.@roaming_template[0].apn Opt: apn _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 233 of 463...
Page 234 Ability to provide IP address. Multiple pings targets can be entered, comma separated. Pings to both must fail for health check to fail. Example: option icmp_hosts ‘1.1.1.1,2.2.2.2’ _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 234 of 463...
Page 235 Specifies the time in seconds for interface to start up. If it is not up after this period, it will be considered a fail. UCI: mobile.@roaming_template[0].ifup_timeo 40 seconds ut_sec Range Opt: ifup_timeout _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 235 of 463...
Page 236 24.2.8.1 Set multi-WAN options for pre-empt disabled To disable PMP + roaming pre-empt, in the top menu, select Network -> Multi-Wan. In the Multi-WAN page, ensure Preempt is not selected. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 236 of 463...
Page 237 The network that offers the best signal strength will be the first to connect. Multi-WAN then controls the failover between the available networks. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 237 of 463...
Page 238 Web: HDR Auto User ID AN-PPP user ID. Supported on Cellient (CDMA) modem only. UCI: mobile.main.hdr_userid Blank Opt: hdr_userid Range Table 77: Information table for mobile manager basic settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 238 of 463...
Page 239 UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 78: Information table for mobile manager caller settings 24.2.11 Roaming interface template Figure 122: The roaming interface template page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 239 of 463...
Page 240 Ability to provide IP address. Multiple pings targets can be entered, comma separated. Pings to both must fail for health check to fail. Example: option icmp_hosts ‘1.1.1.1,2.2.2.2’ _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 240 of 463...
Page 241 Uses the value stored for UCI: sig_dbm in mobile diagnostics.-115 dBm. mobile.@roaming_template[0].signal_thre shold Disabled Opt: signal_threshold Range -46 to -115 dBm Table 79: Information table for roaming interface template _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 241 of 463...
Page 242: Configuring Via Uci
The PMP interface is configured in the network package /etc/config/network. To view the network configuration file, enter: root@VA_router:~# uci export network package network config interface 'loopback' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 242 of 463...
Page 243 3g_s1_voda.auto=0 network. 3g_s1_voda.proto=3g network. 3g_s1_voda.service_order=’auto lte umts gprs’ network. 3g_s1_voda.apn=test IE _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 243 of 463...
Page 244 'disable' option timeout 'disable' option health_fail_retries '3' option signal_threshold '-95' option priority '5' option ifup_retry_sec '120' option ifup_timeout_sec '180' option defaultroute 'yes' option sort_sig_strength 'yes' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 244 of 463...
Page 245 The configuration file for package multiwan is stored on /etc/config/multiwan To see configuration file of mobile package, enter: root@VA_router:~# cat /etc/config/multiwan config multiwan 'config' option enabled '1' option preempt '1' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 245 of 463...
Page 246 The difference between PMP + roaming: pre-empt enabled and disabled is setting one option parameter. To disable pre-empt, enter: uci set multiwan.config.preempt=0 uci commit Note: available values are: Disabled Enabled _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 246 of 463...
Page 247: Configuring No Pmp + Roaming Using Uci
'5' option ifup_timeout_sec '180' option defaultroute 'yes' option sort_sig_strength 'yes' option ifup_retry_sec '200' option health_interval '120' option icmp_hosts '172.31.4.129' option timeout '3' option health_recovery_retries '3' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 247 of 463...
Page 248: Virtual Access
The multiwan package is stored on /etc/config/multiwan. To view the multiwan package, enter: root@VA_router:~# uci export multiwan package multiwan config multiwan 'config' option enabled 'yes' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 248 of 463...
Page 249: Automatic Operator Selection Diagnostics Via The Web Interface
To check the status of the interface you are currently using, in the top menu, click Status. The Interface Status page appears. Scroll down to the bottom of the page to view Multi-WAN Stats. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 249 of 463...
Page 250: Automatic Operator Selection Diagnostics Via Uci
IE roaming.main2_voda_lte.shortname=voda IE roaming.main2_voda_lte.opnum=27201 roaming.main2_voda_lte.interface=main2_voda roaming.main2_voda_lte.servicetype=7 roaming.main2_voda_lte.sim=2 roaming.main2_voda_lte.tested=0 roaming.main2_voda_lte.signalstrength=0 roaming.main2_voda_umts=service roaming.main2_voda_umts.name=vodafone IE roaming.main2_voda_umts.shortname=voda IE roaming.main2_voda_umts.opnum=27201 roaming.main2_voda_umts.interface=main2_voda roaming.main2_voda_umts.servicetype=2 roaming.main2_voda_umts.sim=2 roaming.main2_voda_umts.tested=1 roaming.main2_voda_umts.signalstrength=-79 roaming.main2_voda_gprs=service roaming.main2_voda_gprs.name=vodafone IE roaming.main2_voda_gprs.shortname=voda IE _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 250 of 463...
Page 251 - IRL roaming.main2_o2IR_gprs.opnum=27202 roaming.main2_o2IR_gprs.interface=main2_o2IR roaming.main2_o2IR_gprs.servicetype=0 roaming.main2_o2IR_gprs.sim=2 roaming.main2_o2IR_gprs.tested=0 roaming.main2_o2IR_gprs.signalstrength=0 roaming.status=status roaming.status.num_services=5 roaming.status.scan_update_time=Thu Feb 22 05:02:38 2018 roaming.status.scan_duration=185 Roaming operators are also stored in MIB vaModemRoaming.mib. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 251 of 463...
Page 252 24.6.3 Check interfaces created in network To check interfaces created in the network package, enter: root@VA_router:~# cat /var/const_state/network network.main2_3IRL=interface network.main2_3IRL.snmp_alias_ifindex=3 network.main2_3IRL.sim=2 network.main2_3IRL.defaultroute=yes network.main2_3IRL.username=campen1 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 252 of 463...
Page 253 24.6.4 Check current interface To check the SIM status of the interface you are currently using, enter: root@VA_router:~# cat /var/const_state/mobile mobile.3g_1_1=status mobile.3g_1_1.sim2_iccid=89314404000075920976 mobile.3g_1_1.imei=866802020194140 mobile.3g_1_1.hw_rev=4534B04SIM7100E mobile.3g_1_1.sim_select=yes _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 253 of 463...
Page 254 10:41:27 mobile.3g_1_1.lac=11 mobile.3g_1_1.cell=46542698 mobile.3g_1_1.mnc=05 mobile.3g_1_1.operator_code=27205 mobile.3g_1_1.operator_name=3 IRL DATA ONLY mobile.3g_1_1.rscp_dbm=-86 mobile.3g_1_1.ecio_db=-8.5 mobile.3g_1_1.sig_dbm=-51 mobile.3g_1_1.temperature=37 mobile.3g_1_1.vam_state=connecting mobile.3g_1_1.sim_slot=2 mobile.3g_1_1.sim_in=yes mobile.3g_1_1.technology=UMTS mobile.3g_1_1.registered=Roaming mobile.3g_1_1.reg_code=5 mobile.3g_1_1.registered_pkt=Searching mobile.3g_1_1.reg_code_pkt=2 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 254 of 463...
Page 255: Configuring Connection Watch (Cwatch)
If no Connection Watch configuration exists in the configuration file, first enter a name for the Connection Watch instance and select Add. Figure 126: The add connection watch configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 255 of 463...
Page 256 Web: Failure Action 1 Defines the failure action associated with failure_time_1. Example to force up interface: UCI: cwatch.@watch[0].failure_action_1 option failure_action_1 ‘ifup wan’ Opt: failure_action_1 blank Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 256 of 463...
