Page 1 OfficeConnect Remote 812 ADSL Router CLI User’s Guide Release 1.1 http://www.3com.com/...
Page 2 95052-8145 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty of any kind, either implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.
Page 3: Table Of Contents
ONTENTS CCESSING THE ONFIGURATION Establishing Communications with the OfficeConnect Remote 812 Local Connection IBM-PC Compatible Computers Macintosh Computers UNIX-Based Computers Remote Connection CLI C OMMAND ONVENTIONS AND Command Structure Format Parameters Values Names or Strings Network Address Formats Abbreviation and Command Completion Control Characters Help Conventions...
Page 4 Instructions Setup Script Password Protection Which portions of the network do you want to configure? Quick Setup Identification information Quick Setup Management Information TELNET information Quick Setup IP information Quick Setup IPX information Quick Setup Bridge Information Sample Identification Information VC S UICK ETUP...
Page 5 show ip settings show ip routing settings Configuring an IP Network over the LAN Configuring IP RIP on the LAN Configuring IP for the Remote Site Connection Configuring IP RIP for a Remote Site Configuring Static and Framed IP Routes IP Tools Address Translation Network Address Translation (NAT)
Page 6 Setting Date and Time Setting System Identification Configuring Web Browser and TELNET Login Access Providing TFTP Access Setting Password Protection Introduction Filtering Overview OfficeConnect Remote 812 Filtering Capabilities Filter Classes Filter Types Data Filters Advertisement Filters Generic Filters Creating Filters Overview Creating Filters Using Command Line Interface Filter File Components in CLI Protocol Sections...
Page 7 Applying a Filter to an Interface Using CLI Configuring a Filter for a VC/Remote Site Using CLI Setting Filter Access Using CLI Managing Filters Using CLI Displaying the Managed Filter List Using CLI Adding Filters to the Managed List Using CLI Removing a Filter from an Interface Using CLI Removing a Filter from a VC/Remote Site Profile Using CLI Deleting a Packet Filter Using CLI...
Page 8 add ipx route <ipx_net_address> add ipx service [service_name] add ipx_route vc <name> add ipx_service vc <name> add nat tcp vc <user_name> add nat udp vc <vc_name> add network service <service_name> Status add snmp community <community_name> add snmp trap_community <name> add syslog <ip_name_or_addr> loglevel [loglevel] add tftp client <ip_name_or_addr>...
Page 9 DIAL B-12 dial <vc_name> B-12 DISABLE B-12 disable access B-12 disable bridge network <name> disable bridge spanning_tree disable icmp B-13 disable interface <interface_name> disable ip forwarding B-13 disable ip network <network_name> disable ip rip B-13 disable ip routing B-13 disable ip static_remote_routes disable ipx network <network_name>...
Page 10 enable security_option remote_user administration enable security_option snmp user_access enable snmp authentication traps enable telnet escape B-16 enable user <user name> B-16 enable vc <vc name> B-16 exit CLI B-16 HANGUP B-16 hangup interface <interface_name> hangup vc <vc_name> B-16 HELP B-16 help <command>...
Page 11 list networks B-20 list processes B-20 list ppp B-20 list services B-21 list snmp communities or list snmp trap_communities list syslog B-21 list tcp connections B-21 list tftp clients B-21 list udp listeners B-21 list users B-22 list vc B-22 login_required B-22 password...
Page 12 set interface <interface_name> set ip network <name> B-27 set ip routing B-28 set ipx network <network_name> set ipx system B-30 set network service <admin_name> set ppp receive_authentication [NONE | PAP | CHAP | EITHER] set ppp echo_retries <number> set snmp community <community_name> set system B-31 set syslog <IP_address>...
Page 13 show interface <interface_name> settings B-43 show ip counters B-43 show ip settings B-44 show ip network <network_name> settings B-44 show ipx counters B-44 show ipx network <network_name> counters B-45 show ipx network <network_name> settings B-45 show ipx rip B-46 show ipx sap B-46 show ipx settings B-47...
Page 14 status B-54 CLI Exit Commands B-54 Bye, Exit, Leave, Quit B-54 Logout B-54 Command Features B-54 Command Retrieval B-54 Positional Help B-54 Command Completion B-54 Output Pause B-54 Command Kill B-54 Comments B-55 ORPORATION IMITED FCC C LASS ERIFICATION FCC C LASS TATEMENT FCC D...
Page 15: Accessing The Configuration Interface
This chapter explains how to attach to the configuration interface locally via the console port or remotely via a Telnet session. This chapter also introduces you to the capabilities and conventions associated with management of your OfficeConnect Remote 812. Establishing Communications with the OfficeConnect...
Page 16: Unix-Based Computers
1: A HAPTER CCESSING THE ONFIGURATION NTERFACE UNIX-Based Computers Kermit, minicom and tip are typical terminal emulation programs for UNIX-based computers. Depending on the platform you’re using, you may need to modify a configuration file for vt100 settings. Remote Connection If you want to attach to the OfficeConnect Remote 812 via the LAN or WAN interface of the unit, you will need to establish a Telnet connection to the unit.
Page 17: Cli Command Conventions And Terminology
CLI C This chapter describes the command syntax, conventions and terminology used within the Command Line Interface. Reviewing and understanding this chapter is essential for you to understand subsequent chapters. Command Structure Format Commands can be followed by values and/or parameters and values. For example: a dd ip network <network_name>...
Page 18: Names Or Strings
2: CLI C HAPTER OMMAND ONVENTIONS AND may be a list of options you must choose from. When choosing an option, type the text of the option exactly. Names or Strings “Double quotation marks” set off user-defined strings. If you want white space or special characters in a string, it must be enclosed by “double quotation marks”.
Page 19: Conventions
Conventions Conventions Most commands are not case sensitive. As a rule, only <name> and [password] values require typing the correct case. Configuration changes occur immediately but are lost on reboot unless you save them. The save all command places configuration changes in FLASH ROM (permanent memory).
Page 20 2: CLI C HAPTER OMMAND ONVENTIONS AND ERMINOLOGY...
Page 21: Configuration Methods
OfficeConnect Remote 812 CLI offers three setup choices, all of which are described in this section: the automated, Quick Setup method, the QuickVC Setup method, and the manual method. Review the capabilities of each below and decide which configuration method best suits your needs, then proceed to the appropriate chapter for detailed configuration guidelines for each method.
Page 22: Manual Setup Instructions
3: C HAPTER ONFIGURATION ETHODS Manual Setup Once you become familiar with the CLI interface, you might find it more efficient Instructions to manage the OfficeConnect Remote 812 manually. Manual configuration is most versatile in that you only enter commands that need to effectively change from the current configuration.
Page 23: Quick Setup
