Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for FireBrick FB6000 Series
Summary of Contents for FireBrick FB6000 Series
-
Page 1: User Manual
FireBrick FB6202 User Manual FB6000 Versatile Network Appliance... - Page 3 FireBrick FB6202 User Manual This User Manual documents Software version V1.19.037 Copyright © 2012 FireBrick Ltd.
-
Page 4: Table Of Contents
1.1.1. Where do I start? ..................... 1 1.1.2. What can it do? ....................1 1.1.3. Ethernet port capabilities ................... 2 1.1.4. Product variants in the FB6000 series ..............2 1.2. About this Manual ...................... 2 1.2.1. Version ......................2 1.2.2. Intended audience ..................... 2 1.2.3. - Page 5 FireBrick FB6202 User Manual 4.2.1. System name (hostname) .................. 22 4.2.2. Administrative details ..................22 4.2.3. System-level event logging control ..............22 4.2.4. Home page web links ..................22 4.3. Software Upgrades ....................23 4.3.1. Software release types ..................23 4.3.1.1.
- Page 6 FireBrick FB6202 User Manual 7.4. Routing tables ......................41 8. Profiles ..........................42 8.1. Overview ......................... 42 8.2. Creating/editing profiles ..................... 42 8.2.1. Timing control ....................42 8.2.2. Tests ......................43 8.2.2.1. General tests ..................43 8.2.2.2. Time/date tests ..................43 8.2.2.3.
- Page 7 FireBrick FB6202 User Manual 14.2. Configuring VRRP ....................62 14.2.1. Advertisement Interval ................... 63 14.2.2. Priority ......................63 14.3. Using a virtual router ....................63 14.4. VRRP versions ....................... 63 14.4.1. VRRP version 2 .................... 63 14.4.2. VRRP version 3 .................... 63 14.5.
- Page 8 FireBrick FB6202 User Manual show profiles ........................ 113 show radius ........................114 show route ........................115 show routes ........................116 show sessions ....................... 117 show status ........................118 show subnet ........................119 show subnets ........................ 120 show uptime ......................... 121 show tasks ........................
- Page 9 List of Figures 2.1. Initial web page in factory reset state ..................6 2.2. Initial "Users" page ......................6 2.3. Setting up a new user ......................7 2.4. Configuration being stored ....................7 3.1. Main menu ........................11 3.2. Icons for layout controls ..................... 12 3.3.
- Page 10 List of Tables 2.1. IP addresses for computer ....................5 2.2. IP addresses to access the FireBrick ..................5 3.1. Special character sequences ....................16 4.1. User login levels ....................... 21 4.2. Configuration access levels ....................21 4.3. General administrative details attributes ................22 4.4.
-
Page 11: Preface
IPv6-capable networking software, written from scratch in-house by the FireBrick team. Custom designed hardware, manufactured in the UK, hosts the new software, and ensures FireBrick are able to maximise performance from the hardware, and maintain exceptional levels of quality and reliability. -
Page 12: Introduction
The latest version of the QuickStart guide for the FB6000 can be obtained from the FireBrick website at : http://www.firebrick.co.uk/pdfs/quickstart-6000.pdf 1.1.2. What can it do? The FB6000 series of products is a family of high speed ISP/telcos grade routers and firewalls providing a range of specific functions. Key features of the FB6000 family: •... -
Page 13: Ethernet Port Capabilities
Also bear in mind that if you are not reading the latest version of the manual (and using the latest software release), references in this manual to external resources, such as the FireBrick website, may be out of date. If this is the correct manual for your current software version, then note that there may be a newer revision of this manual available, still covering the same software version, but with improvements or corrections to the documentation. -
Page 14: Document Style
FireBrick product configuration for all FireBrick customers. 1.2.3. Document style At FireBrick, we appreciate that different people learn in different ways - some like to dive in, hands-on, working with examples and tweaking them until they work the way they want, referring to documentation as required. -
Page 15: Additional Resources
FireBrick are building a library of Application Note documents that you can refer to - each Application Note describes how to use and configure a FireBrick in specific scenarios, such as using the device in a multi-tenant Serviced Office environment, or using the FireBrick to bond multiple WAN connections together. -
Page 16: Getting Started
You configure your FireBrick using a web browser - to do this, you need IP connectivity between your computer and the FireBrick. For a new FB6000 or one that has been factory reset, there are three methods to set this up, as described below - select the method that you prefer, or that best suits your current network architecture. -
Page 17: Add A New User
2.2.1. Add a new user You now need to add a new user with a password in order to gain full access to the FireBrick's user interface. Click on the "Users" icon, then click on the "Add" link to add a user. The "Users" page is shown below, with the "Add"... -
Page 18: Setting Up A New User
Getting Started Figure 2.3. Setting up a new user You may also want to increase the login-session idle time-out from the default of 5 minutes, especially if you are unfamiliar with the user-interface. To do that, tick the checkbox next to timeout, and enter an appropriate value, which should start PT, be followed by a number, and end with units of either M for minutes, or H for hours. - Page 19 Getting Started On this page there is a "Login" link (in red text)- click on this link and then log in using the username and password you chose. We recommend you read Chapter 3 to understand the design of the FB6000's user interface, and then start working with your FB6000's factory reset configuration.