Page 257: Configuring Cwatch Using Command Line
To define a named cwatch instance using UCI, enter: cwatch.WATCH_MOBILE=watch cwatch.WATCH_MOBILE.enabled=1 To define a named cwatch instance using package options, enter: config watch 'WATCH_MOBILE' option 'enabled' '1' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 257 of 463...
Page 258: Cwatch Diagnostics
Syslog messages will be generated when the failure action is triggered: cwatch[x]: Watch WATCH_MOBILE executed action 1 cwatch[x]: Watch WATCH_MOBILE executed action 2 cwatch[x]: Watch WATCH_MOBILE executed action 3 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 258 of 463...
Page 259: Configuring Dhcp Server And Dns (Dnsmasq)
In the top menu, select Network -> DHCP and DNS. The DHCP and DNS page appears. There are three sections: Server Settings, Active Leases, and Static Leases. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 259 of 463...
Page 260 26: Configuring DHCP server and DNS (Dnsmasq) _______________________________________________________________________________________________________ Figure 128: The DHCP and DNS page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 260 of 463...
Page 261 Opt: list rebind_domain them. No list configured. Range Table 82: Information table for general server settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 261 of 463...
Page 262 Defines local host’s files. When using UCI multiple servers should be entered with a space between them. UCI: dhcp.@dnsmasq[0].addnhosts Opt: list addnhosts Table 83: Information table for resolv and host files section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 262 of 463...
Page 263 Defines the filename of the boot image advertised to clients. This specifies BOOTP options, in most cases just the file name. UCI: dhcp.@dnsmasq[0].dhcp_boot Opt: dhcp_boot Table 84: Information table for TFTP settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 263 of 463...
Page 264 Enables disallow option for forwarding requests that cannot be answered by public name servers. Normally enabled for dial on UCI: dhcp.@dnsmasq[0].filterwin2k demand interfaces. Opt: filterwin2k Enabled. Disabled. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 264 of 463...
Page 265 Opt: dnsforwardmax Range Table 85: Information table for advanced settings 26.2.5 Active leases This section displays all currently active leases. Figure 132: The active leases section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 265 of 463...
Page 266 Web: IPv4 Address The IPv4 address specifies the fixed address to use for this host. UCI: dhcp.@host[0].ip Opt: ip Table 87: Information table for static leases _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 266 of 463...
Page 267 Defines whether the DHCP pool should be enabled for this interface. If not specified for the DHCP pool then the default is UCI: dhcp.@dhcp[x].ignore disabled i.e. dhcp pool enabled. Opt: ignore Disabled. Enabled. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 267 of 463...
Page 268 Table 88: Information table for DHCP server general setup page 26.2.7.2 DHCP server: advanced settings Figure 136: The DHCP server advanced settings section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 268 of 463...
Page 269: Configuring Dhcp And Dns Using Command Line
DHCP options on all interfaces served. 26.3.1.1 Dnsmasq using UCI root@VA_router:~# uci show dhcp dhcp.@dnsmasq[0]=dnsmasq dhcp.@dnsmasq[0].domainneeded=1 dhcp.@dnsmasq[0].boguspriv=1 dhcp.@dnsmasq[0].filterwin2k=0 dhcp.@dnsmasq[0].localise_queries=1 dhcp.@dnsmasq[0].logqueries=1 dhcp.@dnsmasq[0].rebind_protection=1 dhcp.@dnsmasq[0].rebind_localhost=1 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 269 of 463...
Page 270 '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' list interface 'lan' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 270 of 463...
Page 271 @host then the static lease position in the package as a number. For example, for the first static lease in the package using UCI: dhcp.@host[0]=dhcp dhcp.@host[0].name=mypc Or using package options: config host option name ‘mypc’ _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 271 of 463...
Page 272 You can disable a lease pool for a specific interface by specifying the ignore option in the corresponding section. You can configure multiple dhcp pools. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 272 of 463...
Page 273 26.3.3.2 Configuring DHCP pools using package options root@VA_router:~# uci export dhcp package dhcp ….. config 'dhcp' 'LAN' option 'interface' 'LAN' option 'start' '100' option 'limit' '150' option 'leasetime' '12h' option ignore _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 273 of 463...
Page 274: Configuring Dhcp Client
DHCP Client. To create and edit interfaces via the web interface, in the top menu, click Network -> Interfaces. The Interfaces overview page appears. Figure 137: The interfaces overview page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 274 of 463...
Page 275 To create a new interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 138: The create interface page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 275 of 463...
Page 276 Configure the interface settings such as protocol, IP address, gateway, netmask, custom DNS servers, MTU and firewall configuration. IP-Aliases Assign multiple IP addresses to the interface. DHCP Server Configure DHCP server settings for this interface. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 276 of 463...
Page 277 Only General setup and Advanced Settings have DHCP client option configuration options 27.2.3.1 Common configuration – general setup Figure 139: The interface general setup configuration page for DHCP client protocol _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 277 of 463...
Page 278 Opt: send_rs to 0. Do not send router solicitations Send router solicitations Table 91: Information table for general setup configuration settings for DHCP client protocol _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 278 of 463...
Page 279 DNS servers. When unchecked allows UCI: n/a configuration of custom DNS servers via web. There is no uci Opt: n/a option set when checking or unchecking this option. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 279 of 463...
Page 280: Configuring Dhcp Client Using Command Line
Configuring DHCP client using command line The configuration files for DHCP client are stored on /etc/config/network 27.3.1 DHCP client using UCI root@VA_router:~# uci show network ….. network.DHCPCLIENTLAN=interface network.DHCPCLIENTLAN.proto=dhcp _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 280 of 463...
Page 281: Dhcp Client Diagnostics
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:428 (428.0 B) TX bytes:2986 (2.9 KiB) eth0 Link encap:Ethernet HWaddr 00:E0:C8:12:12:15 inet addr:192.168.100.1 Bcast:192.168.100.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:c8ff:fe12:1215/64 Scope:Link _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 281 of 463...
Page 282 To show the current ARP table of the router, enter: root@GW7314:~# arp ? (10.67.253.141) at 30:30:41:30:43:36 [ether] on eth8 ? (10.47.48.1) at 0a:44:b2:06 [ether] on gre-gre1 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 282 of 463...
Page 283 Flags Metric Ref Use Iface 192.168.100.0 255.255.255.0 0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 283 of 463...
Page 284: Configuring Dhcp Forwarding
The DHCP forwarder page appears. The web GUI creates a dhcpfwd section called main so this will be used in the uci examples below. Figure 141: The DHCP forwarder configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 284 of 463...
Page 285: Configuring Dhcp Forwarding Using Command Line
28.3.2 DHCP forwarding using package options root@VA_router:~# uci export dhcp_fwd package dhcp_fwd config dhcpfwd 'main' option enabled '1' list listen_interface 'LAN3' list listen_interface 'lan2' list server '1.1.1.1' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 285 of 463...
Page 286: Dhcp Forwarding Over Ipsec
For more information on configuring a source NAT rule, read the ‘Configuring Firewall’ section of the User Manual. Figure 142: The firewall – traffic rules configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 286 of 463...
Page 287 UCI: firewall.@redirect[X].src_dport Leave empty. Opt: src_dport Table 94: Information table for the souce NAT configuration Figure 143: The firewall – traffic rules – SNAT configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 287 of 463...