This chapter will describe in detail the operations of the Quick Setup program. It will identify the required information, steps involved, and sample output scripts from the execution of this program. CLI Quick Setup Script Introduction The CLI Quick Setup program allows you to quickly configure LAN-side, global and management settings for your OfficeConnect Remote 812.
Page 24: Password Protection
4: Q HAPTER UICK ETUP The OfficeConnect Remote 812 Quick Setup allows you to setup a simple configuration for IP, IPX, and bridging. Please answer the following questions with "yes" or "no" to indicate which portions of the system you want to configure. When Quick Setup displays a question it will display a default answer in square brackets, like "[yes]".
Page 25: Telnet Information
Along with a community name, you can limit access to a specific management station. "0.0.0.0" means any station. Question What is the IP address of the station for this community? You also need to specify if this community can only read information, or read and write information.
Page 26: Quick Setup Ipx Information
4: Q HAPTER UICK ETUP Question What should the the mask be set to? You need to specify the framing for the IP network. It should be either "ethernet_ii" or "snap". Question What is the framing for the IP network? You can use the Routing Information Protocol (RIP) to exchange routing information with other routers on the network.
Page 27: Quick Setup Bridge Information
Question Enter the name of your network: The network number is a non-zero hexadecimal number of up to 8 digits. Question Enter the ipx network number: You need to specify the framing for the IPX network. It should be one of the following: “ethernet_ii”, “snap”, “dsap”, “novell_8023.”...
Page 28 4: Q HAPTER UICK ETUP Management Information: Console Login Required: Console Login Password: SNMP Management: SNMP Community: SNMP IP Address: SNMP Read&Write: TELNET Management: TELNET User: TELNET Password: IP Information: IP Network Name: IP Network Address: IP Mask: IP Frame Type: IP RIP: DHCP Server: DHCP Pool Start IP Address:...
Page 29 OCR-DSL>set dhcp mode server OCR-DSL>set dhcp server start 192.168.200.1 end 192.168.200.40 router 192.168.200.254 dnsl 192.168.200.254 dns2 0.0.0.0 wins1 0.0.0. wins2 0.0.0.0 mask 255.255.255.0 OCR-DSL>add dns host ocrdsl-3com.com addr 192.168.200.254 OCR-DSL>enable dns OCR-DSL>add tftp client 0.0.0.0 OCR-DSL>set ip network “test” routing ripv2 OCR-DSL>enable ip network “test”...
Page 30 4: Q HAPTER UICK ETUP...
Page 31: Quick Vc Setup
This chapter will describe in detail the operations of the OfficeConnect Remote 812 VC Setup Wizard program. It will identify the required information, steps involved, and sample output scripts from the execution of this program. CLI QuickVC Setup Script Introduction The CLI QuickVC Setup program allows you to quickly configure remote site profiles (virtual channel connections) for your OfficeConnect Remote 812.
Page 32: Network Service
5: Q VC S HAPTER UICK ETUP Enter the Peak Cell Rate: The Category of Service and cell rate parameters only affect data transmitted from the OfficeConnect Remote 812 to the remote site (upstream direction). The default value of UBR with a Peak Cell Rate of 0 will attempt to use all available upstream bandwidth when transmitting to the remote site.
Page 33: Ip Configuration (Network Service Rfc1483)
Is the local IP address (S)pecified or (L)earned ? Enter the local ip address for the WAN connection: (specified only) Do you want to use “name”’s remote router as the default gateway ? Do you want to run RIP ? Enter the version of RIP to run: (if applicable) The IP configuration for VC “name”...
Page 34: Ipx Routing (Network Service Ppp)
5: Q VC S HAPTER UICK ETUP IPX Routing (Network Service PPP) Question Is IPX traffic going to be routed over VC “name”? Is the IPX WAN interface (S)pecified or (L)earned? Is the IPX WAN interface (U)nnumbered or (N)umbered? Enter the IPX network number for the WAN? Do you want IPX routing (RIP) to run over the WAN? The IPX configuration for VC “name”...
Page 35 Category of Service: Peak Cell Rate: Local WAN IP Address: Remote WAN IP Address: WAN Interface Type: Address Translation (NAT): RIP: Remote is Default Gateway: IPX: IPX WAN Network Number: IPX WAN RIP: Bridging: Question Do you want to change any answers ? Do you want to actually execute these commands? Sample Output Display OCR-DSL>...
Page 36 5: Q VC S HAPTER UICK ETUP...
Page 37: Manual Setup
This chapter describes how to manually setup the OfficeConnect Remote 812 for Routing or Bridging. Configuration The following steps provide an outline to follow when configuring the Overview OfficeConnect Remote 812 to route or bridge to remote networks. 1 Determine how the OfficeConnect Remote 812 will be used (as an IP, IPX Router and/or Bridge) and gather information about your remote site connection using the Configuration Planning Forms provided with the unit.
Page 38: Bridging
6: M HAPTER ANUAL ETUP Remote Site Each remote site that you want to connect to is accessed through a single ATM Management Virtual Channel connection. To set up connections over the WAN, a VC (remote site) profile must be created and edited. With this profile, you specify ATM Virtual Channel information, protocols, and addresses that determine the method of connection and communication to that remote site.
Page 39: Configuring Network Service Information
disable vc Internet set vc Internet send_password testpassword enable vc Internet Configuring Network A Network Service defines the data encapsulation and protocol characteristics for Service Information the connection between the OfficeConnect Remote 812 and the remote site. The OfficeConnect Remote 812 supports two types of Network Services: PPP and RFC 1483.
Page 40: Ip Routing
6: M HAPTER ANUAL ETUP For SVCs, there is not a fixed VPI/VCI. Instead, a destination address is used to set up a path through the ATM backbone network when the connection is to be established. Currently, the SVC capability is disabled in the OfficeConnect Remote 812. ATM Category of Service parameters specify characteristics (sometimes called traffic shaping parameters) for data transmitted from the OfficeConnect Remote 812 to the remote site.
Page 41: Enabling Ip Routing
To configure IP routing, IP must be defined on both the LAN interface and one or more VC profiles. On the LAN, an IP network must exist with a specified IP address and subnet mask. In the VC profile, IP routing needs to be enabled, and the remote router address, a remote subnet mask and local WAN interface address need to be configured.
Page 42: Configuring Ip Rip On The Lan
6: M HAPTER ANUAL ETUP You can specify the subnet in one of two ways: a class or numerical designation. If you specify a Class C subnet mask, for instance, this command will generate a 255.255.255.0 subnet value for you. If you specify the number of bits (to be set to 1), the acceptable range is 8-30.
Page 43 set vc <vc name> ip [DISABLE | ENABLE] The remote IP address information consists of the IP address of the router at the other end of the VC connection. This address can be either specified by you, or (if you are using PPP as the Network Service for the connection) it can be learned when the PPP session is established.