-
Page 20: Configuration
Chapter 3. Configuration 3.1. The Object Hierarchy The FB6000 has, at its core, a configuration based on a hierarchy of objects, with each object having one or more attributes. An object has a type, which determines its role in the operation of the FB6000. The values of the attributes determine how that object affects operation. -
Page 21: Formal Definition Of The Object Model
XML. If the User Interface does not generate valid XML - i.e. when saving changes to the configuration the FireBrick reports XML errors, then this may be a bug - please check this via the appropriate support channel(s). -
Page 22: User Interface Layout
The User Interface has the following general layout :- • a 'banner' area at the top of the page, containing the FireBrick logo, model number and system name • a main-menu, with sub-menus that access various parts of the user interface ; the main-menu can be shown vertically or horizontally - sub-menu appearance depends on this display style : if the main-menu is vertical, sub-menus are shown by 'expanding' the menu vertically ;... -
Page 23: Config Pages And The Object Hierarchy
Configuration Additionally, you can choose to use the default fonts that are defined in your browser setup, or use the fonts specified by the user interface. These customisations are controlled using three icons on the left-hand side of the page footer, as shown in Figure 3.2 below :- Figure 3.2. -
Page 24: Object Settings
Configuration Figure 3.4. The "Setup" category Each section is displayed as a tabulated list showing any existing objects of the associated type. Each row of the table corresponds with one object, and a subset (typically those of most interest at a glance) of the object's attributes are shown in the columns - the column heading shows the attribute name. -
Page 25: Navigating Around The User Interface
Configuration Figure 3.6. Show hidden attributes Each box in the matrix contains the following :- • a checkbox - if the checkbox is checked, an appropriate value entry widget is displayed, otherwise, a default value is shown and applied for that setting. •... -
Page 26: Backing Up / Restoring The Configuration
FB6000. All changes are initially held in-memory (in the web browser itself), and are committed back to the FireBrick only when you press the Save button. -
Page 27: Special Character Sequences
<?xml version="1.0" encoding="UTF-8"?> This defines the version of XML that the file complies with and the character encoding in use. UTF-8 is used everywhere by the FireBrick. The XML file contains one or more elements, which may be nested into a hiearchy. -
Page 28: The Root Element -
<system name="gateway" contact="Peter Smith" location="The Basement" log-panic="fb-support"> </system> <user name="peter" full-name="Peter Smith" password="FB105#4D42454D26F8BF5480F07DFA1E41AE47410154F6" timeout="PT3H20M" config="full" level="DEBUG"/> <log name="default"/> <log name="fb-support"> <email to="crashlog@firebrick.ltd.uk" comment="Crash logs emailed to FireBrick Support"/> </log> <services> <ntp timeserver="pool.ntp.org"/> <telnet log="default"/> <http /> <dns domain="watchfront.co.uk" resolvers="81.187.42.42 81.187.96.96"/>... -
Page 29: Downloading/Uploading The Configuration
3.6. Downloading/Uploading the configuration The XML file may be retrieved from the FireBrick, or uploaded to the FireBrick using HTTP transfers done via tools such as curl. Using these methods, configuration of the FB6000 can be integrated with existing administrative systems. -
Page 30: Upload
Configuration --user "username:password" --output "filename" Replace username and password with appropriate credentials. The XML configuration file will be stored in the file specified by filename - you can choose any file extension you wish (or none at all), but we suggest that you use .xml for consistency with the file extension used when saving a configuration via the User Interface (see Section 3.4.4). -
Page 31: System Administration
Chapter 4. System Administration 4.1. User Management You will have created your first user as part of the initial setup of your FB6000, as detailed in either the QuickStart Guide or in Chapter 2 in this manual. To create, edit or delete users, browse to the config pages by clicking the "Edit" item in the sub-menu under the "Config"... -
Page 32: Login Level
System Administration 4.1.1. Login level A user's login level is set with the level attribute, and determines what CLI commands the user can run. The default, if the level attribute is not specified, is ADMIN - you may wish to downgrade the level for users who are not classed as 'system administrators'. -
Page 33: Restrict By Profile
System Administration web or telnet (for command line interface access) services (see Section 12.1 and Section 12.2), or any firewall rules that affect web or telnet access to the FB6000 itself. 4.1.4.2. Restrict by profile By specifying a profile name using the profile attribute, you can allow logins by the user only when the profile is in the Active state (see Chapter 8). -
Page 34: Software Upgrades
As a matter of policy, FireBrick software upgrades are always free to download for all FireBrick customers. To complement the responsive UK-based development process, the FB6000 is capable of downloading and installing new software directly from Firebrick's servers, providing the unit has Internet access. -
Page 35: Identifying Current Software Version
System Administration Breakpoint releases are special as they are able to automatically update an existing configuration - used with the previous software release - so that it is compatible with the new release, and functionality is retained where- ever possible. When using the Internet-based upgrade process, the FB6000 will always upgrade to the next available breakpoint version first, so that the configuration is updated appropriately. -
Page 36: Controlling Automatic Software Updates
This method is entirely manual, in the sense that the brick itself does not download new software from the FireBrick servers, and responsibilty for loading breakpoint releases as required lies with the user. In order to do this, you will first need to download the required software image file (which has the file extension .img) from the FB6000 software downloads website [http://www.firebrick.co.uk/software.php? -
Page 37: Boot Process