Page 288 28.4.3 Configuring source NAT for DHCP forwarding over IPSec using command line 28.4.3.1 Source NAT for DHCP forwarding over IPSec using UCI root@VA_router:~# uci show firewall …… firewall.@redirect[0]=redirect firewall.@redirect[0].target=SNAT firewall.@redirect[0].src=lan firewall.@redirect[0].dest=wan firewall.@redirect[0].src_dip=192.168.100.1 firewall.@redirect[0].name=DHCPMessages firewall.@redirect[0].proto=udp firewall.@redirect[0].dest_port=67 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 288 of 463...
Page 289: Dhcp Forwarding Diagnostics
C> to stop the trace. root@VA_router:~# fg tcpdump -i any -n -p port 67 33 packets captured 33 packets received by filter 0 packets dropped by kernel _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 289 of 463...
Page 290 To show the current ARP table of the router, enter arp root@VA_router:~# arp ? (10.67.253.141) at 30:30:41:30:43:36 [ether] on eth8 ? (10.47.48.1) at 0a:44:b2:06 [ether] on gre-gre1 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 290 of 463...
Page 291: Configuring Dynamic Dns
29.1 Overview Dynamic DNS (DDNS) functionality on a Virtual Access router will dynamically perform DDNS updates to a server so it can associate an IP address with a correctly associated DNS name. Users can then contact a machine, router, device and so on with a DNS name rather than a dynamic IP address.
Page 292 UCI: ddns.<name>.ip_source network IP is a associated with a network configuration. Opt: ip_source interface IP is associated with an interface. IP is associated with a URL. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 292 of 463...
Page 293: Dynamic Dns Using Uci
Dynamic DNS uses the ddns package /etc/config/ddns 29.4.1 UCI commands for DDNS root@VA_router:~# uci show ddns ddns.ddns1=service ddns.ddns1.enabled=1 ddns.ddns1.service_name=dyndns.org ddns.ddns1.domain=fqdn_of_interface ddns.ddns1.username=testusername ddns.ddns1.password=testpassword ddns.ddns1.ip_source=network ddns.ddns1.ip_network=dsl0 ddns.ddns1.check_interval=10 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 293 of 463...
Page 294 'test' option password 'test' option ip_source 'network' option ip_network 'dsl0' option check_interval '10' option check_unit 'minutes' option force_interval '72' option force_unit 'hours' option interface 'dsl0' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 294 of 463...
Page 295: Configuring Hostnames
30.2.2 Configuring local host files entries using the web interface In the top menu, select Network -> Interfaces. The Interfaces configuration page appears. Browse to Host Records section at the bottom of the page. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 295 of 463...
Page 296 For example, for the first host in the package using UCI: network.@host[0]=host network.@host[0].hostname=Device1 Or using package options: config host option hostname 'Device1' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 296 of 463...
Page 297: Ptr Records
Package Sections dhcp domain 30.3.2 Configuring PTR records using the web interface In the top menu, select Network -> Hostnames. The Hostnames configuration page appears. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 297 of 463...
Page 298 For example, for the first domain in the package using UCI: dhcp.@domain[0]=domain dhcp.@domain[0].name=Domain1 Or using package options: config domain option name 'Domain1' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 298 of 463...
Page 299: Static Leases
30.4.2 Configuring static leases using the web interface In the top menu, select Network -> DHCP and DNS. The DHCP and DNS configuration page appears. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 299 of 463...
Page 300 By default, all dhcp host instances are named host. It is identified by @host then the host position in the package as a number. For example, for the first host in the package using UCI: dhcp.@host[0]=host dhcp.@host[0].name=Host1 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 300 of 463...
Page 301 30.4.3.2 Static leases using package option root@VA_router:~# uci export dhcp package dhcp …… config host option name 'Host1' option mac 'aa:bb:cc:dd:ee:ff' option ip '4.4.4.4' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 301 of 463...
Page 302: Configuring Firewall
The zones section groups one or more interfaces and serves as a source or destination for forwardings, rules and redirects. Masquerading (NAT) of outgoing traffic is controlled on a per-zone basis. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 302 of 463...
Page 303 ICMP message is returned to the source host. Drop Dropped packets are blocked by the firewall. Table 100: Information table for general zone general settings page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 303 of 463...
Page 304 Reject Rejected packets are blocked by the firewall and ICMP message is returned to the source host. Drop Dropped packets are blocked by the firewall. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 304 of 463...
Page 305 UCI: firewall.<zone label>.network Note: use the uci list syntax to edit this setting through UCI. Opt: network Table 101: Information table for firewall zone general settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 305 of 463...
Page 306 Note: For configs with a large number of firewall rules, disabling NAT reflection will speed up load of firewall rules on interface Opt: reflection start. Disable reflection. Enable reflection. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 306 of 463...
Page 307 Firewall Zone settings. To edit an existing port forward select edit. To add a new port forward select add. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 307 of 463...
Page 308 After the redirect is created and saved, to make changes, click Edit. This will provide further options to change the source/destination zones; specify source mac addresses and enable NAT loopback (reflection). _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 308 of 463...
Page 309 Specifies the traffic source zone. It must refer to one of the defined zone names. When using the web interface, this is set to UCI: firewall.<redirect label>.src WAN initially. Opt: src _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 309 of 463...
Page 310 -m policy --dir in for IPSec. The UCI: firewall.<redirect label>.extra arguments are entered as text strings. Opt: extra Table 105: Information table for port forward edits fields _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 310 of 463...
Page 311 31.2.3 Firewall traffic rules Rules can be defined to allow or restrict access to specific ports, hosts or protocols. Figure 158: The firewall traffic rules page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 311 of 463...
Page 312 For DNAT, redirects matched incoming traffic to the specified internal host. UCI: firewall.<rule label>.dest_ip For SNAT, matches traffic directed at the given address. Opt: dest_ip _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 312 of 463...
Page 313 Table 107: Information table for match ICMP type drop-down menu _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 313 of 463...
Page 314: Configuring Firewall Using Uci
_______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 314 of 463...
Page 315 'Forward' To set port forwarding rules, enter: uci add firewall redirect uci set firewall.@redirect[1].name=Forward uci set firewall.@redirect[1].proto=tcp uci set firewall.@redirect[1].src=wan <- zone names _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 315 of 463...
Page 316 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 316 of 463...
Page 317: Ipv6 Notes
(DoS). _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 317 of 463...
Page 318: Connection Tracking
ACCEPT option proto This example enables machines on the internet to use SSH to access your router. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 318 of 463...
Page 319: Virtual Access
When used alone, Source NAT is used to restrict a computer's access to the internet, but allows it to access a few services by manually forwarding what appear to be a few local _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 319 of 463...
Page 320 The following rule blocks all connection attempts from the client to the internet. config rule option src option dest option src_mac 00:00:00:00:00:00 option target REJECT _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 320 of 463...
Page 321 Vlan12 interface in the network file. When reverse path filtering mechanism is enabled, the router will check whether a receiving packet source address is routable. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 321 of 463...
Page 322 !192.168.1.100 option src_dport option dest_ip 192.168.1.100 option dest_port 3128 option target DNAT config redirect option dest option proto _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 322 of 463...
Page 323 ACCEPT For some configurations you also have to open port 500/UDP. # ISAKMP protocol config rule option src option dest option proto option src_port _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 323 of 463...
Page 324 It is possible to observe the iptables commands generated by the firewall programme. This is useful to track down iptables errors during firewall restarts or to verify the outcome of certain UCI rules. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 324 of 463...