Page 44: Configuring Ip Rip For A Remote Site
6: M HAPTER ANUAL ETUP To create a filter to block NetBios file and printer sharing over the Remote Site connection, use the following command: add auto_filter vc_blk_netbios vc <user name> Where <user name> is the VC Remote Site profile name. This command creates a filter which rejects incoming frames with destination UDP ports 137 and 138, and destination TCP ports 139 and 143.
Page 45: Address Translation
The route will appear in the IP routing table. You can display all IP routes with the list ip routes command. delete ip route <ip network address> add framed_route vc <vc name> where gateway is the address of the remote router. The route will be removed from the routing table when the VC profile is disabled.
Page 46: Configuring Nat
6-10 6: M HAPTER ANUAL ETUP Static NAT port mappings or the NAT default address need to be configured when an application will initiate a TCP or UDP connection from the public network. If a public accessible Server resides on a privately addressed LAN, static ports can be defined for the applications they are running.
Page 47: Monitoring Nat
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory. Monitoring NAT The NAT configuration is displayed when viewing the remote site configuration using the show vc command.
Page 48: Monitoring The Dhcp Server
6-12 6: M HAPTER ANUAL ETUP The Hostname is the base name assigned to the workstation . A numeric suffix is appended to the base name and incremented after each assignment. For example, if the Hostname unit is configured, the first workstation will be assigned the Hostname unit01, the second workstation will be assigned unit02 and so forth.
Page 49: Configuring The Dhcp Relay
Internet and the other to a corporate site which has a domain name of 3com.com. Two DNS remote servers can be configured, one which uses the corporate site for 3com.com and the other to use the Internet as the default.
Page 50: Configuring Dns
6-14 6: M HAPTER ANUAL ETUP Configuring DNS enable dns disable dns You can configure three global DNS parameters that control the operation of the DNS proxy. show dns settings set dns DNS Host Entries add dns host <host name> address <ip address> list dns hosts delete dns host <host name>...
Page 51: Ipx Routing
add dns server <domain name> primary_address <ip address> secondary_address <ip address> add dns server <domain name> vc <vc name> list dns servers delete dns server <domain name> Access Lists Access Lists enable you to restrict which Remote Subnets are allowed to access the Management services of the OCR812.
Page 52: Enabling Ipx Routing
6-16 6: M HAPTER ANUAL ETUP To configure IPX routing, IPX must be defined on both the LAN interface and one or more remote sites. On the LAN, an IPX network must exist with a specified IPX network number. On the remote sites, IPX forwarding needs to be enabled, and the WAN interface address need to be configured.
Page 53: Configuring Ipx Static And Framed Routes
set vc <vc name> To specify that the WAN IPX network address should be learned via PPP you can enter FFFFFFFF for the <ipx network address> parameter: set vc <vc name> To specify that the interface is Unnumbered you must enter 00000000 for the <ipx network address>...
Page 54: Configuring Ipx Static And Framed Services
6-18 6: M HAPTER ANUAL ETUP delete ipx_route vc <vc name> Remember to disable and then re-enable the VC profile for the change to take effect. Configuring IPX Static The Service table contains IPX server names, the services they provide, their and Framed Services network and node addresses, and their relative distances.
Page 55: Configuring Ipx Rip And Sap
The route will be removed from the IPX routing table when the VC profile is disabled. delete ipx_service vc <vc name> Remember to disable and then re-enable the VC profile for the change to take effect. Configuring IPX RIP and IPX RIP is used to exchange IPX routing information with other IPX routers.
Page 56: Configuring Bridging For The Lan
6-20 6: M HAPTER ANUAL ETUP attached to a network segment. A data packet is not forwarded to another segment if its destination MAC address resides on the same segment as its source. To efficiently separate traffic, the bridge maintains a Bridge Forwarding Table. The table contains a list of MAC addresses and their associated network segments.
Page 57: Configuring Bridging For The Remote Site Connections
Configuring Bridging for To configure bridging to a remote site you must enable bridging in the VC profile the Remote Site using the command: Connections set vc <vc name> Bridging IP Traffic By default the OfficeConnect Remote 812 is set up to route IP traffic. To bridge IP traffic you must turn off IP Forwarding.
Page 58: Mac-Encapsulated Routing
6-22 6: M HAPTER ANUAL ETUP The Spanning Tree Priority is the priority assigned to a bridge that is running the Spanning Tree Protocol. It is used for prioritizing the bridges when Spanning Tree is enabled. set bridge spanning_tree_priority <priority value> MAC-Encapsulated Because routers base their forwarding decision on network-level addresses, Routing...
Page 59: System Administration
The Bridge Firewall has three modes: 1 Discard Routed Protocols: This is the default mode. If a protocol is configured for routing and a packet for that protocol type is received from the LAN that is not addressed to the MAC address of the OfficeConnect Remote 812, it is discarded.Additionally, broadcasts (including ARPs) for the protocol are not passed to the bridge.
Page 60: Setting Date And Time
6-24 6: M HAPTER ANUAL ETUP Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory. Setting Date and Time You can obtain the current date, time and system uptime using the command: show date The date and time information is provided in the following format: You can set the date using the command: set date which sets the system date,...
Page 61: Providing Tftp Access
The name can be up to 32 characters long and the password can be up to 15 characters long. To delete a login user, use the command: delete user <name> To change the password, use the command: set user <name> password <new password> To enable the use of CLI for TELNET users, issue the additional command: enable security_option remote_user administration Providing TFTP Access...
Page 62: Introduction
Be sure to save your configuration after entering a new password. Care should be taken to remember the configured password. If the password is forgotten, the unit must be sent back to 3Com support to have the feature disabled. Introduction The OfficeConnect Remote 812 provides an extensive set of data filtering capabilities.
Page 63: Filter Classes
Packet filters control inter-network data transmission by accepting or rejecting the passage of specific packets through network interfaces based on packet header information. When data packets are received by a network interface such as an Ethernet LAN or WAN port, a packet filter analyzes packet header information against a set of rules you define.
Page 64: Advertisement Filters