System Administration 4.4. Boot Process The FB6000 contains internal Flash memory storage that holds two types of software :- • main application software (generally referred to as the app) • a bootloader - runs immediately on power-up, initialises system, and then loads the app It is possible for only one of these types of software, or neither of them, to be present in the Flash, but when shipped from the factory the unit will contain a bootloader and the latest factory-release application software. -
Page 38: Event Logging
5.1. Overview Many events in the operation of the FireBrick create a log entry. These are a one-line string of text saying what happened. This could be normal events such as someone logging in to the web interface, or unusual events such as a wrong password used, or DHCP not being able to find any free addresses to allocate. -
Page 39: Logging To The Console
Event Logging 5.1.1.2. Logging to the Console The console is the command line environment described in Chapter 15. You can cause log entries to be displayed as soon as possible on the console (assuming an active console session) by setting console="true" on the log target. -
Page 40: Email
Event Logging The module name refers to which part of the system caused the log entry, and is also shown in all other types of logging such as web and console. To enable log messages to be sent to a syslog server, you need to create a syslog object that is a child of the log target (log) object. -
Page 41: E-Mail Process Logging
5.5. Performance The FireBrick can log a lot of information, and adding logs can causes things to slow down a little. The controls in the config allow you to say what you log in some detail. However, logging to flash will always slow things down a lot and should only be used where absolutely necessary. -
Page 42: Viewing Logs In The Cli Environment
Event Logging Note This is an "open ended" web page which has been known to upset some browsers, but this is rare. However it does not usually work with any sort of web proxy which expects the page to actually finish. All log targets can be viewed via the web User Interface, regardless of whether they specify any external logging (or logging to Flash memory). -
Page 43: Interfaces And Subnets
Chapter 6. Interfaces and Subnets This chapter covers the setup of Ethernet interfaces and the definition of subnets that are present on those interfaces. For information about other types of 'interfaces', refer to the following chapters :- • Point-to-Point Protocol over Ethernet (PPPoE) - Chapter 10 •... -
Page 44: Defining Port Groups
Interfaces and Subnets The interface is associated with an internal (to the FB6000) port in this switch-port group, thus :- • packets arriving at any of the ports in the group and destined for a MAC address belonging to the FB6000 will be received by the associated interface •... -
Page 45: Defining An Interface
Interfaces and Subnets <port name="LAN" ports="3 4"/> </config> In this example, "WAN" and "ADMIN" groups consists of a single port each, physical ports 1 and 2 respectively. The "LAN" group consists of two physical ports, numbers 3 and 4. Ports 3 and 4 are members of a single layer 2 broadcast domain, and are equivalent in function in terms of communication between the FB6000 and another device. -
Page 46: Using Dhcp To Configure A Subnet
Interfaces and Subnets To create or edit subnets, select the Interface category in the top-level icons, then click Edit next to the appropriate interface - under the section headed "IP subnet on the interface", you will see the list of existing subnet child objects (if any), and an "Add"... -
Page 47: Fixed/Static Dhcp Allocations
Interfaces and Subnets by its MAC address) requests an IP address. However, if a new MAC address requests an allocation, and there are no available IPs (excluding expired allocations) in the allocation pool, then the oldest expired allocation IP address is re-used for the new client. 6.3.2.1. -
Page 48: Disabling Auto-Negotiation
Interfaces and Subnets • Link auto-negotiation is enabled - both speed and duplex mode are determined via auto-negotiation, which should configure the link for highest performance possible for the given link-partner (which will need to be capable of, and participating in, auto-negotiation for this to happen) •... -
Page 49: Example Modified Port Led Functions
Interfaces and Subnets On when link up (any speed); blink (off) when Tx or Link/Activity Rx activity (Default for Green LED) On when link up at 1Gbit/s; blink (off) when Tx or Rx Link1000/Activity activity On when link up at 100Mbit/s; blink (off) when Tx or Link100/Activity Rx activity On when link up at 10Mbit/s;... -
Page 50: Routing
Chapter 7. Routing 7.1. Routing logic The routing logic in the FB6000 operates primarily using a conventional routing system of most specific prefix, which is commonly found in many IP stacks in general purpose computers and routers. Conventional routing determines where to send a packet based only on the packet's destination IP address, and is applied on a 'per packet' basis - i.e. -
Page 51: Routing Targets
Routing 7.2. Routing targets A route can specify various targets for the packet :- Table 7.1. Route targets Target Notes an Ethernet interface (locally-atached subnet) requires ARP or ND to find the device on the LAN to which the traffic is to be sent. a specific IP address (a "gateway") the packet is forwarded to another router (gateway) ;... -
Page 52: Dynamic Route Creation / Deletion
Routing • 'black-hole' : packets routed to a black-hole are silently dropped. 'Silent' refers to the lack of any ICMP response back to the sender. • 'no-where' (also called 'dead-end') : packets routed to 'no-where' are also dropped but the FB6000 generates ICMP error responses back to the sender. -
Page 53: Profiles
Chapter 8. Profiles Profiles allow you to enable/disable various aspects of the FB6000's configuration (and thus functionality) based on things such as time-of-day or presence/absence of Ping responses from a specified device. 8.1. Overview A profile is a two-state control entity - it is either Active or Inactive. Once a profile is defined, it can be referenced in various configuration objects where the profile state will control the behaviour of that object. -
Page 54: Tests
Profiles 8.2.2. Tests 8.2.2.1. General tests 'General' tests are provided for the following :- • FB105 tunnel state : the fb105 attribute lists one or more FB105 tunnel names (see Section 11.1) - if any of the specified tunnels are in the Active state, this tunnel-state test will pass •... - Page 55 Profiles <profile name="Off" set="false"/> <profile name="On" set="true"/>...