Page 325 1: root@VA_router:/# FW_TRACE=1 fw reload To direct the output to a file for later inspection, enter: root@VA_router:/# FW_TRACE=1 fw reload 2>/tmp/iptables.lo _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 325 of 463...
Page 326: Configuring Ipsec
If you need to create an IPSec template for DMVPN, read the chapter ‘Dynamic Multipoint Virtual Private Network (DMVPN)’. The number of IPSec tunnels supported by Virtual Access’ routers is not limited in any way by software; the only hardware limitation is the amount of RAM installed on the device.
Page 327 Debug enabled. Most verbose logging also includes sensitive information such as keys. Table 108: Information table for IPSec common settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 327 of 463...
Page 328 Connection uses transport mode. pass Connection does not perform any IPSec processing. drop Connection drops all the packets. Table 109: Information table for connection settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 328 of 463...
Page 329 Defines the IP address of LAN serviced by remote peer. UCI: strongswan.@connection[X]. remotelan Opt:remotelan Web: Remote LAN IP Address Mask Defines the Subnet of remote LAN. UCI: strongswan.@connection[X]. remotelanmask Opt:remotelanmask _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 329 of 463...
Page 330 Using extended authentication and preshared key. never Can be used if negotiation is never to be attempted or accepted (shunt connections). Table 110: Information table for IP addressing settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 330 of 463...
Page 331 3des aes128 aes256 serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is aes128-sha-modp1536. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 331 of 463...
Page 332 UCI: begin. strongswan.@connection[X].rekeymargin Relevant only locally, other end need not agree on it. Opt: rekeymargin Timespec 1d, 2h, 9m, 10s. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 332 of 463...
Page 333 Opt: initial_contact Do not set initial contact flag Set initial contact flag on first attempt Table 111: Information table for IPSec connections settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 333 of 463...
Page 334 Ecdsasig Elliptic Curve DSA signatures Xauth Extended authentication Web: Secret Defines the secret. UCI: strongswan.@secret[X].secret Opt: secret Table 112: Information table for IPSec secrets settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 334 of 463...
Page 335: Configuring Ipsec Using Uci
_______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 335 of 463...
Page 336 '3G_Backup' option auto 'start' option type 'tunnel' option remoteaddress '100.100.100.100 ' option localid '192.168.209.1' option remoteid '100.100.100.100 ' option locallan '192.168.209.1' option locallanmask '255.255.255.255' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 336 of 463...
Page 337 'local' option enabled 'yes' option locallan '10.1.1.1' option locallanmask '255.255.255.255' option remotelan '10.1.1.0' option remotelanmask '255.255.255.0' option type 'pass' option auto 'route' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 337 of 463...
Page 338 /etc/config/strongswan uci add strongswan secret uci set strongswan.@secret[1].enabled=yes uci set strongswan.@secret[1].idtype=userfqdn uci set strongswan.@secret[1].userfqdn=testxauth uci set strongswan.@secret[1].remoteaddress=100.100.100.100 uci set strongswan.@secret[1].secret=xauth uci set strongswan.@secret[1].secrettype=XAUTH uci commit _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 338 of 463...
Page 339: Configuring An Ipsec Template For Dmvpn Via The Web Interface
Connection Settings Together, these sections define the required parameters for a two-way IKEv1 tunnel. Secret Settings 32.4.1 Configure common settings Figure 164: The common settings section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 339 of 463...
Page 340 Remote Id • Local LAN IP Address • Local LAN IP Address Mask • Remote LAN IP Address • Remote LAN IP Address Mask • _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 340 of 463...
Page 341 32: Configuring IPSec _______________________________________________________________________________________________________ Figure 165: The connections settings section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 341 of 463...
Page 342 UCI: strongswan.@connection[X]. Leave blank for DMVPN. remotelanmask Opt:remotelanmask Web: Local Protocol Restricts the connection to a single protocol on the local side. UCI: strongswan.@connection[X].localproto Opt: localproto _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 342 of 463...
Page 343 3des aes128 aes256 serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is: aes128-sha-modp1536. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 343 of 463...
Page 344 UCI: one, before giving up. The value %forever means 'never give strongswan.@connection[X].keyringtries up'. Relevant only locally, other end need not agree on it. Opt: keyringtries _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 344 of 463...
Page 345 Defines the local address this secret applies to. UCI: strongswan.@secret[X].localaddress Opt: localaddress Web: ID selector Defines the remote address this secret applies to. UCI: strongswan.@secret[X]. remoteaddress Opt: remoteaddress _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 345 of 463...
Page 346: Configuring An Ipsec Template To Use With Dmvpn
_______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 346 of 463...
Page 347 '30s' option keyingtries '%forever' option dpdaction 'hold' option dpddelay '30s' option dpdtimeout '150s' config secret option enabled 'yes' option secrettype 'psk' option secret 'secret' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 347 of 463...
Page 348: Ipsec Diagnostics Using The Web Interface
10.68.234.133/32[gre] === 192.168./32[gre] dmvpn_89_101_154_151{1}: INSTALLED, TRANSPORT, ESP in UDP SPIs: cca7b970_i d874dc90_o dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 89.101.154.151/32[gre] To view a list of IPSec commands, enter: root@VA_router:~# ipsec –help _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 348 of 463...
Page 349: Dynamic Multipoint Virtual Private Network (Dmvpn)
New hubs can be added to the network to improve the performances and reliability. Ability to carry multicast and main routing protocols traffic (RIP, OSPF, BGP). • DMVPN can be deployed using Activator, the Virtual Access automated • provisioning system. Simplifies branch communications by enabling direct branch to branch •...
Page 350: Dmvpn Scenarios
Then it initiates VPN IPSec connection to spoke2. When an IPSec tunnel is established, spoke1 and spoke2 can send traffic directly • to each other. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 350 of 463...
Page 351 Note: if an IPSec tunnel fails to be established between the spokes then packets between the spokes are sent via the hub. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 351 of 463...
Page 352: Configuration Packages Used
Selects the IPSec connection, defined in strongSwan, to be used as a template. UCI: dmvpn.common.ipsec_template_name Opt: ipsec_template_name Table 116: Information table for DMVPN general settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 352 of 463...
Page 353 Table 117: Information table for DMVPN hub settings 33.5.3 Configuring an IPSec template for DMVPN using the web interface Configuring an IPSec template is covered in the chapter ‘Configuring IPSec’. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 353 of 463...
Page 354: Dmvpn Diagnostics
Type: local Protocol-Address: 11.11.11.7/32 Alias-Address: 11.11.11.3 Flags: up Interface: gre-GRE Type: local Protocol-Address: 11.11.11.3/32 Flags: up Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 354 of 463...
Page 355 10.68.234.133[10.68.234.133]...89.101.154.151[89.101.154.151] dmvpn_89_101_154_151{1}: REKEYING, TRANSPORT, expires in 55 seconds dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 192.168./32[gre] dmvpn_89_101_154_151{1}: INSTALLED, TRANSPORT, ESP in UDP SPIs: cca7b970_i d874dc90_o dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 89.101.154.151/32[gre] _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 355 of 463...
Page 356 Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 Flags: used up Expires-In: 0:18 Interface: gre-GRE Type: static Protocol-Address: 11.11.11.1/29 NBMA-Address: 89.101.154.151 Flags: up _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 356 of 463...
Page 357: Configuring Multicasting Using Pim And Igmp Interfaces
To configure PIM through the web interface, in the top menu, select Network -> PIM. The PIM page appears. To access the Global settings, click Add. Figure 174: The global settings interface _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 357 of 463...
