Page 1 GW7304 Series User Manual Issue: Date: 11 April 2017...
Page 2: Table Of Contents
Securing uhttpd ..................43 Configuring Dynamic DNS ................44 Overview ....................44 Configuration packages used ..............44 Configuring Dynamic DNS using the web interface ........44 _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 2 of 336...
Page 3 12.13 User management using UCI ..............94 12.14 User management using package options ..........94 12.15 Configuring user access to specific web pages ......... 95 _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 3 of 336...
Page 4 Static routes diagnostics ................ 143 19 Configuring BGP (Border Gateway Protocol) ..........144 19.1 Configuration package used ..............144 19.2 Configuring BGP using the web interface ..........144 _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 4 of 336...
Page 5 IPSec diagnostics using UCI ..............227 25 Configuring firewall .................. 228 25.1 Configuration package used ..............228 25.2 Configuring firewall using the web interface ..........228 _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 5 of 336...
Page 6 Creating a GRE connection using the web interface ........291 31.3 GRE configuration using command line ............ 296 31.4 GRE configuration using UCI ..............296 31.5 GRE configuration using package options ..........296 _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 6 of 336...
Page 7 Configuration package used ..............332 35.2 Configuring SLA for a router using the web interface ......... 332 35.3 Configuring SLA for a router using UCI ............ 334 _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 7 of 336...
Page 8: Introduction
1: Introduction _______________________________________________________________________________________________________ 1 Introduction This user manual describes the features and how to configure a Virtual Access GW7304 Series router. The Virtual Access GW7304 Series router is ruggedized and supports extended temperature, high isolation and protection levels. The router enclosure is not conductive.
Page 9 Throughout the document, we use the host name ‘VA_router’ to cover all router models. UCI commands and package option examples are shown in the following format: root@VA_router:~# vacmd show current config _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 9 of 336...
Page 10 Diagnostics are explained at the end of each feature’s chapter. 1.2.4 UCI commands For detailed information on using UCI commands, read chapters ‘Router File Structure’ and ‘Using Command Line Interface’. _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 10 of 336...
Page 11: Gw7304 Series Hardware
Dual SIM • 1 xRS232 console port • 2 x antenna SMA connectors AC power input • Figure 1: GW7304-AC ports diagram Figure 2: GW7304-AC ports _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 11 of 336...
Page 12: Power Supply
The GW7304 Series router has one RJ45 connector used to present an RS232 interface. The serial port is named: ‘/dev/ttySC0’ The names of the port and pin-out of the serial connector is shown in the table below. _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 12 of 336...
Page 13: Gsm Technology
Upload up to 5.76 Mbps • • 2100/1900/900/850 MHz bands 2.5 Dimensions Height: 150mm Width: 200mm Depth: 75mm Weight: 800gr Dimensions with DIN rail clip and power connector _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 13 of 336...
Page 14: Operating Temperature Range
1 x GW7304 Series router supplied. 1 x Ethernet cable supplied. RJ45 connector at both ends. 1 x rubber right angle antenna standard supplied. Table 4: GW7304 standard components _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 14 of 336...
Page 15: Getting Started
Each GW7304 Series router is assigned a unique serial number. Record your device serial number on your warranty card or somewhere you can easily access it. You must reference your unique serial number (S/N) when you contact Virtual Access support for installation and configuration confirmation.
Page 16 DIN rail clip clicks into the DIN rail. The click sound means the box has engaged on the DIN rail and is secure. _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9...
Page 17 2.9.6 Connecting the antenna Virtual Access offers a variety of antennas as every 3G/4G wireless deployment is different. When selecting an antenna for your device, you should consider factors such as the installation environment, mounting options and the distance between router and antenna location.
Page 18 Under no circumstance should they be plugged into any other terminals or damage to the router may occur. Figure 10: The AC terminal block plugged into the GW7304-3G-AC Screw the terminal block with the wires back into the connector. 2.9.7.2 GW7304-3G-DC Unscrew the terminal block from the connector on the router.
Page 19 Releasing between 20-30 seconds reboots the router in recovery mode. Over 30 seconds Releasing after 30 seconds performs a normal reset. Table 5: GW7304 series router reset behaviour _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 19 of 336...
Page 20 You can use recovery mode to manipulate the config files, but should only be used if all other configs files are corrupt. If your router has entered recovery mode, contact your local reseller for access information. _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 20 of 336...
Page 21: Gw7304 Series Led Behaviour
PPP connected and signal strength >-69dBm *Note: When PPP is not connected, none of the signal LEDs will light regardless of signal strength. Table 6: LED behaviour and descriptions _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 21 of 336...
Page 22: Gw7304 Series Safety And Approvals
The United Kingdom and Republic of Ireland are under an obligation to minimise the disposal of Waste Electrical and Electronic Equipment (WEEE) in domestic waste and encourage recycling, recovery and environmentally sound disposal. Virtual Access is committed to promoting the reuse, recycling and recovery of WEEE by contributing to the appropriate compliance schemes.
Page 23: Approvals
Basic environmental testing procedures – part 2: Test N: change of temperature EN60068-2-78 Environmental testing – part2-78: Test Cab: damp heat, steady state ETSI EN300 019-2-2 Specification of environmental tests - transportation _______________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 23 of 336...
Page 24: Factory Configuration Extraction From Sim Card
5: Factory configuration extraction from SIM card _______________________________________________________________________________________________________ 5 Factory configuration extraction from SIM card Virtual Access routers have a feature to update the factory configuration from a SIM card. This allows you to change the factory configuration of a router when installing the SIM.
Page 25: Accessing The Router
The default settings are shown below. The username and password are case sensitive. In the username field, type root. In the Password field, type admin. Click Login. The Status page appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 25 of 336...
Page 26: Accessing The Router Over Ethernet Using An Ssh Client
SCP server. No dedicated SPC client is supported; select the SCP client software of your own choice. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 26 of 336...
Page 27: Accessing The Router Over Ethernet Using A Telnet Client
In the Router Password section, type your new password in the password field and then retype the password in the confirmation field. Scroll down the page and click Save & Apply. Note: the username ‘root’ cannot be changed. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 27 of 336...
Page 28: Configuring The Password Using Uci
'$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw option password ‘newpassword’ The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 28 of 336...
Page 29: Accessing The Device Using Radius Authentication
'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' config 'pam_auth' option enabled 'yes' option pamservice 'luci" option pammodule 'auth' option pamcontrol 'sufficient' option type 'radius' servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 29 of 336...
Page 30: Accessing The Device Using Tacacs+ Authentication
TACACS+ authentication can be configured for accessing the router over SSH, web or local console interface. package system config system 'main' option hostname 'VirtualAccess' option timezone 'UTC' config pam_auth option enabled 'yes' option pamservice 'sshd' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 30 of 336...
Page 31 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' config pam_auth option enabled 'yes' option pamservice 'luci' option pammodule 'account' option pamcontrol 'sufficient' option type 'tacplus' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 31 of 336...
Page 32 'service=ppp' config pam_auth option enabled 'yes' option pamservice 'login' option pammodule 'session' option pamcontrol 'sufficient' option type 'tacplus' option servers '192.168.0.1:49|secret' option args 'service=ppp' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 32 of 336...
Page 33: Ssh
SSH allows you to access remote machines over text based shell sessions. SSH uses public key cryptography to create a secure connection. These connections allow you to issue commands remotely via a command line. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 33 of 336...
Page 34 In the top menu, click System -> Administration. The Administration page appears. Scroll down to the SSH Access section. Figure 18: The SSH access section _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 34 of 336...