-
Page 56: Traffic Shaping
Chapter 9. Traffic Shaping The FB6000 includes traffic shaping functionality that allows you to control the speed of specific traffic flows through the FB6000. The FB6000 also provides graphing functionality, allowing specific traffic flows to be plotted on a graph image (PNG format) that the FB6000 generates. Within the FB6000, traffic shaping and graphing are closely associated, and this is reflected in how you configure traffic shaping - in order to be able to perform traffic shaping, you must first graph the traffic flow. - Page 57 Traffic Shaping Once you have graphed a (possibly bi-directional) traffic flow, you can then also define speed restrictions on those flows. These can be simple "Tx" and "Rx" speed limits or more complex settings allowing maximum average speeds over time. You define the speed controls associated with the graphed traffic flow(s) by creating a shaper top-level object.
-
Page 58: Pppoe
VLANs (see Appendix D if you are not familiar with VLANs) so that each router can be logically connected to a different interface on the FireBrick. It is also a good idea to have a switch that supports jumbo frames if using FTTC or FTTP services in this way. -
Page 59: Definining Pppoe Links
PPPoE For fibre to the cabinet (FTTC) and fibre to the premises (FTTP) service you connect the FB6000 directly to the service with no extra equipment. 10.2. Definining PPPoE links A PPPoE link is defined by a ppp top-level object. To create or edit PPPoE links in the web user interface, select the "Interface"... -
Page 60: Service And Ac-Name
PPPoE concentrator cannot handle the larger packets (such as a bridge or a switch). For this reason the default MTU is 1492. 10.2.2.2. Service and ac-name The PPPoE protocol allows multiple services to be offered, and the service setting can be used to select which is available. -
Page 61: Tunnels
11.1. FB105 tunnels The FB105 tunnelling protocol is a FireBrick proprietary protocol that was first implemented in the FireBrick FB105 device, and is popular with FB105 users for setting up VPNs etc. It is 'lightweight' in as much as it is relatively simple, with low overhead and easy setup, but it does not currently offer encryption. -
Page 62: Viewing Tunnel Status
IP address in tunnel definitions on such 'shared' end-points. The latter case is typical where an ISP deploys a FireBrick device to provide a 'head-end' device for tunnel bonding. If you wish to use a different UDP port number than the default of 1, specify the port number using the port attribute. -
Page 63: Tunnels And Nat
Tunnels i.e. the first packet to be sent is routed down the first tunnel in the set, each subsequent packet is routed down the subsequent tunnel in the set, and the (N+1)'th packet (where N is the number of tunnels in the set) is again routed down the first tunnel. - Page 64 Tunnels assumes there is no outgoing 'firewall' rule on the NAT router that would prevent the wrapper packets from being forwarded). The established session will mean that UDP packets that arrive from the WAN side will be passed to the UDP port number that was the source port used in the outgoing wrapper packets. •...
-
Page 65: System Services
Chapter 12. System Services A system service provides general functionality, and runs as a separate concurrent process alongside normal traffic handling. Table 12.1 lists the services that the FB6000 can provide :- Table 12.1. List of system services Service Function SNMP server provides clients with access to management information using the Simple Network Management... -
Page 66: Trusted Addresses
System Services To restrict to specific client IP addresses, using the user interface, check the checkbox next to the allow attribute, and enter one or more IP addresses, or IP address ranges into the text entry box - use the Enter key to separate your list items. -
Page 67: Dns Configuration
System Services <telnet allow="10.0.0.0/24 10.1.0.3-98 10.100.100.88 10.99.99.0/24" comment="telnet service access restricted by IP address" local-only="false"/> You can verify whether the access control performs as intended using the diagnostic facility described in Section 13.1 12.3. DNS configuration The DNS service provides name resolution service to other tasks within the app software, and can act as a relay for requests received from client machines. -
Page 68: Network Diagnostic Tools
Chapter 13. Network Diagnostic Tools Various network diagnostic tools are provided by the FB6000, accessible through either the web user interface or the CLI :- • Packet dump : low level diagnostics to for detailed examination of network traffic passing through the FB6000 •... -
Page 69: Packet Dumping
This address is not on a local Ethernet subnet and so not allowed access. 13.2. Packet Dumping The FireBrick includes the ability to capture packet dumps for diagnostic purposes. This might typically be used where the behaviour of the FB6000 is not as expected, and can help identify whether other devices are correctly implementing network protocols - if they are, then you should be able to determine whether the FB6000 is responding appropriately. -
Page 70: Security Settings Required
Network Diagnostic Tools snaplen Snaplen The maximum capture length for a packet can be specified, in bytes. Default 0 (auto). See notes below. timeout Timeout The maximum capture time can be specified in seconds. Default 10. IP address (2-off) Up to two IPs can be specified to filter packets self Include my IP... -
Page 71: Snaplen Specification
Linebreaks are shown in the example for clarity only - they must not be entered on the command-line In this example we have used username name and password pass to log-in to a FireBrick on address 1.2.3.4 - obviously you would change the IP address (or host name) and credentials to something suitable for your... - Page 72 Network Diagnostic Tools We have asked for a dump of the interface named LAN, with a 5 minute timeout and capturing 1500 byte packets. We have then fed the output in real time (hence specifying --no-buffer on the curl command) to tcpdump, and asked it to take capture data from the standard input stream (via the -r - options).