6-28 6: M HAPTER ANUAL ETUP Bridge Advertisement Filters Advertisement filters operate on network protocol packets that contain varying information such as SAP or RIP. Filtering of these packets is performed by the specific protocol process. The following table describes the advertisement filters supported: Table 0-1 Advertisement Filters Filter...
Page 65: Creating Filters Using Command Line Interface
Creating Filters Using Before creating a filter file, you should carefully identify the information you want Command Line to filter. Decide if you want a filter that discards packets (such as reject all IP Interface packets whose IP source address is 192.168.200.50) or accept only a subset of packets (such as accept only bridged packets if the destination MAC address is 002069000001 or 002069000002).
Page 66: Protocol Rules
6-30 6: M HAPTER ANUAL ETUP IPX-SAP BR-ETH Protocol Rules You can define protocol rules within each protocol section in the filter file. Protocol rules determine which packets may and may not access the network. The rule syntax is: <line #> <verb> <keyword> <operator> <value> The line # range is 1-10.
Page 67: Generic Filter Rule
following rules are used: 1 ACCEPT src-addr=xxx; 2 ACCEPT dst-addr=yyy; 999 DENY; (This will only accept packets from the specified address(es); all other packets will be rejected.) The following table describes the keywords for each protocol section and their legal operators used in the rule syntax. Value ranges are also given where ddd is a decimal between 1 and 255, mask is a decimal between 1 and 32, and xx is a hex number: Table 6-4 Protocol Keywords...
Page 68: Ip Source And Destination Network Filtering Using Cli
6-32 6: M HAPTER ANUAL ETUP VALUE - The value (hex) to compare to the packet contents. For example, a generic bridge filter to prevent all IP packets from being bridged is: BR-ETH: 1 reject generic=>origin=frame/offset=12/length=2/mask=0xFFFF/value=0x0800; Applying the Rules The following sections provide detailed information and examples for creating Using CLI specific filters based on protocol.
Page 69: Ip Rip Packet Filtering Using Cli
Creating Filters Using Command Line Interface 6-33 1 REJECT protocol = TCP; IP RIP Packet Filtering Using CLI Routing Information Protocol (RIP) packets are used to identify all attached networks as well as the number of router hops required to reach them. The responses are used to update a router's routing table If the router is listening for, or broadcasting RIP messages, you should allow them to pass in the appropriate direction(s).
Page 70: Ipx Rip Packet Filtering Using Cli
6-34 6: M HAPTER ANUAL ETUP You can compare the source or destination IPX socket number contained in the packet to the socket number defined in the filter rules. You must specify the type of the comparison. For example, the following rule example accepts IPX packets with the IPX source socket number 0x001: IPX: 1 ACCEPT src-socket = 0x001;...
Page 71: Step By Step Guide To Creating Filter Files Using Cli
1 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0800; # Allow ARP traffic 2 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0806; # Allow IPX traffic 3 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8136; 4 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8137; 999 DENY; Step by Step Guide to You can create filter files using any text editor. Once the file is created, use the Creating Filter Files Trivial File Transfer Protocol (TFTP) to place the filter file in the router FLASH Using CLI...
Page 72: Assigning Filters
6-36 6: M HAPTER ANUAL ETUP 11 From a machine that has access to the same network as the router, use a TFTP command to transfer the filter file to the router FLASH memory. For example, from the workstation command line enter: tftp <OfficeConnect Remote 812 IP address>...
Page 73: Vc/Remote Site Filters
VC/Remote Site Filters You can configure filters for a specific VC / remote site profile that controls access to the network for that location. This filter is only applied for the duration of the remote network connection. As with interface filters, a remote site filter can be configured to apply to input or output data traffic.
Page 74: Setting Filter Access Using Cli
6-38 6: M HAPTER ANUAL ETUP Setting Filter Access When filters are assigned to both the WAN interface and a VC/remote site profile, Using CLI you need to tell the router which one to use using the filter access parameter. If filter access is ON, the VC / remote site filters will override interface filters.
Page 75: Removing A Filter From A Vc/Remote Site Profile Using Cli
set interface <interface name> input_filter "" set interface <interface name> output_filter "" The " " value represents a null value and removes the defined filter from the interface. For example, to remove an output filter from an interface named eth:1, you would use the following command: set interface eth:1 output_filter ""...
Page 76 6-40 6: M HAPTER ANUAL ETUP...
Page 77: Aofficeconnect Remote 812 Sample Configuration
OFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION This section describes a sample configuration which illustrates the following OfficeConnect Remote 812 ADSL Router features: Address Translation Internal DHCP Server and DNS Proxy. Multiple Remote Sites, with different routing and bridging configurations. Our sample SOHO network, shown below, has the OfficeConnect Remote 812 connected to a LAN that is using private IP addresses.
Page 78: Global Configuration
192.168.200.1 end 192.168.200.40 mask 255.255.255.0 set dhcp server router 192.168.200.254 set dhcp server dns1 192.168.200.254 dns2 0.0.0.0 set dhcp server wins1 0.0.0.0 wins2 0.0.0.0 add dns host ocrdsl-3com.com addr 192.168.200.254 add dns server MyCorp.com primary 192.168.1.253 add dns server * vc Internet enable dns...
Page 79: Bridge Configuration
Request was for www.MyCorp.com/events/local the domain MyCorp.com would match given our configuration and the request would be forwarded to the DNS Server at 192.168.1.253. If a request was for www.3com.com, a match would not be found in the Remote server table and therefore the request would be forwarded to the default Remote DNS Server.
Page 80: Remote Site: Corporate Access
A: OFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION PPENDIX set vc Internet ip enable ipx disable bridging disable set vc Internet network_service ppp set vc Internet send_name internet-user send_password 1a2b3c set vc Internet atm vpi 0 vci 32 category_of_service unspecified pcr 0 set vc Internet address_selection negotiate set vc Internet local_ip_address 255.255.255.255 set vc Internet nat enable...
Page 81: Cli Command Description
CLI COMMAND DESCRIPTION CLI Commands Use the ADD command to define: Note that some parameters have default values. add access The access list defines which Remote IP Subnets are allowed access to the <ip subnet address> Management services of the OCR812. Use this command to add an entry to the list.
Page 82: Add Dns Host Address
B: CLI COMMAND DESCRIPTION PPENDIX command, and set user to specify the protocol and other parameters related to bridging. Parameters <network_name> enabled add dns host Adds the named host to the Local Host Table. When the system needs to resolve <host_name>...