Page 35: Package Dropbear Using Uci
Table 8: Information table for SSH access settings 6.12 Package dropbear using UCI root@VA_router:~# uci show dropbear dropbear.@dropbear[0]=dropbear dropbear.@dropbear[0].PasswordAuth=on dropbear.@dropbear[0].RootPasswordAuth=on dropbear.@dropbear[0].GatewayPorts=0 dropbear.@dropbear[0].IdleTimeout=30 dropbear.@dropbear[0].Port=22 dropbear.@dropbear[0].MaxLoginAttempts=3 Package dropbear using package options _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 35 of 336...
Page 36: Certs And Private Keys
There is support for IPSec, OpenVPN and VA certificates and keys. If you have generated your own SSH public keys, you can input them in the SSH Keys section, for SSH public key authentication. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 36 of 336...
Page 37: Configuring A Router's Web Server
To configure the router’s HTTP server parameters, in the top menu, select Services -> HTTP Server. The HTTP Server page has two sections. Main Settings Server configurations Certificate Settings SSL certificates. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 37 of 336...
Page 38 ASN.1/DER private key used to serve HTTPS connections. If no listen_https options are given the key options are ignored. UCI: uhttpd.main.key /etc/uhttpd.key Opt: key Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 38 of 336...
Page 39 Does not follow symbolic links if enabled. UCI: uhttpd.main.no_symlinks Disabled. Opt: no_symlinks Enabled. Web: N/A Does not generate directory listings if enabled. UCI: uhttpd.main.no_dirlists Disabled. Opt: no_symlinks Enabled. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 39 of 336...
Page 40 '0.0.0.0:443' option home '/www' option rfc1918_filter '1' option cert '/etc/uhttpd.crt' option key '/etc/uhttpd.key' option cgi_prefix '/cgi-bin' option script_timeout '60' option network_timeout '30' option config '/etc/http.conf' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 40 of 336...
Page 41 Activation, this must be set to the serial number (Eth0 UCI: uhttpd.commonname MAC address) of the device. Opt: commonname Table 10: Information table for HTTP server certificate settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 41 of 336...
Page 42: Basic Authentication (Httpd Conf)
/etc/shadow or /etc/passwd. If you use $p$… format, uhttpd will compare the client provided password against the one stored in the shadow or passwd database. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 42 of 336...
Page 43: Securing Uhttpd
To get your current LAN IP address, enter: uci get network.lan.ipaddr Then modify the configuration appropriately: uci set uhttpd.main.listen_http='192.168.1.1:80' uci set uhttpd.main.listen_https='192.168.1.1:443' config 'uhttpd' 'main' list listen_http 192.168.1.1:80 list listen_https 192.168.1.1:443 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 43 of 336...
Page 44: Configuring Dynamic Dns
7 Configuring Dynamic DNS 7.1 Overview Dynamic DNS (DDNS) functionality on a Virtual Access router will dynamically perform DDNS updates to a server so it can associate an IP address with a correctly associated DNS name. Users can then contact a machine, router, device and so on with a DNS name rather than a dynamic IP address.
Page 45 UCI: ddns.<name>.ip_source network IP is a associated with a network configuration. Opt: ip_source interface IP is associated with an interface. IP is associated with a URL. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 45 of 336...
Page 46: Dynamic Dns Using Uci
Dynamic DNS uses the ddns package /etc/config/ddns 7.4.1 UCI commands for DDNS root@VA_router:~# uci show ddns ddns.ddns1=service ddns.ddns1.enabled=1 ddns.ddns1.service_name=dyndns.org ddns.ddns1.domain=fqdn_of_interface ddns.ddns1.username=testusername ddns.ddns1.password=testpassword ddns.ddns1.ip_source=network ddns.ddns1.ip_network=dsl0 ddns.ddns1.check_interval=10 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 46 of 336...
Page 47 'test' option password 'test' option ip_source 'network' option ip_network 'dsl0' option check_interval '10' option check_unit 'minutes' option force_interval '72' option force_unit 'hours' option interface 'dsl0' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 47 of 336...
Page 48: System Settings
Configure the router’s web language and style. Time synchronization Configure the NTP server in this section. 8.2.1 General settings Figure 25: General settings in system properties _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 48 of 336...
Page 49 External syslog server IP address. UCI: system.main.log_ip Range Opt: log_ip 0.0.0.0 Web: External system log server port External syslog server port number. UCI: system.main.log_port Range Opt: log_port _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 49 of 336...
Page 50 /root/syslog.messages,x (where x starts at 0). Opt: log_file_count Range Stores 1 archive log file in flash Table 13: Information table for the logging section _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 50 of 336...
Page 51 UCI: system.ntp.server can be configured and are separated by a space if using UCI. Opt: list server By default all fields are set to 0.0.0.0. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 51 of 336...
Page 52: System Settings Using Uci
10.10.10.10 System settings using package options root@VA_router:~# uci export system package 'system' config 'system' 'main' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 52 of 336...
Page 53: System Diagnostics
To stop this option, type fg to view the current jobs, then press ctrl-c to kill those jobs. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 53 of 336...
Page 54 Shows end of the events stored flash. root@VA_router:~# tail –f /root/syslog.messages & Shows the log on an ongoing basis. To stop this option, press ctrl-c. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 54 of 336...
Page 55: Upgrading Router Firmware
To check which software version your router is running, in the top menu, browse to Status -> Overview. Figure 30: The status page showing a software version prior to 72.002 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 55 of 336...
Page 56 9.1.2 Upgrading router firmware for software versions pre- 72.002 Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab -> Backup/Flash Firmware. The Flash operations page appears.
Page 57 To verify that the router has been upgraded successfully, click Status in the top menu. The Firmware Version shows in the system list. Figure 35: The system status list _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 57 of 336...
Page 58 9.1.3 Upgrading router firmware for software version 72.002 and above Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab > Flash operations. The Flash operations page appears.
Page 59 To regain access to the router you must login again. If any part of the processes encounters an error the reboot does not occur and a report is given as shown in section 1.3.3. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 59 of 336...
Page 60 Version shows in the system list and also in the right top corner of the menu bar. Figure 41: The system status list showing current firmware version _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 60 of 336...
Page 61: Upgrading Firmware Using Cli
Windows it requires an additional application. The usage example below is for a Unix machine and therefore assumes the image file is in the current folder. scp LIS-15.00.72.002.image root@x.x.x.x:/tmp/LIS-15.00.72.002.image _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 61 of 336...
Page 62 After the write process has finished, you must complete post verification of the firmware. To verify the checksum of downloaded firmware, enter: va_image_csum.sh /tmp/LIS-15.00.72.002.image The checksum of the downloaded binary is shown: 08761cd03e33c569873bcc24cf2b7389 7006920 LIS-15.00.72.002 This MD5 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 62 of 336...
Page 63 Provided the programming has succeeded, you can set it as the next image to use after reboot, enter: vacmd set next image altimage To reboot using the new firmware, enter: reboot _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 63 of 336...
Page 64: Router File Structure
Figure 42: The status page System information is also available from the CLI if you enter the following command: root@VA_router:~# va_vars.sh _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 64 of 336...
Page 65: Identify Your Software Version
In the Firmware Version row, the first two digits of the firmware version identify the hardware platform, for example LIS-15; while the remaining digits: .00.72.002, show the software version. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 65 of 336...
Page 66: Image Files
To show the configuration to run after the next reboot, enter: root@VA_router:~# va_config.sh next To set the configuration to run after the next reboot, enter: root@VA_router:~# va_config.sh -s [factconf|config1|config2|altconfig] _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 66 of 336...