-
Page 73: Vrrp
Note You can disable the use of the special MAC if you wish, and use a normal FireBrick MAC. However, this can lead to problems in some cases. -
Page 74: Advertisement Interval
VRRP 14.2.1. Advertisement Interval A master indicates that it still 'alive' by periodically sending an advertisement multicast packet to the group members. A failure to receive a multicast packet from the master router for a period longer than three times the advertisement interval timer causes the backup routers to assume that the master router is down. -
Page 75: Compatibility
Note that the FB6000 has non-standard support for some specific packets sent to the VRRP virtual addresses. This includes answering pings (configurable) and handling DNS traffic. Other VRRP devices may not operate in the same way and so may not work in the same way if they take over from the FireBrick. -
Page 76: Command Line Interface
Chapter 15. Command Line Interface The FB6000 provides a traditional command-line interface (CLI) environment that can be used to check status information, and control some aspects of the unit's operation. The CLI is accessed via the 'telnet' protocol - the FB6000 implements a telnet server, which you can connect to using any common telnet client program. -
Page 77: Command Line Reference
Command Line Reference... -
Page 78: Check Access
Name check access — Check whether an IP address can access/utilise network services provided by the FB6000 SYNOPSIS check access <IPAddr> [table=<routetable>] DESCRIPTION For each network service implemented by the FB6000, this command shows whether a specific IP address will be able to access or utilise the service, based on any access restrictions configured on the service. -
Page 79: Clear Bgp
Name clear bgp — ** TBC ? ** SYNOPSIS clear bgp <IPNameAddr> DESCRIPTION ** TBC ? **... -
Page 80: Clear Dhcp
Name clear dhcp — Clears one or all of the stored allocations made by the FB6000's DHCP server. SYNOPSIS clear dhcp [<IP4Addr>] [table=<routetable>] DESCRIPTION Every allocation made by the DHCP server built-in to the FB6000 is stored in non-volatile memory, and as such will survive power-cycling and/or rebooting. -
Page 81: Clear L2Tp All
Name clear l2tp all — ** TBC ? ** SYNOPSIS clear l2tp all DESCRIPTION ** TBC ? **... -
Page 82: Clear L2Tp Session
Name clear l2tp session — ** TBC ? ** SYNOPSIS clear l2tp session <string> DESCRIPTION ** TBC ? **... -
Page 83: Clear L2Tp Tunnel
Name clear l2tp tunnel — ** TBC ? ** SYNOPSIS clear l2tp tunnel <IPNameAddr>|<tun-id> DESCRIPTION ** TBC ? **... -
Page 84: Clear Pppoe
Name clear pppoe — ** TBC ? ** SYNOPSIS clear pppoe <integer> DESCRIPTION ** TBC ? **... -
Page 85: Delete Config
Name delete config — Delete a configuration from the Flash memory SYNOPSIS delete config <unsignedInt> [confirm=<string>] DESCRIPTION This command is used to permanently delete a configuration from the Flash memory. Specify the starting block number of the configuration as the <unsignedInt> argument, which can be obtained using the show flash contents command. -
Page 86: Delete Data
Name delete data — Delete a data item from the Flash memory SYNOPSIS delete data <unsignedInt> [confirm=<string>] DESCRIPTION This command is used to permanently delete a data item from the Flash memory. Specify the starting block number of the data item as the <unsignedInt> argument, which can be obtained using the show flash contents command. -
Page 87: Delete Image
Name delete image — Delete a software image from the Flash memory SYNOPSIS delete image <unsignedInt> [confirm=<string>] DESCRIPTION This command is used to permanently delete a software image from the Flash memory. Specify the starting block number of the image as the <unsignedInt> argument, which can be obtained using the show flash contents command. -
Page 88: Ethernet Reset
Name ethernet reset — ** TBC ? ** SYNOPSIS ethernet reset <port> DESCRIPTION ** TBC ? **... -
Page 89: Ethernet Stall
Name ethernet stall — ** TBC ? ** SYNOPSIS ethernet stall <port> DESCRIPTION ** TBC ? **... -
Page 90: Exit
Name exit — Logout and end a command-line session. SYNOPSIS exit DESCRIPTION Logs out and ends a command-line telnet session. Note The exit command is synonymous with the quit. -
Page 91: Kill Command Session
Name kill command session — ** TBC ? ** SYNOPSIS kill command session <IPAddr> DESCRIPTION ** TBC ? ** Forcibly terminates another command-line session, identified by source IP address. -
Page 92: Kill Session
Name kill session — Kills an active session in the session-table. SYNOPSIS kill session source-ip=<IPAddr> target-ip=<IPAddr> protocol=<unsignedByte> [source-port=<unsignedShort>] [target-port=<unsignedShort>] [table=<routetable>] DESCRIPTION Kills the active session that matches the specified parameters. -
Page 93: Login
Name login — Login to a command-line session. SYNOPSIS login [<string>] DESCRIPTION Changes a command-line session to the logged-in state, subject to the correct credentials being supplied. The login process occurs automatically at the start of a new telnet connection, but if no username is entered (i.e. the user just presses Enter), or the login fails, the command-line session stays active but in the logged-out state. -
Page 94: Logout