Page 83: Add Framed_Route Vc
add framed_route vc ip_route [ip_address] <name> metric [number] Adds a framed (static) network to the VC profile for WAN connections. This method of creating a static route does not run RIP to learn routes, so you must specify IP route and gateway addresses. See add ip route. Parameters <VC profile name>...

Page 84: Add Ipx Network
B: CLI COMMAND DESCRIPTION PPENDIX Adds an entry to the IP routing table. IP packets destined for networks that match this network will be routed to this address. The command list ip routes displays your currently defined routes. Parameters <net_address> IP address of the remote network, in the format nnn.nnn.nnn.nnn, with or gateway metric add ipx network...

Page 85 add ipx service address [internal network number] [service_name] gateway [network_number.mac_address] metric [metric] node [internal_node_number] socket [socket_number] type [service_type] Adds a static IPX service (for the LAN) to the IPX services table. You must supply the name, internal ipx network number, node number, socket, and type of service for this service.
Page 86: Add Ipx_Route Vc
B: CLI COMMAND DESCRIPTION PPENDIX add ipx_route vc ipx_net [ipx_address] <name> metric [hop_count] ticks [tick_number] Adds an IPX route for the a user over the WAN. Parameters <name> Ipx_net Metric ticks add ipx_service vc ipx_net [ipx_address] <name> hops [number] name [name] node [internal_node_number] socket [socket_number] type [service_type]...