Page 67: Configuration File Syntax
Configurations can also be managed using directory manipulation. To remove the contents of the current folder, enter: root@VA_router:/etc/config1# rm –f * Warning: the above command makes irreversible changes. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 67 of 336...
Page 68: Exporting A Configuration File
In the top menu, select System > Backup/Flash Firmware. The Flash operations page appears. Figure 45: The flash operations page In the Backup/Restore section, select Generate Archive. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 68 of 336...
Page 69: Importing A Configuration File
8.9.1 If you have software version 72.002 or above, export a configuration file using the web interface go to section 8.9.2 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 69 of 336...
Page 70 Upload archive. Figure 48: The system – restoring…page When the ‘waiting for router’ icon disappears, the upgrade is complete, and the login homepage appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 70 of 336...
Page 71 OK to return to the Flash Operations page. There you can manually select Made Active (after reboot). Then click Reboot Now in the ‘Reboot using Active Configuration’ section. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 71 of 336...
Page 72 <paste in config file> <CTRL-D> Note: it is very important that the config file is in the correct format otherwise it will not import correctly. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 72 of 336...
Page 73: Using The Command Line Interface
11: Using the Command Line Interface _______________________________________________________________________________________________________ 11 Using the Command Line Interface This chapter explains how to view Virtual Access routers' log files and edit configuration files using a Command Line Interface (CLI) and the Unified Configuration Interface (UCI) system.
Page 74 0 Jul 3 11:37 usr lrwxrwxrwx 1 root root 4 Jul 16 2012 var -> /tmp drwxr-xr-x 4 root root 67 Jul 16 2012 www _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 74 of 336...
Page 75 444 S -ash 374 root 344 R ps ax 375 root 400 S /bin/sh /sbin/hotplug button 384 root 396 R /bin/sh /sbin/hotplug button 385 root [keventd] _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 75 of 336...
Page 76: Using Unified Configuration Interface (Uci)
-f <file> use <file> as input instead of stdin when importing, merge data into an existing package _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 76 of 336...
Page 77 Note: all operations do not act directly on the configuration files. A commit command is required after you have finished your configuration. root@VA_router:~# uci commit _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 77 of 336...
Page 78 To show the configuration ‘tree’ for a given config, enter: root@VA_router:/# uci show network network.loopback=interface network.loopback.ifname=lo network.loopback.proto=static network.loopback.ipaddr=127.0.0.1 network.loopback.netmask=255.0.0.0 network.lan=interface network.lan.ifname=eth0 network.lan.proto=dhcp network.wan=interface network.wan.username=foo _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 78 of 336...
Page 79 To show the image running currently, enter: root@VA_router:~# vacmd show current image To set the image to run on next reboot, enter: root@VA_router:~# vacmd set next image [image1|image2|altimage] root@VA_router:~# reboot _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 79 of 336...
Page 80 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 80 of 336...
Page 81: Configuration Files
11.3 Configuration files The table below lists common package configuration files that can be edited using uci commands. Other configuration files may also be present depending on the specific options available on the Virtual Access router. File Description Management /etc/config/autoload...
Page 82 It is important to note that identifiers and config file names may only contain the characters a-z, A-Z, 0-9 and _. However, option values may contain any character, as long they are properly quoted. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 82 of 336...
Page 83: Management Configuration Settings
12.2 Monitor Monitor is a Virtual Access proprietary tool, based on SNMP protocol, to monitor wide networks of deployed routers. The router will be configured to send information to Monitor, which is then stored and viewed centrally via the Monitor application. This includes features such as traffic light availability status, syslog and SLA monitoring.
Page 84: Autoload: Boot Up Activation
In the top menu, select Services ->Autoload. The Autoload page has two sections: Basic Settings and Entries. Click Add to access configuration settings for each section. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 84 of 336...
Page 85 Defines how many minutes to back off for if a download and all retires fail. After the backoff period, the entire autoload sequence UCI: autoload.main.BackoffTimer will start again. Opt: Backofftimer Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 85 of 336...
Page 86 Notifies activator sequence is complete. Opt: RemoteFilename $$ ini Request configuration $$ img Request firmware Note: $$.vas should always be requested last. Table 17: Information table for autoload _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 86 of 336...
Page 87: Autoload Using Uci
'core' 'main' option 'Enabled' "yes" option 'StartTimer' "10" option 'RetryTimer' "30" option 'NumberOfRetries' "5" option 'BackoffTimer' "15" option 'BootUsingConfig' "altconfig" option 'BootUsingImage' "altimage" config 'entry' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 87 of 336...
Page 88: Http Client: Configuring Activation Using The Web Interface
To configure HTTP Client for Activator, in the top menu, click Services -> HTTP Client. The HTTP Client page has two sections: Basic Settings and Advanced Settings. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 88 of 336...
Page 89 Opt: SecureDownload Disabled. Advanced settings Web: ActivatorDownloadPath Specifies the URL on Activator to which the client should send requests. UCI: httpclient.default.ActivatorDownloadPath /Activator/Sessionle ss/Httpserver.asp Opt: ActivatorDownloadPath Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 89 of 336...
Page 90: Httpclient: Activator Configuration Using Uci
Disabled. Opt: IgnoreServerCertificateStatus Table 18: Information table for HTTP client 12.8 Httpclient: Activator configuration using UCI root@VA_router:~# uci show httpclient httpclient.default=core httpclient.default.Enabled=yes httpclient.default.FileServer=10.1.83.36:80 10.1.83.37:80 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 90 of 336...
Page 91: Httpclient: Activator Configuration Using Package Options
PresentCertificateEnabled 'no' option ValidateServerCertificateEnabled 'no' option CertificateFile '/etc/httpclient.crt' option CertificateFormat 'PEM' option CertificateKey '/etc/httpclient.key' option ActivatorChunkyDownloadPath '/activator/partial/download' option ChunkSize '100k' option RateLimit '2' option CAFile ‘\’ _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 91 of 336...
Page 92: User Management Using Uci
Specifies SMS access permissions for the user. UCI: management_users.@user[x].smsuser Disabled. Opt: smsuser Enabled. Web: n/a Specifies linuxuser access permissions for the user. UCI: linuxuser Disabled. Opt: linuxuser Enabled. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 92 of 336...
Page 93: Configuring The Management User Password Using Uci
'$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw If you are changing the password using UCI, enter the new password in plain text using the password option. package management_users _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 93 of 336...
Page 94: User Management Using Uci
‘1’ option username ‘test’ option hashpassword ‘$1$XVzDHHPQ$SKK4geFonctihuffMjS4U0’ option webuser ‘1’ option linuxuser ‘1’ option papuser ‘0’ option chapuser ‘0’ option srpuser ‘0’ options smsuser ‘0’ _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 94 of 336...
Page 95: Configuring User Access To Specific Web
To specify monitor widgets only, enter: listallowed_pages 'monitor/<widgetname>' Example widget names are: dhcp, arp, 3gstats, interfaces, memory, multiwan, network, openvpn, routes, system, ipsec, dmvpn, tservd. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 95 of 336...
Page 96: Configuring An Ethernet Interface
To create and edit interfaces via the web interface, in the top menu, click Network -> Interfaces. The Interfaces overview page appears. Figure 53: The interfaces overview page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 96 of 336...
Page 97 To create a new interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 54: The create interface page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 97 of 336...
Page 98 'Bring up on boot', 'Monitor interface state', Override MAC address, Override MTU and 'Use gateway metric' Physical Settings Bridge interfaces, VLAN PCP to SKB priority mapping, Firewall settings Assign a firewall zone to the interface _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 98 of 336...