Page 358 Enable SSM on given interface. UCI: pimd.interface[x].ssm Disabled. Opt: ssm Enabled. Table 120: Information table for interface settings To save your configuration updates, click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 358 of 463...
Page 359: Configuring Pim And Igmp Using Uci
'yes' option igmp 'no' Alternatively, enter: uci show pimd root@VA_router:/etc/config1# uci show pimd pimd.pimd=routing pimd.pimd.enabled=yes pimd.@interface[0]=interface pimd.@interface[0].enabled=yes pimd.@interface[0].interface=lan pimd.@interface[0].ssm=yes pimd.@interface[0].igmp=yes pimd.@interface[1]=interface pimd.@interface[1].enabled=yes pimd.@interface[1].interface=wan _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 359 of 463...
Page 360 34: Configuring multicasting using PIM and IGMP interfaces _______________________________________________________________________________________________________ pimd.@interface[1].ssm=yes pimd.@interface[1].igmp=no To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 360 of 463...
Page 361: Qos: Vlan 802.1Q Pcp Tagging
35.1 Configuring VLAN PCP tagging Virtual Access routers have the capability to respect and set PCP priority values inside 802.1Q VLAN tagged frames. The following partial export of network configuration shows how to configure VLAN priorities for specific interfaces (VLANs).
Page 362 Any frames received on VLAN4 destined to VLAN2 with PCP priority set to 0 will • have a priority of 5 set as they leave the router on VLAN4. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 362 of 463...
Page 363 ‘vlan_qos_map_egress’ and are destined to tagged interface, 802.1Q tag will be created with a default priority of 0 and then the priority will be set according to the PCP value specified as the frames leave port. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 363 of 463...
Page 364: Qos: Type Of Service
36: QoS: type of service _______________________________________________________________________________________________________ 36 QoS: type of service Virtual Access routers are capable of implementing quality of service configurations on a per interface basis, which allows traffic prioritisation based on type of service criteria parameters. 36.1 QoS configuration overview...
Page 365 Table 121: Information table for QoS page To add classification rules, click Add. The Classification Rules section appears. Configure each classification rule with the following parameters. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 365 of 463...
Page 366: Configuring Qos Using Uci
Each interface can have its own buffer. The interface section declares global characteristics of the connection on which the specified interface is communicating. The following options are defined within this section: _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 366 of 463...
Page 367 UCI: qos.Default.classes=Express Normal Specifies the list of names of classes which should be part of classgroup. Opt: classes qos.Default.default=Normal Defines which class is considered default. Opt: default _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 367 of 463...
Page 368 Defines to how many % of the available bandwidth this class is capped to. Opt: limitrate 36.4.4 Classify Classifiers match the traffic for desired class. config classify option target 'Express' option proto 'udp' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 368 of 463...
Page 369: Example Qos Configurations
'Express' option packetsize '1000' option maxsize '800' option avgrate '50' option priority '10' option limitrate '10' config classify option target 'Express' option proto 'udp' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 369 of 463...
Page 370: Management Configuration Settings
37.2 Monitor Monitor is a Virtual Access proprietary tool, based on SNMP protocol, to monitor wide networks of deployed routers. The router will be configured to send information to Monitor, which is then stored and viewed centrally via the Monitor application. This includes features such as traffic light availability status, syslog and SLA monitoring.
Page 371: Autoload: Boot Up Activation
In the top menu, select Services ->Autoload. The Autoload page has two sections: Basic Settings and Entries. Click Add to access configuration settings for each section. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 371 of 463...
Page 372 Defines how many minutes to back off for if a download and all retires fail. After the backoff period, the entire autoload sequence UCI: autoload.main.BackoffTimer will start again. Opt: Backofftimer Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 372 of 463...
Page 373: Autoload Using Uci
Table 123: Information table for autoload 37.6 Autoload using UCI root@VA_router:/# uci show autoload autoload.main=core autoload.main.Enabled=yes autoload.main.StartTimer=10 autoload.main.RetryTimer=30 autoload.main.NumberOfRetries=5 autoload.main.BackoffTimer=15 autoload.main.BootUsingConfig=altconfig autoload.main.BootUsingImage=altimage autoload.@entry[0]=entry autoload.@entry[0].Configured=yes autoload.@entry[0].SegmentName=altconfig autoload.@entry[0].RemoteFilename=$$.ini autoload.@entry[1]=entry autoload.@entry[1].Configured=yes autoload.@entry[1].SegmentName=altimage autoload.@entry[1].RemoteFilename=$$.img _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 373 of 463...
Page 374: Http Client: Configuring Activation Using The Web Interface
The httpclient core section configures the basic functionality of the module used for retrieving files from Activator during the activation process. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 374 of 463...
Page 375 IP address or FQDN. The syntax should be x.x.x.x:443 UCI: httpclient.default.SecureFileServer or FQDN:443. Multiple servers should be separated by a space Opt: list SecureFileServer using UCI. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 375 of 463...
Page 376 Defines whether to skip the status check on the server certificate. UCI: httpclient.default.IgnoreServerCertificateS Enabled. tatus Disabled. Opt: IgnoreServerCertificateStatus Table 124: Information table for HTTP client _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 376 of 463...
Page 377: Httpclient: Activator Configuration Using Uci
FileServer '1.1.1.2:80' listSecureFileServer '1.1.1.1:443' list SecureFileServer '1.1.1.2:443' option ActivatorDownloadPath '/Activator/Sessionless/Httpserver.asp' option SecureDownload 'no' option PresentCertificateEnabled 'no' option ValidateServerCertificateEnabled 'no' option CertificateFile '/etc/httpclient.crt' option CertificateFormat 'PEM' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 377 of 463...
Page 378: User Management Using Uci
Note: chapuser will only work if linux user is set to Enabled. UCI: management_users.@user[x].chapuser Disabled. Opt: chapuser Enabled. Web: n/a Specifies PAP access permissions for the PPP connection. UCI: management_users.@user[x].papuser Disabled. Opt: papuser Enabled. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 378 of 463...
Page 379: Configuring The Management User Password Using Uci
The new password will take effect after reboot and will now be displayed in encrypted format through the hashpassword option. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 379 of 463...
Page 380: Configuring Management User Password Using Package Options
37.14 User management using package options root@VA_router:~# uci export management_users package management_users config user _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 380 of 463...
Page 381: Configuring User Access To Specific Web
To specify monitor widgets only, enter: listallowed_pages 'monitor/<widgetname>' Example widget names are: dhcp, arp, 3gstats, interfaces, memory, multiwan, network, openvpn, routes, system, ipsec, dmvpn, tservd. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 381 of 463...
Page 382: Configuring Monitor
38: Configuring Monitor _______________________________________________________________________________________________________ 38 Configuring Monitor 38.1 Introduction Virtual Access monitoring system (Monitor) is a secure portal that provides: Centralised monitoring of devices • Device status • GPS location • • Syslog reporting • Real time diagnostics Email notification •...
Page 383 Specifies what SNMP version is sent to remote Manager. UCI: snmp version 1 monitor.@keepalive[0].snmp_version SNMP version 2c Opt: snmp_version SNMP version 3 Table 126: Information table for Monitor & ISAD basic configuration _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 383 of 463...
Page 384 Web: SNMPv3 Context Specifies snmpv3 context name. UCI: monitor.@keepalive[0].snmp_context Opt: snmp_context Web: SNMPv3 Context Engine ID Specifies snmpv3 context engine ID. UCI: monitor.@keepalive[0].snmp_context_eid Opt: snmp_context_eid _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 384 of 463...