Page 87: Add Nat Tcp Vc
add nat tcp vc private_address [ip_address] <user_name> private_port [number] public_port [number] Parameters <vc_name> private_address private_port public_port Note: Typically, the private and public port numbers are set to the same value. See “Configuring Network Address Translation’ in Chapter 6 for an example in which they differ.

Page 88: Add Network Service Status
B: CLI COMMAND DESCRIPTION PPENDIX add network service <service_name> Status This configures a network listener process that provides a certain type of service. To see the available server types, use list services. Parameters <service_name> server_type socket enabled data close_active_ connections The table below shows configurable parameters for TELNET services, which are specified with the data parameter.
Page 89: Add Snmp Community
add snmp community address [IP_address] <community_name> access [RO | RW] Adds to the list of SNMP authorized users. The community name and IP address of SNMP requests from managers on the network must match the list, which you can see using list snmp communities. Parameters <community_name>...

Page 90: Add Vc [Name]
B-10 B: CLI COMMAND DESCRIPTION PPENDIX Adds a Telnet user to the local user table. The list users command displays these parameters for all users. Parameters Name Password Enabled add vc [name] Creates a virtual channel (VC) profile. Each profile represents a connection to a remote site.
Page 91: Delete Dns Host
delete dns host Deletes the specified host from the DNS Local Host Table. Use list DNS hosts to <host_name> view the DNS Local Host table. After deletion, requests for that host will be processed through a DNS server, instead of locally. Use list DNS servers to see which servers are defined.

Page 92: Delete Network Service
B-12 B: CLI COMMAND DESCRIPTION PPENDIX delete network service Deletes the specified network service from the list of available services. You must <service_name> use disable network service before deleting the service. You can see which services are available and active using list available services and list services. delete snmp Deletes an SNMP community that was previously added with the add snmp community <name>...