Page 99 Web: IPv6 gateway Assign given IPv6 default gateway to this interface (optional). UCI: network.<if name>.ip6gw Opt: ip6gw Table 21: Information table for LAN interface common configuration settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 99 of 336...
Page 100 Specifies the default route metric to use for this interface (optional). UCI: network.<if name>.metric Opt: metric Table 22: Information table for common configuration advanced settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 100 of 336...
Page 101 Socket buffer to VLAN priority code point mapping. Multiple priority mappings are entered with a space between them when UCI: network.<if using UCI. name>.vlan_qos_map_egress Example: network.<if name>. vlan_qos_map_egress =1:2 2:1 Opt: list vlan_qos_map_egress _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 101 of 336...
Page 102 IP aliasing is associating more than one IP address to a network interface. You can assign multiple aliases. 13.2.4.1 IP-alias packages Package Sections Network alias _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 102 of 336...
Page 103 The IP Aliases configuration options page appears. The IP-Alias is divided into two sub sections: general setup and advanced. 13.2.4.3 IP-aliases: general setup Figure 59: The IP-aliases general setup section _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 103 of 336...
Page 104 Note: this option is only available for interfaces with a static IP address. 13.2.5.1 DHCP server: packages Package Sections dhcp dhcp To assign a DHCP Server to the interface, click Setup DHCP Server. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 104 of 336...
Page 105 Defines the lease time of addresses handed out to clients, for example 12h or 30m. UCI: dhcp.@dhcp[x].leasetime 12 hours Opt: leasetime Range Table 27: Information table for DHCP server general setup page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 105 of 336...
Page 106: Interface Configuration Using Uci
13.3 Interface configuration using UCI The configuration files are stored on /etc/config/network, /etc/config/firewall and /etc/config/dhcp root@VA_router:~# uci show network ….. network.newinterface=interface network.newinterface.proto=static network.newinterface.ifname=eth0 network.newinterface.monitored=0 network.newinterface.ipaddr=2.2.2.2 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 106 of 336...
Page 107 13.3.1 Interface common configuration using package options The configuration files are stored on /etc/config/network, /etc/config/firewall and /etc/config/dhcp root@VA_router:~# uci export network package network …… config interface 'newinterface' option proto 'static' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 107 of 336...
Page 108 '100' option leasetime '12h' option limit '150' option interface 'newinterface' To change any of the above values use uci set command. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 108 of 336...
Page 109: Configuring Port Maps
Ethernet switch physical port to logical interface mappings, go to the Port Map section at Network->Interfaces. Figure 64: The Interface port map section _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 109 of 336...
Page 110 To change any of the above values use uci set command. 13.5.3 Configuring port map using package options The configuration files are stored on /etc/config/network root@VA_router:~# uci export network ….. config va_switch option eth0 'A' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 110 of 336...
Page 111: Interface Diagnostics
Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:385585 errors:0 dropped:0 overruns:0 frame:0 TX packets:385585 errors:0 dropped:0 overruns:0 carrier:0 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 111 of 336...
Page 112 Gateway Genmask Flags Metric Ref Iface 192.168.100.0 255.255.255.0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 112 of 336...
Page 113: Configuring Dhcp Server And Dns (Dnsmasq)
In the top menu, select Network -> DHCP and DNS. The DHCP and DNS page appears. There are three sections: Server Settings, Active Leases, and Static Leases. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 113 of 336...
Page 114 14: Configuring DHCP server and DNS (Dnsmasq) _______________________________________________________________________________________________________ Figure 65: The DHCP and DNS page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 114 of 336...
Page 115 Opt: list rebind_domain No list configured. Range Table 30: Information table for general server settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 115 of 336...
Page 116 Defines local host’s files. When using UCI multiple servers should be entered with a space between them. UCI: dhcp.@dnsmasq[0].addnhosts Opt: list addnhosts Table 31: Information table for resolv and host files section _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 116 of 336...
Page 117 Defines the filename of the boot image advertised to clients. This specifies BOOTP options, in most cases just the file name. UCI: dhcp.@dnsmasq[0].dhcp_boot Opt: dhcp_boot Table 32: Information table for TFTP settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 117 of 336...
Page 118 Enables disallow option for forwarding requests that cannot be answered by public name servers. Normally enabled for dial on UCI: dhcp.@dnsmasq[0].filterwin2k demand interfaces. Opt: filterwin2k Enabled. Disabled. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 118 of 336...
Page 119 Opt: dnsforwardmax Range Table 33: Information table for advanced settings 14.2.5 Active leases This section displays all currently active leases. Figure 69: The active leases section _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 119 of 336...
Page 120 Web: IPv4 Address The IPv4 address specifies the fixed address to use for this host.. UCI: dhcp.@host[0].ip Opt: ip Table 35: Information table for static leases _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 120 of 336...
Page 121: Configuring Dhcp And Dns Using Uci
2.2.2.2 dhcp.@dnsmasq[0].rebind domain=tes.domain dhcp.@dnsmasq[0].enable_tftp=0 dhcp.@dnsmasq[0].tftp_root=/tmp/tftp dhcp.@dnsmasq[0].dhcp_boot=boot.image dhcp.@dnsmasq[0].nonegcache=0 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 121 of 336...
Page 122 '1' option strictorder '1' list bogusnxdomain '1.1.1.1 ' list bogusnxdomain '2.2.2.2' option port '53' option dhcpleasemax '150' option ednspacket_max '1280' option dnsforwardmax '150' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 122 of 336...
Page 123: Configuring Dhcp Pools Using Uci
Range Web: n/a Defines the offset from the network address for the end of the DHCP pool UCI: dhcp.<pool_name>.limit Opt: limit Range 0 - 255 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 123 of 336...
Page 124: Configuring Static Leases Using Uci
'00:11:22:33:44:55' option name 'mypc' This adds the fixed IP address 192.168.1.2 and the name "mypc" for a machine with the (Ethernet) hardware address 00:11:22:33:44:55. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 124 of 336...
Page 125: Configuring Vlan
15: Configuring VLAN _______________________________________________________________________________________________________ 15 Configuring VLAN 15.1 Maximum number of VLANs supported Virtual Access’ routers support up to 4095 VLANs. 15.2 Configuration package used Package Sections Network 15.3 Configuring VLAN using the web interface 15.3.1 Create a VLAN interface To configure VLAN using the web interface, in the top menu, select Network - >Interfaces.
Page 126 Enter a name, for example eth0.100. This will assign VLAN 100 to the eth0 interface. Opt: ifname Table 37: Information table for the create interface page Click Submit. The Interfaces page for VLAN1 appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 126 of 336...
Page 127 The IPv4 address of the interface. This is optional if an IPv6 address is provided. UCI: network.VLAN1.ipaddr Opt: ipaddr Web: IPv4 netmask Subnet mask to be applied to the IP address of this interface. UCI: network.VLAN1.netmask Opt: netmask _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 127 of 336...
Page 128: Viewing Vlan Interface Settings
To view the new VLAN interface settings, in the top menu, select Network -> Interfaces. The Interfaces Overview page appears. The example below shows two VLAN interfaces configured. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 128 of 336...
Page 129: Configuring Vlan Using The Uci Interface
When specifying the ifname ensure that it is written in dotted mode, that is, eth1.100 where eth1 is the physical interface assigned to VLAN tag 100. Note: VLAN1 is, by default the native VLAN and will not be tagged. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 129 of 336...