Name logout — Log-out from a command-line session. SYNOPSIS logout DESCRIPTION Changes a command-line session to the logged-out state, but doesn't disconnect the telnet connection. Refer to the login command for details on what is possible in the logged-out state. To log-out and automatically close the telnet connection, use the exit command instead. -
Page 95: Panic
Name panic — Force a system panic. SYNOPSIS panic [<string>] [confirm=<string>] DESCRIPTION Forces a system panic which causes an immediate reboot of the FB6000. The optional <string> argument specifies text that will be present in the panic message, which is typically visible in the system flash log. To reduce the chance of accidental forced panic, this command requires that you specify confirm=yes - if this is omitted, the CLI responds with :- Please use confirm=yes to run this command... -
Page 96: Ping
Name ping — Ping an IP address. SYNOPSIS ping <IPNameAddr> [table=<routetable>] [source=<IPAddr>] [gateway=<IPAddr>] [flow=<unsignedShort>] [count=<positiveInteger>] [ttl=<unsignedByte>] DESCRIPTION Pings the IP address specified by the first argument. The argument may also be a DNS name, which will be resolved if DNS resolver(s) are correctly configured. EXAMPLE marty>... -
Page 97: Quit
Name quit — Logout and end a command-line session. SYNOPSIS quit DESCRIPTION Logs out and ends a command-line telnet session. Note The quit command is synonymous with the exit. -
Page 98: Reboot
Name reboot — Reboots the FB6000. SYNOPSIS reboot [<unsignedInt>] [confirm=<string>] DESCRIPTION Initiates a reboot of the FB6000 - this is a controlled, clean shutdown and reboot. To reduce the chance of accidental reboots, this command requires that you specify confirm=yes - if this is omitted, the CLI responds with :- Please use confirm=yes to run this command... -
Page 99: Set Boot Block
Name set boot block — ** TBC ? ** SYNOPSIS set boot block <unsignedInt> priority <unsignedInt> DESCRIPTION ** TBC ? **... -
Page 100: Set Command Screen Width
Name set command screen width — ** TBC ? ** SYNOPSIS set command screen width <unsignedInt> DESCRIPTION ** TBC ? **... -
Page 101: Show Arp
Name show arp — Prints the ARP table. SYNOPSIS show arp [<IPAddr>] DESCRIPTION Prints the current contents of the ARP table i.e. the MAC addresses that have been discovered via ARP for IP addresses on local subnets. TO see more detail about a particular ARP table entry, specify the IP address of the entry you are interested in as the argument to this command. -
Page 102: Show Bgp
Name show bgp — ** TBC ? ** SYNOPSIS show bgp DESCRIPTION ** TBC ? **... -
Page 103: Show Bgp Nexthop
Name show bgp nexthop — ** TBC ? ** SYNOPSIS show bgp nexthop DESCRIPTION ** TBC ? **... -
Page 104: Show Bgp Peer
Name show bgp peer — ** TBC ? ** SYNOPSIS show bgp peer <IPNameAddr> DESCRIPTION ------... -
Page 105: Show Bgp Routes
Name show bgp routes — ** TBC ? ** SYNOPSIS show bgp routes [<IPFilter>] [table=<routetable>] [imported=<IPNameAddr>] [exported=<IPNameAddr> DESCRIPTION ** TBC ? **... -
Page 106: Show Bgp Summary
Name show bgp summary — ** TBC ? ** SYNOPSIS show bgp summary DESCRIPTION ** TBC ? **... -
Page 107: Show Boot Log
Name show boot log — ** TBC ? ** SYNOPSIS show boot log [<unsignedInt>] DESCRIPTION ** TBC ? **... -
Page 108: Show Command Sessions
Name show command sessions — Print a list of command-line sessions. SYNOPSIS show command sessions DESCRIPTION Prints a list of all command-line (i.e. telnet) sessions - this includes those where no user is logged in, which display as <logged out> and user level NOBODY (see the login command for discussion of logged-in / logged-out states). -
Page 109: Show Dhcp
Name show dhcp — Print list of IP address allocations made by the FB6000's DHCP server. SYNOPSIS show dhcp [<IP4Addr>] [table=<routetable>] DESCRIPTION Every allocation made by the DHCP server built-in to the FB6000 is stored in non-volatile memory, and as such will survive power-cycling and/or rebooting. -
Page 110: Show Dns
Name show dns — Displays the DNS resolvers that are currently configured for use. SYNOPSIS show dns DESCRIPTION Displays the DNS resolvers that are currently configured for use by the DNS service (see Section 12.3). The configured servers will include any setup in the DNS service configuration, plus any that have been informed to the FB6000 if it has obtained an IP address itself by DHCP (see Section 6.3.1.1). -
Page 111: Show Ethernet Counters
Name show ethernet counters — Print values of counters maintained by the Ethernet hardware. SYNOPSIS show ethernet counters DESCRIPTION The Ethernet hardware in the FB6000 maintains various byte and packet counters which can be displayed using this command. This information is likely to only be useful when diagnosing specific problems with the FB6000 hardware or software, under guidance of technical support personnel. -
Page 112: Show Ethernet Status
Name show ethernet status — Print current status of the Ethernet ports SYNOPSIS show ethernet status DESCRIPTION This command prints the current status of the four Ethernet ports on the FB6000. The following information is shown :- • Link status (Up / Down) •... -
Page 113: Show Fb105