Page 385 To define a named keepalive instance using package options, enter: config keepalive 'keepalivev1' option enabled '1' 38.2.4 Keepalive using UCI root@VA_router:~# uci show monitor monitor.keepalivev1=keepalive monitor.keepalivev1enabled=1 monitor.keepalivev1.interval_min=1 monitor.keepalivev1.dev_reference=router1 monitor.keepalivev1.monitor_ip=10.1.83.36 monitor.keepalivev1.snmp_version=1 monitor.keepalivev2=keepalive _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 385 of 463...
Page 386 'yes' list monitor_ip '10.1.83.36' config keepalive 'keepalivev2' option enable '1' option interval_min '1' list monitor_ip '172.16.250.100' option dev_reference 'TEST' option snmp_version '2c' config keepalive 'keepalivev3' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 386 of 463...
Page 387 38.2.7 Enabling interface status using command line Interface status is configured under the network package. 38.2.7.1 Enable interface status using UCI root@VA_router:~# uci show network network.@interface[0]=interface …… _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 387 of 463...
Page 388: Reporting Gps Location To Monitor
Enables GPS coordinates to be sent in the heartbeat keepalive to Monitor. UCI: monitor.core.enabled Opt: enabled Disabled. Enabled. Table 129: Information table for reporting GPS commands _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 388 of 463...
Page 389: Reporting Syslog To Monitor
To view GPS coordinates via command line, enter gpspeek: root@VA_router:~# gpspeek Fix: 3D,1495467700,53.342529,- 6.241236,27.700000,202.600000,0.000000,0.000000 38.4 Reporting syslog to Monitor 38.4.1 Configuration package used Package Sections system main _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 389 of 463...
Page 390 38.4.3.1 Syslog events to Monitor using UCI root@VA_router:~# uci show system system.main=system …… system.main.log_ip=1.1.1.1 system.main.log_port=514 …… 38.4.3.2 Syslog events to Monitor using package options root@VA_router:~# uci export system package system _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 390 of 463...
Page 391: Configuring Isad
Interface Stats section. Figure 187: The Monitor Keepalive & ISAD Interface Stats page Web Field/UCI/Package Option Description Web: Enabled Enables ISAD. UCI: monitor.stats.enabled=1 Disabled. Opt: enabled Enabled. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 391 of 463...
Page 392 'keepalivev1' option interval_min '1' option enabled '1' list monitor_ip '10.1.83.36 option dev_reference 'router1' config interface_stats 'stats' option enabled '1' option bin_period '1h' option bin_cache_size '24' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 392 of 463...
Page 393 Monitor server IP 89.101.154.154 using TFTP. package uds config script 'isb_upload_scr' option enabled '1' option exec_type 'periodic' option period '1h' list text '/usr/sbin/isb_upload.lua 89.101.154.154:69' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 393 of 463...
Page 394: Configuring Snmp
Configuring SMNP using the web interface In the top menu, select Services -> SNMP. The SNMP Service page appears. Figure 188: The SNMP service page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 394 of 463...
Page 395 SNMP data on the device. These community strings should be chosen carefully to ensure they are not trivial. They should also be changed at regular intervals and in accordance with network security policies. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 395 of 463...
Page 396 Table 133: Information table for Com2Sec settings 39.2.3 Group settings Group settings assign community names and SNMP protocols to groups. Figure 190: The group settings section _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 396 of 463...
Page 397 OID to be included in or excluded from the view. Only numerical representation is supported. UCI: snmpd.view[x].oid Example Opt: oid Everything 1.3.6.1.2.1.2 Interfaces table Table 135: Information table for view settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 397 of 463...
Page 398 UCI: snmpd.access[x].write Opt: write Web: Notify Specifies the view to be used for notify access. UCI: snmpd.access[x].notify Opt: notify Table 136: Information table for access settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 398 of 463...
Page 399 Table 137: Information table for trap receiver settings 39.2.7 Inform receiver Inform receiver settings define a notification receiver that should be sent SNMPv2c INFORM notifications. Figure 194: The inform receiver settings page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 399 of 463...
Page 400 Defines the OID branch to restrict this user to. Similar to view restrictions in v1 and v2c UCI: snmpd.@usm_user[0].oid Opt: oid Table 139: Information table for USM user settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 400 of 463...
Page 401: Configuring Snmp Using Command Line
The following sample specifies that a request from any source using “public” as the community string will be dealt with using the security name “ro”. However, any request _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 401 of 463...
Page 402 Similarly, requests from the security name “rw” in all protocols are mapped to the “private” group. 39.3.4.1 Group settings using UCI snmpd.grp_1_v1=group snmpd.grp_1_v1.version=v1 snmpd.grp_1_v1.group=public snmpd.grp_1_v1.secname=ro snmpd.grp_1_v2c=group snmpd.grp_1_v2c.version=v2c _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 402 of 463...
Page 403 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 403 of 463...
Page 404 'rw' config 'group' 'private_v2c' option group 'private' option version 'v2c' option secname 'rw' config 'group' 'private_usm' option group 'private' option version 'usm' option secname 'rw' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 404 of 463...
Page 405 39.3.6.1 Access using package options config 'access' 'public_access' option group 'public' option context 'none' option version 'any' option level 'noauth' option prefix 'exact' option read 'all' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 405 of 463...
Page 406 To define a named trap receiver instance using UCI, enter: snmpd.TrapRecv1=TrapRecv1 snmpd.TrapRecv1.host=1.1.1.1:161 To define a named trap receiver instance using package options, enter: config trapreceiver TrapRecv1 option host ‘1.1.1.1:161’ _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 406 of 463...
Page 407 To define a named trap receiver instance using UCI, enter: snmpd.InformRecv1=InformRecv1 snmpd.InformRecv1.host=1.1.1.1 To define a named trap receiver instance using package options, enter: config informreceiver InformRecv1 option host ‘1.1.1.1’ _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 407 of 463...
Page 408 To define a named usm_user instance using package options, enter: config usm_user 'User1' option name 'username' 39.3.9.1 SNMP USM user using UCI snmpd.@usm_user[0]=usm_user snmpd.@usm_user[0].name=username snmpd.@usm_user[0].auth_protocol=SHA _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 408 of 463...
Page 409: Configuring Snmp Interface Alias With Static Snmp Index
Otherwise, a dummy entry is created with the same ifDescr, and its ifOper field set to DOWN. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 409 of 463...
Page 410 …… 39.4.3.2 SNMP interface alias using package options root@VA_router:~# uci show network config interface ‘MOBILE’ …… option snmp_alias_ifindex ‘11’ option snmp_alias_ifdescr ‘primary_mobile’ …… _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 410 of 463...
Page 411: Snmp Diagnostics
39.5.3.1 snmpwalk To do an snmpwalk locally, enter snmpwalk. An example snmpwalk is shown below: root@VA_router:~# snmpwalk -c public -v 1 localhost .1.3.6.1.2.1.1 iso.3.6.1.2.1.1.1.0 = STRING: "Virtual Access GWXXXX, SN# 00E0C812D1A0, EDG-21.00.07.008" iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.2078 iso.3.6.1.2.1.1.3.0 = Timeticks: (71816) 0:11:58.16 iso.3.6.1.2.1.1.4.0 = STRING: "info@virtualaccess.com"...