Page 93: Disable Icmp
disable command Disables the console password feature. password disable icmp Disables the Internet Control Message Protocol . disable interface Disables the specified interface. A disabled interface remains in the interface <interface_name> table, but will not transmit or receive any data. Use list interfaces to see the currently defined interfaces, and their status.
Page 94: Disable Security_Option Remote_User Administration
B-14 B: CLI COMMAND DESCRIPTION PPENDIX disable security_option Disables CLI access to remote TELNET users. All CLI configuration must be done remote_user from the console port. You can use enable security_option remote_user administration administration to re-enable remote CLI access. disable snmp Instructs SNMP to stop recording trap information for user (either local or remote) authentication traps authentication.
Page 95: Enable Interface
enable interface Enables the specified interface. Enabling an interface enables it to transmit and <interface_name> receive data. You can use list interfaces to see which interfaces are defined, and whether they are currently disabled. enable ip forwarding Enables all IP networks to forward (route) packets. You should only need to use this command if you previously used disable ip forwarding.
Page 96: Enable Telnet Escape
B-16 B: CLI COMMAND DESCRIPTION PPENDIX enable telnet escape If the TELNET escape character was disabled by the disable TELNET escape command, this command re-enables it. When enabled, TELNET client users who press the TELNET escape key during their session will get a TELNET command line. By default the escape character is control-].
Page 97: Kill
KILL kill <“process name”> Kills an active process. Use list processes to see which processes are currently active. You can only kill a process that you started. An example would be a ping that you started that you now wish to kill. LIST list access Displays all IP Subnet addresses in the access list.
Page 98: List Critical Events
B-18 B: CLI COMMAND DESCRIPTION PPENDIX list critical events Displays the last ten critical status events, and the system time when each occurred. You can change which events are logged as critical, using the set facility command. The table displays the system, the up time, and the event. list dns hosts Displays the DNS Local Host name and its IP address, which you configured using the add dns host.
Page 99: List Ip Interface_Block
list ip interface_block Displays the IP addresses associated with each system interface. If the interface has a point-to-point connection, then the neighbor field contains the address of the remote system. This command lists: list ip networks Displays all the IP networks you previously defined using the add ip network command.
Page 100: List Ipx Services
B-20 B: CLI COMMAND DESCRIPTION PPENDIX list ipx services Displays IPX services. It lists: list lan interfaces Displays the operational and administrative status (UP or DOWN), interface index number and name (eth:1) of all LAN interfaces. The output is the same as the list interfaces command, except only LAN interfaces are displayed.
Page 101: List Services
list services Displays all network services you defined using the add network service command: list snmp communities These commands display the defined SNMP communities, which you previously or list snmp defined using the add snmp community command. SNMP trap_communities does trap_communities not list access.
Page 102: List Users
B-22 B: CLI COMMAND DESCRIPTION PPENDIX list users Lists all users, showing: list vc Lists all virtual channel profiles, showing: login_required enables or disables CLI password protection. password The CLI password. It must consist of 1 to 8 alphanumeric (printable) characters, inclusive.
Page 103: Reboot
REBOOT Reboot the system. If you have made any configuration changes, be sure to save all before rebooting. Also see the delete configuration command. RENAME rename file Renames files within the FLASH file system. The FLASH file system is a flat file <input_file>...
Page 104: Set Bridge Firewall [Firewall_Mode]
B-24 B: CLI COMMAND DESCRIPTION PPENDIX set bridge firewall Sets the mode of the Bridge Firewall function. The three modes are completely [firewall_mode] described in Chapter 6. set command Sets console parameters for CLI commands. Parameters history <numerical range> prompt <string> local_prompt <string>...
Page 105: Set Dhcp Relay Server2
enabled max_hops set dhcp relay server2 address <IP_address> enabled [YES | NO] max_hops <number> Defines the address and characteristics of the secondary DHCP Server over the WAN that should receive our relayed DHCP requests. Parameters address enabled max_hops set dhcp server DNS1 <IP_address>...
Page 106: Set Dns
B-26 B: CLI COMMAND DESCRIPTION PPENDIX mask router start_address WINS1 WINS2 set dns Sets the global parameters for DNS; both the local DNS hosts (list DNS host) and the remote DNS servers (list DNS servers). Parameters cache_size number_retries timeout set facility Sets the severity reporting level for a facility.
Page 107: Set Ip Network
<interface_name> Designation of interface you are setting parameters for. Limit of 32 filter_access input_filter output_filter set ip network <name> Sets the broadcast algorithm, the maximum size used for reassembling fragmenting packets, the RIP authentication string, RIP policies, and the routing protocol for the specified interface.

Page 108: Set Ip Routing
B-28 B: CLI COMMAND DESCRIPTION PPENDIX The following flags are for backward compatibility with RIP version 1 when RIP version 2 is selected as the routing protocol: Parameters <network_name> broadcast_algorithm reassembly_ maximum_size rip_authentication rip_policies_update routing_protocol set ip routing Send Compatibility - Controls the selection of destination MAC and IP addresses.
Page 109: Set Ipx Network
rip_flags [METRICS, SEND_REQUEST] router_id [router_id] Sets parameters for IP routing to the specified IP router address, which is the gateway to an Autonomous System. Parameters autonomous_system_number Autonomous system number. table_maximum_size metric_maximum_entries rip_flags Router_id set ipx network delay_ticks [number] <network_name> diagnostics [DISABLE | ENABLE] maximum_learning_retries [number] netbios [ENABLE | DISABLE] netbios_name_cache [DISABLE | ENABLE]...