Name show fb105 — Print information about FB105 tunnels. SYNOPSIS show fb105 [<string>] DESCRIPTION Prints information about tunnels using the FB105 lightweight tunnelling protocol. For each FB105 tunnel that is defined by the current configuration, this command lists the following information :- Table 18. -
Page 114: Show Flash Contents
Name show flash contents — Print a list of what is currently stored in the internal Flash memory. SYNOPSIS show flash contents DESCRIPTION The FB6000 uses internal Flash memory to store various items of data and software program code. A Flash memory is divided into blocks, with a typical block size of 128KiB. -
Page 115: Show Flash Log
Name show flash log — Print log text stored in the 'Flash log'. SYNOPSIS show flash log [<unsignedInt>] DESCRIPTION The Flash Log is a non-volatile (i.e. it is not lost when the FB6000 is powered-off) log information storage area. It is typically used to log information for significant events, where it is necessary for the information to be retained after power-loss or device reboot. -
Page 116: Show L2Tp
Name show l2tp — Print overview of L2TP status. SYNOPSIS show l2tp DESCRIPTION ----... -
Page 117: Show L2Tp Session
Name show l2tp session — ** TBC ? ** SYNOPSIS show l2tp session <string> DESCRIPTION ** TBC ? **... -
Page 118: Show L2Tp Sessions
Name show l2tp sessions — ** TBC ? ** SYNOPSIS show l2tp sessions DESCRIPTION ** TBC ? **... -
Page 119: Show L2Tp Tunnel
Name show l2tp tunnel — ** TBC ? ** SYNOPSIS show l2tp tunnel <tun-id> DESCRIPTION ** TBC ? **... -
Page 120: Show L2Tp Tunnels
Name show l2tp tunnels — ** TBC ? ** SYNOPSIS show l2tp tunnels DESCRIPTION ** TBC ? **... -
Page 121: Show Log
Name show log — Prints the stored log text for a specified log target. SYNOPSIS show log [<string>] DESCRIPTION Prints the stored log text for the log-target specified by the argument. If the argument is omitted , text logged to any target is shown. Once the stored text is displayed, the command continues to 'follow' the log, printing new text as it is logged. -
Page 122: Show Memory
Name show memory — Print information about memory usage by the FB6000 application software. SYNOPSIS show memory DESCRIPTION This command prints details of memory usage in terms of virtual and physical address spaces - it is only likely to be helpful when diagnosing specific problems with the FB6000 hardware or software, under guidance of technical support personnel. -
Page 123: Show Pppoe
Name show pppoe — Print information about PPPoE sessions. SYNOPSIS show pppoe [integer>] DESCRIPTION Prints information about PPPoE sessions established by the FB6000's built-in PPPoE client. -
Page 124: Show Profiles
Name show profiles — Print the current state of all the profiles that are defined. SYNOPSIS show profiles DESCRIPTION Shows the state of each profile that is defined by the current configuration - profile states are either Active or Inactive. The command also shows the reason that the profile is in that state. -
Page 125: Show Radius
Name show radius — **TBC ? ** SYNOPSIS show radius DESCRIPTION **TBC ? **... -
Page 126: Show Route
Name show route — Print information about a specific route. SYNOPSIS show route <IPPrefix> [table=<routetable>] DESCRIPTION Prints information about a specific route - the one that matches (most-specific / longest-prefix match) a specified destination prefix, or an IP address (when specifying a /32 prefix). The full list of all routes can be obtained using the show routes command. -
Page 127: Show Routes
Name show routes — Print the list of route destinations from a routing table. SYNOPSIS show routes [<IPFilter>] [table=<routetable>] DESCRIPTION Prints a list of route destinations, and brief information about the route. The information provided shows the type of the route : •... -
Page 128: Show Sessions
Name show sessions — Displays the session table. SYNOPSIS show sessions [protocol=<unsignedByte>] DESCRIPTION Prints the current contents of the session table. -
Page 129: Show Status
Name show status — Print general FB6000 status information. SYNOPSIS show status DESCRIPTION Prints a list of general FB6000 information items, including :- • System name, serial number, build/ship dates • Bootloader and Software versions • System uptime • Software options (e.g. Fully Loaded) and allowed software build types •... -
Page 130: Show Subnet
Name show subnet — Print information about a specific locally-attached subnet. SYNOPSIS show subnet <integer> DESCRIPTION Print information about a specific locally-attached subnet - the subnet is specified using its subnet number. The show subnets can be used to see subnet numbers. -
Page 131: Show Subnets
Name show subnets — Print list of locally-attached subnets. SYNOPSIS show subnets DESCRIPTION Prints a list of locally-attached subnets i.e. those directly accessible via an interface. -
Page 132: Show Uptime
Name show uptime — Print up-time since last bootup. SYNOPSIS show uptime DESCRIPTION This command is synonymous with the uptime command. -
Page 133: Show Tasks
Name show tasks — Prints the list of software tasks running on the FB6000. SYNOPSIS show tasks DESCRIPTION The FB6000's operating system software provides a multi-tasking environment for the application software. The app is implemented as a set of distinct tasks, running concurrently - show tasks may be helpful in some support situations as it shows some statistics about the tasks (such as CPU usage percentage) that may assist in diagnosing problems. -