Page 130: Qos: Vlan 802.1Q Pcp Tagging
16.1 Configuring VLAN PCP tagging Virtual Access routers have the capability to respect and set PCP priority values inside 802.1Q VLAN tagged frames. The following partial export of network configuration shows how to configure VLAN priorities for specific interfaces (VLANs).
Page 131 Any frames received on VLAN4 destined to VLAN2 with PCP priority set to 0 will • have a priority of 5 set as they leave the router on VLAN4. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 131 of 336...
Page 132 ‘vlan_qos_map_egress’ and are destined to tagged interface, 802.1Q tag will be created with a default priority of 0 and then the priority will be set according to the PCP value specified as the frames leave port. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 132 of 336...
Page 133: Qos: Type Of Service
17: QoS: type of service _______________________________________________________________________________________________________ 17 QoS: type of service Virtual Access routers are capable of implementing quality of service configurations on a per interface basis, which allows traffic prioritisation based on type of service criteria parameters. 17.1 QoS configuration overview...
Page 134 Table 39: Information table for QoS page To add classification rules, click Add. TheClassification Rules section appears. Configure each classification rule with the following parameters. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 134 of 336...
Page 135: Configuring Qos Using Uci
Each interface can have its own buffer. The interface section declares global characteristics of the connection on which the specified interface is communicating. The following options are defined within this section: _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 135 of 336...
Page 136 UCI: qos.Default.classes=Express Normal Specifies the list of names of classes which should be part of classgroup. Opt: classes qos.Default.default=Normal Defines which class is considered default. Opt: default _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 136 of 336...
Page 137 Defines to how many % of the available bandwidth this class is capped to. Opt: limitrate 17.4.4 Classify Classifiers match the traffic for desired class. config classify option target 'Express' option proto 'udp' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 137 of 336...
Page 138: Example Qos Configurations
'Express' option packetsize '1000' option maxsize '800' option avgrate '50' option priority '10' option limitrate '10' config classify option target 'Express' option proto 'udp' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 138 of 336...
Page 139: Configuring Static Routes
UCI: network.@route[0].target Opt: target Web: netmask Defines the route netmask. If omitted, 255.255.255.255 is assumed, which makes the target a host address. UCI: network.@route[0].netmask Opt: netmask _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 139 of 336...
Page 140: Configuring Ipv6 Routes Using The Web Interface
By default all routes are named ‘route’, it is identified by @route then the route’s position in the package as a number. For example, for the first route in the package using UCI: network.@route[0]=route network.@route[0].interface=lan _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 140 of 336...
Page 141: Ipv4 Routes Using Uci
The command line example routes in the subsections below do not have a configured name. root@VA_router:~# uci show network network.@route[0]=route network.@route[0].interface=lan network.@route[0].target=3.3.3.10 network.@route[0].netmask=255.255.255.255 network.@route[0].gateway=10.1.1.2 network.@route[0].metric=3 network.@route[0].mtu=1400 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 141 of 336...
Page 142: Ipv4 Routes Using Package Options
IPv6 routes using packages options root@VA_router:~# uci export network package network …. config route option interface 'lan' option target '2001:0DB8:100:F00:BA3::1/64' option gateway '2001:0DB8:99::1' option metric ‘1’ option mtu '1500' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 142 of 336...
Page 143: Static Routes Diagnostics
Gateway Genmask Flags Metric Ref Iface 192.168.100.0 255.255.255.0 eth0 Note: a route will only be displayed in the routing table when the interface is up. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 143 of 336...
Page 144: Configuring Bgp (Border Gateway Protocol)
In the top menu, select Network -> BGP. BGP configuration page appears. The page has three sections: Global Settings, BGP Neighbours and BGP Route Map. Figure 79: The BGP page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 144 of 336...
Page 145 Type in a name for the BGP route map name and then click Add. The ROUTEMAP configuration section appears. You can configure multiple route maps. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 145 of 336...
Page 146 Defines the set value when a match occurs. Value format depends on the set option you have selected. UCI: bgpd.ROUTEMAP.set Opt: set Table 44: Information table for routemap _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 146 of 336...
Page 147: Configuring Bgp Using Uci
You can also configure BGP using UCI. The configuration file is stored on /etc/config/bgpd root@VA_router:~# uci show bgpd bgpd.bgpd=routing bgpd.bgpd.enabled=yes bgpd.bgpd.router_id=3.3.3.3 bgpd.bgpd.asn=1 bgpd.bgpd.network=11.11.11.0/29 192.168.103.1/32 bgpd.@peer[0]=peer bgpd.@peer[0].route_map_in=yes bgpd.@peer[0].ipaddr=11.11.11.1 bgpd.@peer[0].asn=1 bgpd.@peer[0].route_map=ROUTEMAP bgpd.ROUTEMAP=routemap _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 147 of 336...
Page 148: Configuring Bgp Using Packages Options
'ROUTEMAP' config routemap 'ROUTEMAP' option order '10' option permit 'yes' option match_type 'ip address' option match '192.168.101.1/32' option set_type 'ip next-hop' option set '192.168.101.2/32' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 148 of 336...
Page 149: View Routes Statistics
To view routes via the command line, enter: root@support:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Iface 10.1.0.0 0.0.0.0 255.255.0.0 0 br- lan2 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 149 of 336...
Page 150: Configuring A Mobile Connection
To create a new mobile interface, in the Interface Overview section, click Add new interface. The Create Interface page appears. In the examples below 3G has been used for the interface name. Figure 84: The create interface page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 150 of 336...
Page 151 Set up more in-depth features such as initionalization timeout, LCP echo failure thresholds and inactivity timeouts. Firewall settings Assign a firewall zone to the connection. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 151 of 336...
Page 152 Allows GSM module to only connect to lte network cdma Allows GSM module to only connect to cdma network auto GSM module will automatically detect the best available technology code. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 152 of 336...
Page 153 The Modem Configuration link at the bottom of the page is used for SIM pin code and SMS configuration. For more information, read the chapter ‘Configuring mobile manager’. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 153 of 336...
Page 154 20: Configuring a mobile connection _______________________________________________________________________________________________________ 20.2.1.2 Mobile interface: advanced settings Figure 86: The advanced settings tab _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 154 of 336...
Page 155 Web: Inactivity timeout Close inactive connection after the given amount of seconds, use 0 to persist connection. UCI: network.3G.demand Do not disconnect on inactivity Opt: demand Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 155 of 336...
Page 156: Configuring A Mobile Connection Using Cli
Configuring a mobile connection using CLI 20.3.1 UCI To establish a basic mobile connection, enter: root@VA_router:~# uci show network network.3G=interface network.3G.proto=3g network.3G.monitored=0 network.3G.sim=any network.3G.auto=1 network.3G.defaultroute=1 network.3G.service=autonetwork.3G.apn=test.apn network.3G.username=username network.3G.password=password _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 156 of 336...
Page 157: Diagnositcs
To view mobile connectivity information, in the top menu, select Status -> Mobile Stats. The Mobile/3G Information page appears. Figure 88: The mobile stats page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 157 of 336...