Page 412 To view an overview including tx/rx packets and uptime of the SNMP process, enter snmpstatus. root@VA_router:~# snmpstatus -c public -v 2c localhost [UDP: [0.0.0.0]->[127.0.0.1]:161]=>[Virtual Access GWXXXX, SN# 00E0C812D1A0, EDG-21.00.07.008] Up: 0:17:05.87 Interfaces: 21, Recv/Trans packets: 47632/9130 | IP: 15045/8256 15 interfaces are down! _______________________________________________________________________________________________________ ©...
Page 413: Event System
40: Event system _______________________________________________________________________________________________________ 40 Event system Virtual Access routers feature an event system. It allows you to forward Virtual Access specific router events to predefined targets for efficient control and management of devices. This chapter explains how the event system works and how to configure it using UCI commands.
Page 414: Configuring The Event System Using The Web Interface
Events Destination Configures the event targets. Event Filters Configures the forwarding rules. 40.3.1 Basic settings Figure 197: The VA event system basic settings configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 414 of 463...
Page 415 Defines the connection tester type. UCI: va_eventd.@conn_tester[0].type Web Value Description Opt: type Ping Verifies target by ping. ping Link Verifies target by checking link routed interface is up. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 415 of 463...
Page 416 When a syslog target receives an event, it sends it to the configured syslog server. Figure 199: The VA event system syslog event destination configuration page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 416 of 463...
Page 417 UCI: va_eventd.@target[0].template See the section on message templates below. Opt: template Range Table 145: Information table for event system syslog event destination settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 417 of 463...
Page 418 Defines the from address for the email. UCI: va_eventd.@target[0].from Opt: from Range Web: To Defines to address for the email. UCI: va_eventd.@target[0].to Opt: to Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 418 of 463...
Page 419 Table 146: Information table for event system email event destination settings 40.3.3.3 SNMP target When a SNMP target receives an event, it sends it in a trap to the configured SNMP manager. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 419 of 463...
Page 420 See the section on message templates below. Range Web: Agent Address Defines the IP address to source the SNMP trap. (optional) UCI: va_eventd.@target[0]. agent_addr localhost Opt: agent_addr Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 420 of 463...
Page 421 Defines the SNMPv3 security engine ID. UCI: va_eventd.@target[0].snmp_sec_eid (Only displayed when SNMP authentication protocol is configured.) Opt: snmp_sec_eid Range Table 147: Information table for event system SNMP event destination settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 421 of 463...
Page 422 Opt: cmd_template va_eventd.@target[0].cmd_template="logger -t eventer %{eventName}" See the section on message templates below. Range Table 148: Information table for event system execute event destination settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 422 of 463...
Page 423 Web: Phone Number Defines the phone number for sending SMS to. UCI: va_eventd.@target[0].callee Opt: callee Range Table 149: Information table for event system SMS event destination settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 423 of 463...
Page 424 Web: Max Size (KiB) Defines a file size in kilobits. UCI: va_eventd.@target[0].max_size_kb 2048 Opt: file_name Range Table 150: Information table for event system file event destination settings _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 424 of 463...
Page 425 (-) separator in the form minimum-maximum. Example: va_eventd.@forwarding[0].severity=debug-error debug minimum severity info notice warning error critical alert emergency maximum severity _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 425 of 463...
Page 426: Configuring The Event System Using Command Line
@target then the target position in the package as a number. For example, for the first target in the package using UCI: va_eventd.@target[0]=target va_eventd.@target[0].enabled=1 Or using package options: config target option enabled '1' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 426 of 463...
Page 427 #Sample SNMP va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].type=ping va_eventd.@conn_tester[0].ping_dest_addr=192.168.100.1 va_eventd.@conn_tester[0].ping_success_duration_sec=60 va_eventd.@conn_tester[0].name=SNMPTest va_eventd.@conn_tester[0].ping_source=LAN1 va_eventd.@target[0]=target va_eventd.@target[0].suppress_duplicate_forwardings=no va_eventd.@target[0].type=snmp va_eventd.@target[0].agent_addr=localhost va_eventd.@target[0].name=SNMPTarget va_eventd.@target[0].conn_tester=SNMPTest va_eventd.@target[0].target_addr=192.168.100.126:68 va_eventd.@target[0].snmp_version=3 va_eventd.@target[0].snmp_uname=v3username va_eventd.@target[0].snmp_auth_proto=MD5 va_eventd.@target[0].snmp_auth_pass=md5password va_eventd.@target[0].snmp_priv_proto=AES va_eventd.@target[0].snmp_priv_pass=aespassword va_eventd.@target[0].snmp_context=v3context _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 427 of 463...
Page 428 #Sample Email va_eventd.@conn_tester[2]=conn_tester va_eventd.@conn_tester[2].name=EmailTest va_eventd.@conn_tester[2].type=link va_eventd.@conn_tester[2].link_iface=PoAADSL va_eventd.@target[2]=target va_eventd.@target[2].timeout_sec=10 va_eventd.@target[2].name=EmailTarget va_eventd.@target[2].type=email va_eventd.@target[2].conn_tester=EmailTest _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 428 of 463...
Page 429 #Sample SMS va_eventd.@target[3]=target va_eventd.@target[3].name=SMStarget va_eventd.@forwarding[3].target=SMStarget va_eventd.@target[3].type=sms va_eventd.@target[3].template=%{serial} %{severityName} %{eventName}!!! va_eventd.@target[3].callee=0123456789 va_eventd.@forwarding[3]=forwarding va_eventd.@forwarding[3].enabled=yes va_eventd.@forwarding[3].target=SMStarget va_eventd.@forwarding[3].className=auth va_eventd.@forwarding[3].eventName=LoginSSH va_eventd.@forwarding[3].severity=notice-notice #Sample Execute va_eventd.@target[4]=target va_eventd.@target[4].name=ExecTarget va_eventd.@target[4].type=exec _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 429 of 463...
Page 430 'ping' option ping_dest_addr '192.168.100.1' option ping_success_duration_sec '60' option name 'SNMPTest' option ping_source 'LAN1' config target option suppress_duplicate_forwardings 'no' option type 'snmp' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 430 of 463...
Page 431 'LAN1' option ping_success_duration_sec '60' config target option name 'SyslogTarget' option type 'syslog' option conn_tester 'SyslogTest' option target_addr '192.168.100.2:514' option tcp_syslog '0' config forwarding _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 431 of 463...
Page 432 'yes' option target 'EmailTarget' option className 'power' option eventName 'IgnitionOff' option severity 'notice-notice' # Sample SMS config target option name 'SMStarget' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 432 of 463...
Page 433 'FileTarget' option type 'file' option file_name '\tmp\eventfile' option max_size_kb '1028' config forwarding option enabled 'yes' option target 'FileTarget' option severity 'debug-error' _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 433 of 463...
Page 434: Event System Diagnostics
2 | BadPasswordSSH | warning | SSH login attempt from %{p2}: ba.. | auth 3 | BadUserConsole | warning | Console login attempt on %{p1}: .. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 434 of 463...
Page 435 3 | WiFiStationAttached | notice | WiFi station %{p2} connected to .. | wifi 3 | WiFiStationAttached | notice | WiFi station %{p2} connected to .. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 435 of 463...
Page 436 3 | QueryTimeout | warning | NTP query to %{p1} timed out. Ne.. | ntp 4 | QueryFailed | warning | NTP query failed: %{p1} _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 436 of 463...
Page 437: Configuring Data Usage Monitor
Virtual Access cannot be held liable for any fees charged by the carrier to the customer for their data usage. We recommend that the configured data usage is lower than the allowance and that traffic percentage alerts are used.