Page 134: Show Vrrp
Name show vrrp — Prints VRRP status information. SYNOPSIS show vrrp DESCRIPTION When this FB6000 is part of a Virtual Router, this command shows the current VRRP status of this device. -
Page 135: Start Command Session
Name start command session — ** TBC ? ** SYNOPSIS start command session <IPAddr> [port=<unsignedShort>] [table=<routetable>] DESCRIPTION ** TBC ? **... -
Page 136: Traceroute
Name traceroute — Runs a classical traceroute procedure. SYNOPSIS traceroute <IPNameAddr> [table=<routetable>] [source=<IPAddr>] [gateway=<IPAddr>] [flow=<unsignedShort>] [count=<positiveInteger>] [ttl=<unsignedByte>] DESCRIPTION This command performs the classical traceroute procedure to investigate the route taken to reach the IP address specified by the first argument. Multiple ICMP Echo Request packets are sent to the destination IP address, with increasing Time-To-Live values starting at 1, thus obtaining "TTL expired"... -
Page 137: Troff
Name troff — Prevents log messages sent to the console from being displayed. SYNOPSIS troff DESCRIPTION See the tron command for information about using tron and troff. -
Page 138: Tron
Name tron — Enables log messages sent to the console to be displayed. SYNOPSIS tron DESCRIPTION Certain system events normally cause log messages to be sent to the console. If you find that these are interfering with your use of the console, you can disable printing of these messages via the troff command. To re-enable the messages, use the tron command. -
Page 139: Uptime
Name uptime — Print up-time since last bootup. SYNOPSIS uptime DESCRIPTION Prints the up-time since the last bootup of the FB6000 EXAMPLE marty> uptime Version: FB6202 Gemini (V1.06.001 2011-11-02T17:41:12) Uptime 8 days 01:28:07 Current time: 10th Nov 2011 22:10:17... -
Page 140: Factory Reset Procedure
IP addresses described in Chapter 2. This process can be very useful if you ever make an error in the configuration that stops you having access to the FireBrick for any reason, or any other situation where it is appropriate to start from scratch. - Page 141 • Connect network to left hand port. Power LED comes on solidly. This process will start the FireBrick in a factory reset mode temporarily - the configuration stored in flash memory has not yet been altered or deleted at this stage.
-
Page 142: Cidr And Cidr Notation
Appendix B. CIDR and CIDR Notation Classless Inter-Domain Routing (CIDR) is a strategy for IP address assignment originally specified in 1993 that had the aims of "conserving the address space and limiting the growth rate of global routing state". The current specification for CIDR is in RFC4632 [http://tools.ietf.org/html/rfc4632]. - Page 143 CIDR and CIDR Notation routing table entry - 10.1.2.0/24 and 10.1.3.0/24 - routing table entries for these subnets would appear in a downstream router. Note that in either a network/subnet or routing destination specification, the address will be the starting address of the IP address range being expressed, such that there will be M least significant bits of the address set to zero, where M = 32 - prefix_length Combined interface IP address and subnet definitions...
-
Page 144: Mac Addresses Usage
In principle the FireBrick could have a single MAC address for all operations. However, practical experience has led to the use of multiple MAC addresses on the FireBrick. A unique block of addresses is assigned to each FireBrick, with the size of the block dependent on the model. -
Page 145: C.1. Dhcp Client Names Used
MAC Addresses usage 000397:147C is interpreted as : • All addresses in the range start with 00:03:97:14:7C • the first address in the range has zero for the remaining digits (00) • the last address in the range has F for the remaining digits (FF) Therefore this range spans 00:03:97:14:7C:00 to 00:03:97:14:7F:FF inclusive (256 addresses). -
Page 146: Vlans : A Primer
Appendix D. VLANs : A primer An Ethernet (Layer 2) broadcast domain consists of a group of Ethernet devices that are interconnected, typically via switches, such that an Ethernet broadcast packet (which specifies a reserved broadcast address as the destination Ethernet address of the packet) sent by one of the devices is always received by all the other devices in the group. -
Page 147: Index
defining, 34 Index Ethernet, 32 logical to physical associations, 32 relationship with physical ports, 32 IP Address Groups, 19 Attributes value syntax IP address groups, 19 LEDs Power LED - status indications, 26 Log targets, 27 Boot process, 26 Logging (see Event logging) Breadcrumbs, 12 Navigation buttons Configuration... - Page 148 Index checking access to, 57 configuring, 54 definition of, 54 list of, 54 Telnet service configuration, 55 Time-out login sessions, 21 Traffic shaping overview, 45 Tunnels bonding (FB105), 51 FB105, 50 viewing status (FB105), 51 User Interface customising layout, 11 general layout, 11 navigation, 14 overview, 10...
Need help?
Do you have a question about the FB6000 Series and is the answer not in the manual?
Questions and answers