Page 158 Home network mobile.3g_1_1_1.reg_code_pkt=1 mobile.3g_1_1_1.area=FFFE mobile.3g_1_1_1.cell=189150A mobile.3g_1_1_1.tech=7 mobile.3g_1_1_1.technology=E-UTRAN mobile.3g_1_1_1.operator=0,0,"Vodafone",7 mobile.3g_1_1_1.sim1_iccid=89460127120912066226 mobile.3g_1_1_2.sim_slot=1 mobile.3g_1_1_2.sim_in=yes mobile.3g_1_1_2.operator="Vodafone" mobile.3g_1_1_2.cdma_roaming=Not Roaming mobile.3g_1_1_2.cdma_roaming_code=0 mobile.3g_1_1_2.cdma_srvmode=EVDO Rev B mobile.3g_1_1_2.cdma_srvmode_code=5 mobile.3g_1_1_2.cdma_total_drc=0.0 kbps mobile.3g_1_1_2.cdma_carr_cnt=2 mobile.3g_1_1_2.cdma_rx0=78 mobile.3g_1_1_2.sig_dbm=nan mobile.3g_1_1_2.cdma_rx1=105 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 158 of 336...
Page 159: Configuring Mobile Manager
Roaming template 21.2 Configuring mobile manager using the web interface Select Services -> Mobile Manager. The Mobile Manager page appears. Figure 89: The mobile manager page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 159 of 336...
Page 160 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 49: Information table for mobile manager basic settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 160 of 336...
Page 161 5 channel number Web: Primary Channel B Allows the primary channel (B) to be changed UCI: mobile.main.cdma_primary_channel_b Default Opt: cdma_primary_channel_b 1-2016 any band class 5 channel number _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 161 of 336...
Page 162: Configuring Mobile Manager Using Uci
_____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 162 of 336...
Page 163: Configuring A Roaming Interface Template Via The Web Interface
To monitor via the web browser, login and select Status >system log. Scroll to the bottom of the log to view the SMS message. Figure 90: Example of output from system log _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 163 of 336...
Page 164: Sending Sms From The Router
An example would be to SMS the SIM card number by typing the following command on the phone and checking the SMS received from the router. uci show mobile.@caller[0].number _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 164 of 336...
Page 165: Configuring Multi-Wan
22.2 Configuring Multi-WAN using the web interface In the top menu, select Network -> Multi-Wan. The Multi-WAN page appears. Figure 91: The multi-WAN page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 165 of 336...
Page 166 In the WAN interfaces section, enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 166 of 336...
Page 167 22: Configuring Multi-WAN _______________________________________________________________________________________________________ Figure 92: Example interface showing failover traffic destination as the added multi-WAN interface _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 167 of 336...
Page 168 Opt: health_recovery_retries Range Web: Priority Specifies the priority of the interface. The higher the value, the higher the priority. UCI: multiwan.wan.priority Opt: priority Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 168 of 336...
Page 169 Tech values are: GSM Compact UTRAN GSM w/EGPRS UTRAN w/HSPDA UTRAN w/HSUPA UTRAN w/HSUPA and HSDPA E-UTRAN Table 52: Information table for multi-WAN interface page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 169 of 336...
Page 170: Multi-Wan Traffic Rules
'3' option health_recovery_retries '5' option priority '2' option manage_state 'yes' option exclusive_group '0' option ifup_retry_sec '40' option icmp_hosts 'disable' option icmp_interval ‘1’ option timeout ‘3’ _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 170 of 336...
Page 171: Multi-Wan Diagnostics
The multi-WAN package is linked to the network interfaces within /etc/config/network. Note: multi-WAN will not work if the WAN connections are on the same subnet and share the same default gateway. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 171 of 336...
Page 172 '0' option ifup_retry_sec '300' option ifup_timeout_sec '40' The following output shows the multi-WAN standard stop/start commands for troubleshooting. root@VA_router:~# /etc/init.d/multiwan Syntax: /etc/init.d/multiwan [command] _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 172 of 336...
Page 173 CLI). Enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters will appear. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 173 of 336...
Page 174: Automatic Operator Selection
23 Automatic operator selection This section describes how to configure and operate the Automatic Operator Selection feature of a Virtual Access router. When the roaming SIM is connected, the radio module has the ability to scan available networks. The router, using mobile and multi-WAN packages, finds available networks to create and sort interfaces according to their signal strength.
Page 175 23.2.1.3 Create a primary predefined interface In the web interface top menu, go to Network ->Interfaces. The Interfaces page appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 175 of 336...
Page 176 Type the short operator name in lower case, for example: Operator name First four alphanumeric numbers Vodafone UK voda O2 – UK o2uk Orange oran _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 176 of 336...
Page 177 UCI: network.[..x..].ifname Opt: ifname Table 53: Information table for the create interface page Click Submit. The Common Configuration page appears. Figure 96: The common configuration page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 177 of 336...
Page 178 Click the link if you need to configure additional options from Mobile Manager. UCI: N/A Opt: N/A Table 54: Information table for the general set up section Click Save & Apply. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 178 of 336...
Page 179 On the web interface go to Network ->Multi-Wan. The Multi-WAN page appears. Figure 97: The multi-WAN page In the WAN Interfaces section, type in the name of the Multi-WAN interface. Click Add. The Multi-WAN page appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 179 of 336...
Page 180 Opt: alt Enabled. Web: WAN Interfaces Provide the same interface name as chosen in multiwan section below and click Add. UCI: multiwan.3g_s<sim- number>_<short-operator-name> Opt: 3g_s<sim-number>_<short- operator-name> _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 180 of 336...
Page 181 Range Web: Exclusive Group Defines the group to which the interface belongs, only one interface can be active. UCI: multiwan.[..x..].exclusive_group Opt: exclusive_group Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 181 of 336...
Page 182 23.2.2 Set options for automatically created interfaces (failover) From the top menu on the web interface page, select Services ->Mobile Manager. The Mobile Manager page appears. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 182 of 336...
Page 183 Web: HDR Auto User ID AN-PPP user ID. Supported on Cellient (CDMA) modem only. UCI: mobile.main.hdr_userid Opt: hdr_userid Table 56: Information table for mobile manager basic settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 183 of 336...
Page 184 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 57: Information table for caller settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 184 of 336...
Page 185 23: Automatic operator selection _______________________________________________________________________________________________________ 23.2.3 Roaming interface template Figure 100: The roaming interface template page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 185 of 336...
Page 186 Sets ping timeout in seconds. Choose the time in seconds that the health monitor ICMP will timeout at. Opt: timeout Wait 3 seconds for ping reply Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 186 of 336...
Page 187 23.2.4 Scenario 2: PMP + roaming: pre-empt disabled As in the previous section, multi-WAN connects the PMP interface and uses auto created interfaces for failover. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 187 of 336...
Page 188 In the top menu, select System -> Reboot. The System Reboot page appears. Figure 103: The system reboot page Check the Reboot now check box and then click Reboot. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 188 of 336...
Page 189 Web: PIN code for SIM2 Depending on the SIM card specify the pin code for UCI: mobile.main.sim2pin SIM 2. Opt: sim2pin blank range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 189 of 336...
Page 190 If checked, the router will return an SMS. Select Respond if you want the router to reply. UCI: mobile.@caller[0].respond Disabled. Opt: respond Enabled. Table 60: Information table for mobile manager caller settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 190 of 336...
Page 191 Web: Firewall Zone Adds all generated interfaces to this zone. UCI: Select existing zone or click unspecified or create to create a new mobile.@roaming_template[0].firewall_zo zone. Opt: firewall_zone _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 191 of 336...
Page 192 This field is not used for a roaming template. UCI: mobile.@roaming_template[0].health_rec overy_retries Opt: health_recovery_retries Web: Priority Type the priority number. The higher the value, the higher the priority. UCI: mobile.@roaming_template[0].priority Opt: priority range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 192 of 336...
Page 193 UCI: multiwan.config.alt Leave this option unselected. Opt: alt Disabled. Enabled. Table 62: Information table for multi-WAN operation _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 193 of 336...