Page 110: Set Ipx System
B-30 B: CLI COMMAND DESCRIPTION PPENDIX netbios netbios_name_cache netbios_cache_timer netbios_max_hops packet_maximum_size rip_age_multiplier rip_packet_size rip_update_interval sap_age_multiplier sap_packet_size sap_nearest_replies sap_update_interval set ipx system Sets parameters for dynamic IPX networks. Parameters priority default_gateway initial_pool_address Initial IPX address used to dynamically assign IPX network. pool_members set network service <admin_name>...
Page 111: Set Ppp Receive_Authentication [None | Pap | Chap | Either]
server_type socket data close_active_connections set ppp Sets the type of inbound authentication to be used when establishing PPP receive_authentication connections. See RFC 1334 for details about CHAP and PAP. [NONE | PAP | CHAP | Options: EITHER] Parameters NONE CHAP EITHER set ppp echo_retries Sets the number of PPP echo request retries that will be attempted before...
Page 112: Set Syslog Loglevel [Level
B-32 B: CLI COMMAND DESCRIPTION PPENDIX Specifies system contact information, which is displayed using show system. The user name is the remote account name. Location, name and contact names are limited to 64 characters. from managers on the network must match the list, which you can see using list snmp communities.
Page 113 bridging [enable | disable] default_route_option [enable | disable] destination_address [ip address] end_time [ HH:MM:SS ] header_compression [none | TCPIP] idle_timeout [seconds] input_filter [filter_name] ip [enable | disable] ip_routing [listen | send | both | none] ip_source_validation [enable | disable] ipx [ enable | disable ] ipx_address [ ipx_addr ] ipx_routing [ all | listen | respond | send | none ] ipx_wan [ enabled | disabled ]...
Page 114 B-34 B: CLI COMMAND DESCRIPTION PPENDIX default_route_ option Destination_ address End_time Header_ compression idle_timeout input_filter ip_routing ip_source_ validation ipx_address ipx_routing ipx_wan local_IP_address mac_routing management_ip_ address NAT_option When enabled, a default route is automatically created (by negotiation) with the remote router’s IP address. For an SVC, this is the destination E.164 address to which a connection will be established.
Page 115: Set Vc Atm
NAT_default_ address Network_service output_filter Password remote_IP_address For a client IP connection, address assigned to the client. rip_authentication Text string used for RIPv2 authentication. rip_policies _update send_name send_password Type set vc <vc_name> atm bt [number] category_of_service [Unspecified (UBR) | Variable (VBR)] pcr [number] scr [number] type [PVC | SVC]...
Page 116: Show
B-36 B: CLI COMMAND DESCRIPTION PPENDIX Type SHOW Show commands display details about system entities. show access Displays the current status of the access list feature. show atm status Displays current statistics for the ATM protocol running over the ADSL WAN interface.
Page 117: Show Adsl Transceiver_Status
Total time since system reboot (hours, minutes, seconds) Total time since last linkdown: Errored seconds since last link down: Total errored seconds in 15 minutes: Total errored seconds in previous 15 minutes: show adsl Displays the current status of the ADSL/ATM link. transceiver_status Fields: Operational Mode: either “loss of signal”...
Page 118: Show Call_Log
B-38 B: CLI COMMAND DESCRIPTION PPENDIX show call_log Displays the current call status of a specified VC. Fields: show command Displays the settings for Command History Depth, and the Current Prompt. You can modify the history depth using set command history, and alter the prompt using set command prompt.
Page 119: Show Date
Critical Event Sink - where critical events are logged, default is @file:/./log-file.local Critical Event Backup - where critical events are logged, if the first destination fails, default is @file:/./old-log-file.local show date Displays the system date, time, and uptime. For example: System Date: System UpTime: show dhcp client...
Page 120: Show Dhcp Server Counters
B-40 B: CLI COMMAND DESCRIPTION PPENDIX show dhcp server Displays various counters for the DHCP Server. counters show dhcp server Displays the current settings for the DHCP Server. settings show dns counters Displays various counters for DNS. Lease Requests Received Lease Accepts Received Lease Renewals Received Lease Refusals Received...
Page 121: Show Dns Settings
SPECIFIC ERROR COUNTERS show dns settings Displays settings for all DNS servers. You can modify using set DNS. show filter protocols [BR-ETH,BR-ETH-CALL,IP | IP-CALL, IP-RIP] <filter_name> Displays the filter rules, based on the protocol options specified. The filter name MUST be a filter file, as listed using list filters. show icmp counters Shows the Input and Output Counters for ICMP.
Page 122 B-42 B: CLI COMMAND DESCRIPTION PPENDIX OUTPUT COUNTERS show interface Displays counters for the specified interface. <interface_name> counters Messages - ICMP packets received. Errors - ICMP packets received with errors. Destination Unreachable - sum of ICMP messages received when a router cannot forward a packet to its specified destination Time Exceeded - sum of ICMP messages generated by a router when time has exceeded or a timeout has occurred while waiting for a packet segment...
Page 123: Show Interface Settings
INPUT COUNTERS Octets - bytes received Ucast - Unicast packets received MultiCast - Multicast packets received BroadCast - broadcast packets received Discards - Number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol.
Page 124: Show Ip Settings
B-44 B: CLI COMMAND DESCRIPTION PPENDIX OUTPUT COUNTERS show ip settings Displays system wide IP information. show ip network Displays parameter settings for the specified IP network. See the set ip network <network_name> command on page 29 for additional details. settings show ipx counters Displays counters for all IPX network activity.
Page 125: Show Ipx Network Counters
INPUT COUNTERS Total Packets Received - sum of IPX packets received Header Errors - sum of incoming packets discarded due to errors in their headers, including any IPX packet sized less than a minimum of 30 bytes Unknown Sockets - sum of incoming packets discarded because the destination socket was not open Discarded - sum of incoming packets discarded due to reasons other than those accounted for by Header Errors, and Unknown Sockets...
Page 126: Show Ipx Rip
B-46 B: CLI COMMAND DESCRIPTION PPENDIX show ipx rip Displays information about RIP for IPX. Parameters settings counters show ipx sap Frame Type - frame type used by the interface (ETHERNET II, SNAP, or LOOPBACK) Maximum Packet Size - maximum allowable packet size for this IPX network.
Page 127: Show Ipx Settings
Displays information about SAP for IPX. Parameters settings counters show ipx settings Displays settings for dynamic IPX networks. You can modify these values using the set ipx system command. show memory Displays System DRAM Memory usage. show network <name> Displays the configured settings for the specified network. The display varies settings depending on the type of network specified.
Page 128: Show Ppp On Interface Settings
B-48 B: CLI COMMAND DESCRIPTION PPENDIX COUNTERS for PPP LINK 1 - 5 show ppp on interface Displays the settings for PPP on the specified WAN interface. <name> settings SETTINGS for PPP BUNDLE 1 Number Active Links - sum of active links using this PPP bundle Transmit Packets - sum of packets transmitted over this bundle Bytes from Upper Layer - sum of bytes received from an upper layer application for transmission over this bundle.
Page 129 Local Endpoint Length - maximum length of the local Endpoint Discriminator Address, default is 6 Local Endpoint ID - value of the local Endpoint Discriminator Address Remote Endpoint Class - value of the remote Endpoint Discriminator Class, which indicates the type of address being used as the identifier Remote Endpoint Length - maximum length of the remote Endpoint Discriminator Address Remote Endpoint ID - value of the remote Endpoint Discriminator Address...
Page 130: Show Ppp Settings
B-50 B: CLI COMMAND DESCRIPTION PPENDIX show ppp settings Displays global settings for PPP. You can modify inbound authentication using the set ppp receive_authentication command. show security_option Displays status for SNMP User Access and Administration by Remote Users. You settings can modify the SNMP User Access using the enable or disable security_option snmp commands.
Page 131: Show Snmp Settings
Trap PDUs - sum of SNMP Trap PDUs sent from SNMP Authentication Traps - ENABLED (default) or DISABLED System Descriptor - for example: 3Com OfficeConnect™ Remote 812 V1.0.0, Built on Oct 31 1998 at 11:33:05. Object ID - identifies this system to SNMP managers...
Page 132: Show Tcp Settings
B-52 B: CLI COMMAND DESCRIPTION PPENDIX TCP COUNTERS show tcp settings Displays system-wide TCP settings. TCP SETTINGS show udp Displays statistics for UDP datagrams. INPUT COUNTERS OUTPUT COUNTERS show user <name> Displays the parameters defined for the specified TELNET user. You can use list settings users to see which users are defined.
Page 133: Telnet Commands
TELNET TELNET commands are available to users who dial in, and whose type is network (type parameter in add user), whose host_type is prompt (host_type parameter in set login user), and whose login_service is TELNET (login_service parameter in set login user). telnet Establishes a TELNET client session with the specified IP host name or address.
Page 134: Cli Exit Commands
B-54 B: CLI COMMAND DESCRIPTION PPENDIX For example, to set the TELNET escape character to control - X, type set_escape status Displays the IP address of the remote host and the value of the TELNET escape character. CLI Exit These commands are available to TELNET users so they can disconnect from the Commands CLI.
Page 135: Comments
Command Features B-55 Comments Nothing following the semicolon will be processed. This is useful when you are writing CLI script files. The do command runs a CLI script.
Page 136 B-56 B: CLI COMMAND DESCRIPTION PPENDIX...
Page 137 Add command 2 address filtering, source and destination 26 Address Translation Overview 9 PAT 10 ADSL reset B-22 Advertisement Filters 27 Advertisement filters 27 Applying a Filter to an Interface Using CLI 37 Applying Filters Using CLI 36 Applying the Rules Using CLI 31 Assigning Filters 36 show status B-35 ATM Information, configuring 3...
Page 138 data filtering, Input and output 26 Data Filters 27 Date 23 Defaults 7 DHCP Configuration set DHCP mode B-23 set DHCP relay server1 B-23 set DHCP relay server2 B-24 set DHCP server B-24 Overview 11 Relay 13 Server 11 Statistics show dhcp server counters B-38 show dhcp server settings B-38 DHCP Relay...
Page 139 Input data filters 27 Interface 1, 3 Interface Filters 36 Interfaces disable interface B-12 disable link_traps interface B-12 enable interface B-14 list active interfaces B-16 list interfaces B-17 list lan interfaces B-19 Internet, viewing Web resources 1 IP 3, 1, 3, 4 Configuration add ip network B-3 add user B-9...
Page 140 IP Source and Destination Port Filtering Using CLI 32 Configuration add ipx network B-4 delete ipx network B-10 disable ipx network B-12 enable ipx network B-14 set ipx network B-28 show ipx network settings B-44 show ipx settings B-45 ROUTING show ipx RIP settings B-44 Routing add ipx route B-4...
Page 141: Instructions
Output data filters 27 Package, what’s included 1 Packet filters 26 Password 2, 3 password B-21 Password Protection 25 password protection 2 Passwords add user B-9 set ppp receive_authentication B-30 PC 1 port filtering 26 Dial-in set ppp receive_authentication B-30 show ppp settings B-48 list ppp B-19 show ppp settings B-48...
Page 142 add snmp trap_community B-9 delete snmp community B-11 delete snmp trap_community B-11 disable link_traps interface B-12 disable security_option snmp user_access B-13 disable snmp authentication traps B-13 enable link_traps interface B-14 enable security_option snmp user_access B-14 enable snmp authentication traps B-14 list snmp communities B-20 System Administration Overview 23...
Page 143 The repaired or replaced item will be shipped to Customer, at the expense of 3Com, not later than thirty (30) days after receipt of the defective product by 3Com.
Page 144 This booklet is available from the U.S. Government Printing Office, Washington, D.C. 20402. Stock No. 004-000-00345-4. NOTE: In order to maintain compliance with the limits of a Class B digital device, 3Com requires that you use quality interface cables when connecting to this device. Changes or modifications not expressly approved by 3Com could void the user’s authority to operate this equipment.

This manual is also suitable for:

Officeconnect 812

3Com OfficeConnect 3CP4144 Cli User's Manual

1 Accessing the Configuration Interface

151 Cli Command Conventions and Terminology

3 Configuration Methods

4 Quick Setup

5 Quick VC Setup

6 Manual Setup

Aofficeconnect Remote 812 Sample Configuration

Cli Command Description

Quick Links

Related Manuals for 3Com OfficeConnect 3CP4144

Summary of Contents for 3Com OfficeConnect 3CP4144

This manual is also suitable for:

Table of Contents