Page 438 Set multiple limits via UCI using a space separator. Opt: monthly_warning_levels Example: uci set procrustes.@limit[0].monthly_warning_levels=”15 25” Zero means no limit. Range Table 152: Information table for data usage commands _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 438 of 463...
Page 439 The following examples show two limit groups wan and lan. 41.3.2 Procrustes using UCI root@VA_router:~# uci show procrustes procrustes.lan=limit procrustes.lan.enabled=1 procrustes.lan.interfaces=LAN1 procrustes.lan.billing_period_start_day=1 procrustes.lan.monthly_data_limit=30 procrustes.lan.monthly_warning_levels=15 25 procrustes.wan=limit procrustes.wan.enabled=1 procrustes.wan.interfaces=MOBILE1 procrustes.wan.billing_period_start_day=1 procrustes.wan.monthly_data_limit=30 procrustes.wan.monthly_warning_levels=15 25 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 439 of 463...
Page 440: Data Usage Status
<if_group_name>: using counter 1404674 saved on 2017-09-30 16:26:57 NOTICE procrustes <if_group_name>: warning level 2097152 is reached WARNING procrustes <if_group_name>: hard limit 10485760 is reached _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 440 of 463...
Page 441 Additional useful debug commands via the command line are described in the table below. Diagnostic Command Description logread | grep procrustes Shows logs related to “procrustes” only ls /root/procrustes/sim_blacklist/ Shows list of blacklisted SIM iccids _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 441 of 463...
Page 442: Configuring Terminal Server
Terminal Server. 42.3.1 Configure main settings Figure 209: The terminal server main settings page _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 442 of 463...
Page 443 42.3.2.1 Port settings: general section In this section you can configure general port settings. The settings are usually the same for the central and the remote site. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 443 of 463...
Page 444 Web: Serial Forwarding Timeout (ms) Forwarding timeout in milliseconds (network to serial). UCI: tservd.@port[0].sfwd_timeout Set to 0 to forward to serial immediately. Opt: sfwd_timeout 20 ms Range 0-10000 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 444 of 463...
Page 445 Note: • The displayed settings vary depending on options selected. DTR <--> DSR signalling is not available on GW2028 router models. • _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 445 of 463...
Page 446 Figure 211: The serial section fields (port mode RS232) The figure below shows the options available if you have selected RS485 mode. Figure 212: The serial section fields (port mode RS485) _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 446 of 463...
Page 447 RS485 2 wire half duplex mode in which transmitter drives RTS. rs485fdx Rs485 4 wire full duplex mode. Uses V.23 leased line card driver. Uses USB serial card in sync mode. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 447 of 463...
Page 448 In RS232 half duplex mode, time in milliseconds between dropping RTS (transmission finished) and enabling the receiver. UCI: tservd.@port[0].post_rts_timeout For use with externally connected V.23 modem. Opt: post_rts_timeout 20 ms Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 448 of 463...
Page 449 Defines the number of bit positions to delay sampling data from the detecting clock edge. This setting is only displayed if an UCI: tservd.@port[0].sync_rxdata_dly Atmel USB serial card is enabled. Opt: sync_rxdata_dly Range _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 449 of 463...
Page 450 Defines the v23 modem RTS to CTS delay in milliseconds. UCI: tservd.@port[0].v23_rts_to_cts_delay Range Opt: v23_rts_to_cts_delay Web: n/a Defines the V23 modem LIM operation. UCI: tservd.@port[0].v23_is_four_wire 2-wire Opt: v23_is_four_wire 4-wire _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 450 of 463...
Page 451 UCI: tservd.@port[0].udpMode Opt: udpMode Web: Local IP Local IP address to listen on. UCI: tservd.@port[0].local_ip 0.0.0.0 Listen on any interface. Opt: local_ip Range IPv4 address. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 451 of 463...
Page 452 Sets TCP to delay behaviour. Only displayed if Transport Mode is TCP. UCI: tservd.@port[0].tcp_nodelay Normal operation. Opt: tcp_nodelay Disable TCP Nagle algorithm. Only displayed if Transport Mode is TCP. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 452 of 463...
Page 453: Terminal Server Using Uci
Table 156: Information table for port settings network section 42.4 Terminal Server using UCI root@VA_router:~# uci show tservd tservd.main=tservd tservd.main.log_severity=0 tservd.main.debug_rx_tx_enable=1 tservd.main.debug_ev_enable=1 tservd.@port[0]=port tservd.@port[0].devName=/dev/ttySC0 tservd.@port[0].remote_ip1=0.0.0.0 tservd.@port[0].remote_ip2=0.0.0.0 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 453 of 463...
Page 454: Terminal Server Using Package Options
42.6.1.2 TCP connection initiation at startup If you have set option tcp_always_on1, or DSR state is UP, the TCP connection setup is initiated immediately. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 454 of 463...
Page 455 A UDP session is normally never cleared, but if it is closed by the network sub-system, it gets re-setup after a hand off timeout. A DSR signal DOWN event does not clear UDP session in the connected state. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 455 of 463...
Page 456: Serial Mode Gpio Control
DSR UP signal and then it resets up the UDP session. 42.7 Serial mode GPIO control On some models of Virtual Access routers it is possible to change the physical transmission mode between RS232 and RS485. This is only applicable to the second serial port on the routers: /dev/ttySC1.
Page 457 DSR=0 DTR=1 RTS=1 CTS=0 CAR=0 CD=0 RNG=0 LE=0 RI=0 ST=0 SR=0 TERMINAL-2, Dev: /dev/ttySC0 DSR=0 DTR=1 RTS=1 CTS=0 CAR=0 CD=0 RNG=0 LE=0 RI=0 ST=0 SR=0 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 457 of 463...
Page 458 - start USB serial card rx log tserv show userial rxlog <offs> <length> - show USB serial card rx log tserv quit - terminate termserv process _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 458 of 463...
Page 459: Configuring Terminal Package
Opt: flowcontrol Enabled. Table 157: Information table for terminal settings 43.3 Configuring terminal package using UCI root@VA_router:~# uci show terminal terminal.ttySC0=terminal terminal.ttySC0.enabled=1 terminal.ttySC0.device=ttySC0 terminal.ttySC0.speed=115200 terminal.ttySC0.type=vt100 terminal.ttySC0.flowcontrol=1 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 459 of 463...
Page 460: Configuring Terminal Using Package Options
/etc/inittab ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K stop ttyLTQ0::askfirst:getty -L 115200 ttyLTQ0 vt100 ttyLTQ1::askfirst:getty -L 115200 ttyLTQ1 vt100 ttySC0::respawn:getty -h -L 115200 ttySC0 vt100 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 460 of 463...
Page 461: Serial Interface
The information presented will also depend on the actual type of the serial interface. 44.2.1 Serial statistics Figure 215: The serial statistics page for serial-0 _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 461 of 463...
Page 462: Monitoring Serial Interfaces Using Command Line
Tx Frames Tx Bytes Tx Underruns Tx Discards Rx Frames Rx Bytes 258856 Rx Overruns Rx CRC Errors Rx Too Big Rx Discards _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 462 of 463...
Page 463 44.3.3 Resetting serial statistics To reset serial statistics, enter: serial_stats_reset. root@VirtualAccess:~# serial_stats_reset ttyU0 Serial interface statistics reset You can reset statistics for all or individual serial interfaces. _______________________________________________________________________________________________________ © Virtual Access 2018 GW1000 Series User Manual Issue: 2.3 Page 463 of 463...

This manual is also suitable for:

Gw1000m