Page 194: Configuring Via Uci
'test' option password 'test' option sim '1' option operator 'vodafone IE' To view uci commands, enter: root@VA_router:~# uci show network network.loopback=interface network.loopback.ifname=lo network.loopback.proto=static network.loopback.ipaddr=127.0.0.1 network.loopback.netmask=255.0.0.0 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 194 of 336...
Page 195 'wan' option apn 'test IE' option username 'test' option password 'test' option service 'umts' option health_interval '4' option icmp_hosts 'disable' option timeout 'disable' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 195 of 336...
Page 196 IE mobile.@roaming_template[0].username=test mobile.@roaming_template[0].password=test mobile.@roaming_template[0].service=umts mobile.@roaming_template[0].health_interval=4 mobile.@roaming_template[0].icmp_hosts=disable mobile.@roaming_template[0].timeout=disable mobile.@roaming_template[0].health_fail_retries=3 mobile.@roaming_template[0].signal_threshold=-95 mobile.@roaming_template[0].priority=5 mobile.@roaming_template[0].ifup_retry_sec=120 mobile.@roaming_template[0].ifup_timeout_sec=180 mobile.@roaming_template[0].defaultroute=yes mobile.@roaming_template[0].sort_sig_strength=yes _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 196 of 336...
Page 197 To view the uci command of package multiwan, enter: root@VA_router:~# uci show multiwan multiwan.config=multiwan multiwan.config.enabled=1 multiwan.config.preempt=1 multiwan.main_voda=interface multiwan.main_voda.health_fail_retries=3 multiwan.main_voda.health_interval=3 multiwan.3g_s1_voda.timeout=1 multiwan.3g_s1_voda.icmp_hosts=disable multiwan.3g_s1 main _voda.priority=10 multiwan.3g_s1_voda.exclusive_group=3g multiwan.3g_s1_voda.signal_threshold=-95 multiwan.3g_s1_voda.ifup_retry_sec=350 multiwan.3g_s1_voda.ifup_timeout_sec=180 multiwan.3g_s1_voda.manage_state=1 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 197 of 336...
Page 198: Configuring No Pmp + Roaming Using Uci
'test IE' option username 'test' option password 'test' option service 'umts' option health_fail_retries '2' option signal_threshold '-100' option priority '5' option ifup_timeout_sec '180' option defaultroute 'yes' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 198 of 336...
Page 199 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 199 of 336...
Page 200: Automatic Operator Selection Diagnostics Via The Web Interface
To check interfaces created in the Multi-WAN package, from the top menu, select Network -> Multi-WAN. To check interfaces that have been created in the network package, from the top menu, select Network -> Interfaces. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 200 of 336...
Page 201 Status. The Interface Status page appears. Scroll down to the bottom of the page to view Multi-WAN Stats. Figure 107: The status page: multi-WAN status section page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 201 of 336...
Page 202: Automatic Operator Selection Diagnostics Via Uci
/var/const_state/multiwan Figure 108: Example of output from the command: cat /var/const_stat/multiwan To check interfaces created in the network package, enter: root@VA_router:~# cat /var/const_state/network _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 202 of 336...
Page 203 23: Automatic operator selection _______________________________________________________________________________________________________ Figure 109: Example of output from the command cat /var/const_state/network _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 203 of 336...
Page 204 To check the status of the interface you are currently using, enter: root@VA_router:~# cat /var/const_state_/mobile Figure 110: Example of output from the command cat /vat/const_state_/mobile _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 204 of 336...
Page 205: Configuring Ipsec
If you need to create an IPSec template for DMVPN, read the chapter ‘Dynamic Multipoint Virtual Private Network (DMVPN)’. The number of IPSec tunnels supported by Virtual Access’ routers is not limited in any way by software; the only hardware limitation is the amount of RAM installed on the device.
Page 206 Table 63: Information table for IPSec common settings 24.2.2 Common settings: configure connection Figure 112: The configuring IPSec settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 206 of 336...
Page 207 Connection uses transport mode. pass Connection does not perform any IPSec processing. drop Connection drops all the packets. Table 64: Information table for connection settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 207 of 336...
Page 208 Defines the IP address of LAN serviced by remote peer. UCI: strongswan.@connection[X]. remotelan Opt:remotelan Web: Remote LAN IP Address Mask Defines the Subnet of remote LAN. UCI: strongswan.@connection[X]. remotelanmask Opt:remotelanmask _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 208 of 336...
Page 209 Using extended authentication and preshared key. never Can be used if negotiation is never to be attempted or accepted (shunt connections). Table 65: Information table for IP addressing settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 209 of 336...
Page 210 3des aes128 aes256 serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is aes128-sha-modp1536. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 210 of 336...
Page 211 UCI: strongswan.@connection[X].keyringtries for one, before giving up. The value %forever means 'never Opt: keyringtries give up'. Relevant only locally, other end need not agree on _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 211 of 336...
Page 212 Defines whether IP address or userfqdn is used. UCI: strongswan.@secret[X].idtype Opt: idtype Web: ID selector Defines the local address this secret applies to. UCI: strongswan.@secret[X].localaddress Opt: localaddress _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 212 of 336...
Page 213: Configuring Ipsec Using Uci
This will create the following output: config general 'general' option enabled 'yes' option strictcrlpolicy 'no' option uniqueids 'yes' option cachecrls 'no' option debug 'none' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 213 of 336...
Page 214 This will create the following output: config connection option ikelifetime '3h' option keylife '1h' option rekeymargin '9m' option keyingtries '3' option dpddelay '30s' option dpdtimeout '150s' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 214 of 336...
Page 215 This will create the following output: config connection _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 215 of 336...
Page 216 'secret' If xauth is defined as the authentication method then you must include an additional config secret section, as shown in the example below. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 216 of 336...
Page 217: Configuring An Ipsec Template For Dmvpn Via The Web Interface
Control the overall behaviour of strongSwan. This behaviour is common across all tunnels. Connection Settings Together, these sections define the required parameters for a two-way IKEv1 tunnel. Secret Settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 217 of 336...
Page 218 Debug enabled. Most verbose logging also includes sensitive information such as keys. Table 68: Information table for IPSec common settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 218 of 336...
Page 219 Remote Id • Local LAN IP Address • Local LAN IP Address Mask • Remote LAN IP Address • Remote LAN IP Address Mask • _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 219 of 336...
Page 220 24: Configuring IPSec _______________________________________________________________________________________________________ Figure 117: The connections settings section _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 220 of 336...
Page 221 UCI: strongswan.@connection[X]. Leave blank for DMVPN. remotelanmask Opt:remotelanmask Web: Local Protocol Restricts the connection to a single protocol on the local side. UCI: strongswan.@connection[X].localproto Opt: localproto _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 221 of 336...
Page 222 3des aes128 aes256 serpent twofish blowfish authAlgo: sha2 DHGroup: modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example, a valid IKE algorithm is: aes128-sha-modp1536. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 222 of 336...
Page 223 UCI: one, before giving up. The value %forever means 'never give strongswan.@connection[X].keyringtries up'. Relevant only locally, other end need not agree on it. Opt: keyringtries _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 223 of 336...
Page 224 Defines the local address this secret applies to. UCI: strongswan.@secret[X].localaddress Opt: localaddress Web: ID selector Defines the remote address this secret applies to. UCI: strongswan.@secret[X]. remoteaddress Opt: remoteaddress _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 224 of 336...
Page 225: Configuring An Ipsec Template To Use With Dmvpn
_____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 225 of 336...
Page 226 '30s' option keyingtries '%forever' option dpdaction 'hold' option dpddelay '30s' option dpdtimeout '150s' config secret option enabled 'yes' option secrettype 'psk' option secret 'secret' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 226 of 336...
Page 227: Ipsec Diagnostics Using The Web Interface
10.68.234.133/32[gre] === 192.168./32[gre] dmvpn_89_101_154_151{1}: INSTALLED, TRANSPORT, ESP in UDP SPIs: cca7b970_i d874dc90_o dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 89.101.154.151/32[gre] To view a list of IPSec commands, enter: root@VA_router:~# ipsec –help _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 227 of 336...
Page 228: Configuring Firewall
The General Zone, or defaults, section declares global firewall settings that do not belong to any specific zones. These default rules take effect last and more specific rules take effect first. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 228 of 336...
Page 229 Rejected packets are blocked by the firewall and ICMP message is returned to the source host. Drop Dropped packets are blocked by the firewall. Table 71: Information table for general settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 229 of 336...
Page 230 Reject Rejected packets are blocked by the firewall and ICMP message is returned to the source host. Drop Dropped packets are blocked by the firewall. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 230 of 336...
Page 231 Defines protocol family (ipv4, ipv6 or any) to generate iptables rules for. UCI: firewall.<zone label>.family Opt: family Table 72: Information table for firewall zone settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 231 of 336...
Page 232 Opt: log Web: Limit log messages Limits the amount of log messages per interval. UCI: firewall.<zone label>.log_limit Opt: log_limit Table 73: Information table for zone settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 232 of 336...
Page 233 Note: the rules generated for forwarding traffic between zones relay connection tracking to be enabled on at least one of the source or destination zones. This can be enabled through the conntrack option or through masq. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 233 of 336...
Page 234 Web: Internal IP address Specifies the internal (LAN) IP address for the traffic to be redirected UCI: firewall.<redirect label>.dest_ip Opt: dest_ip _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 234 of 336...
Page 235 NAT loopback (reflection). Figure 125: The firewall – port forwards – forward edits page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 235 of 336...
Page 236 25.2.4 Firewall traffic rules Rules can be defined to allow or restrict access to specific ports, hosts or protocols. Figure 126: The firewall traffic rules page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 236 of 336...
Page 237 For DNAT, redirects matched incoming traffic to the specified internal host. UCI: firewall.<rule label>.dest_ip For SNAT, matches traffic directed at the given address. Opt: dest_ip _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 237 of 336...
Page 238 Table 78: Information table for match ICMP type drop-down menu _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 238 of 336...
Page 239 Extra arguments to pass to iptables, this is mainly useful to specify additional match options, like -m policy --dir in for IPSec. Table 79: Information table for custom rules commands _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 239 of 336...
Page 240: Configuring Firewall Using Uci
25.3.3 Inter-zone forwarding To enable forwarding of traffic from WAN to LAN, enter: uci add firewall forwarding uci set firewall.@forwarding[1].dest=wan uci set firewall.@forwarding[1].src=lan _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 240 of 336...
Page 241 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 241 of 336...
Page 242: Ipv6 Notes
(DoS). _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 242 of 336...
Page 243: Connection Tracking
ACCEPT option proto This example enables machines on the internet to use SSH to access your router. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 243 of 336...
Page 244 When used alone, Source NAT is used to restrict a computer's access to the internet, but allows it to access a few services by manually forwarding what appear to be a few local _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9...
Page 245 The following rule blocks all connection attempts from the client to the internet. config rule option src option dest option src_mac 00:00:00:00:00:00 option target REJECT _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 245 of 336...
Page 246 Vlan12 interface in the network file. When reverse path filtering mechanism is enabled, the router will check whether a receiving packet source address is routable. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 246 of 336...
Page 247 !192.168.1.100 option src_dport option dest_ip 192.168.1.100 option dest_port 3128 option target DNAT config redirect option dest option proto _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 247 of 336...
Page 248 ACCEPT For some configurations you also have to open port 500/UDP. # ISAKMP protocol config rule option src option dest option proto option src_port _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 248 of 336...
Page 249 To see the rules as they are executed, run the fw command with the FW_TRACE environment variable set to 1 (one): root@VA_router:/# FW_TRACE=1 fw reload _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 249 of 336...
Page 250 25: Configuring firewall _______________________________________________________________________________________________________ To direct the output to a file for later inspection, enter: root@VA_router:/# FW_TRACE=1 fw reload 2>/tmp/iptables.lo _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 250 of 336...
Page 251: Configuring Snmp
Configuring SMNP using the web interface In the top menu, select Services -> SNMP. The SNMP Service page appears. 26.2.1 System and agent settings Figure 128: The SNMP service page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 251 of 336...
Page 252 Map community names into security names based on the community name and the source subnet. Use the first source/community combination that matches the incoming packet. Figure 129: The COM2Sec settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 252 of 336...
Page 253 Web: Security Name An already defined security name that is being included in this group. UCI: snmpd.group[x].secname Opt: secname Table 82: Information table for group settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 253 of 336...
Page 254 Access settings map from a group of users/communities, in a specific context and with a particular SNMP version and minimum security level, to one of three views, depending on the request being processed. Figure 132: The access settings section _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 254 of 336...
Page 255 26.2.6 Trap receiver Trap receiver settings define a notification receiver that should be sent SNMPv1 TRAPs and SNMPv2c TRAP2. Figure 133: The trap receiver settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 255 of 336...
Page 256: Configuring Snmp Using Command Line
26.3 Configuring SNMP using command line The configuration files are stored on /etc/config/snmpd 26.3.1 System settings using UCI root@VA_router:~# uci show snmpd snmpd.system=system snmpd.system.sysLocation=Office 123 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 256 of 336...
Page 257 Note: the security names of “ro” and “rw” here are simply names – the fact of a security name having read only or read-write permissions is handled in the access section and dealt with at a group granularity. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 257 of 336...
Page 258 Similarly, requests from the security name “rw” in all protocols are mapped to the “private” group. 26.3.4.1 Group settings using UCI snmpd.grp_1_v1=group snmpd.grp_1_v1.version=v1 snmpd.grp_1_v1.group=public snmpd.grp_1_v1.secname=ro snmpd.grp_1_v2c=group snmpd.grp_1_v2c.version=v2c snmpd.grp_1_v2c.group=public snmpd.grp_1_v2c.secname=ro snmpd.grp_1_usm=group snmpd.grp_1_usm.version=usm snmpd.grp_1_usm.group=public _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 258 of 336...
Page 259 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 259 of 336...
Page 260 'rw' config 'group' 'private_v2c' option group 'private' option version 'v2c' option secname 'rw' config 'group' 'private_usm' option group 'private' option version 'usm' option secname 'rw' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 260 of 336...
Page 261 'access' 'public_access' option group 'public' option context 'none' option version 'any' option level 'noauth' option prefix 'exact' option read 'all' option write 'none' option notify 'none' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 261 of 336...
Page 262 # for SNMPv2c inform request receiver config informreceiver option host 'IPADDR[:PORT]' option community 'COMMUNITY STRING' An additional option was added to the 'agent' subsection: option authtrapenabled '0|1 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 262 of 336...
Page 263: Configuring Vrrp
To configure VRRP through the web interface, in the top menu, select Network -> VRRP. The VRRP page appears. To access configuration settings, click ADD. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 263 of 336...
Page 264 Sets the VRRP router ID (1 to 255). All co-operating VRRP routers serving the same LAN must be configured with the same UCI: vrrp.g1.router_id router ID. Opt: router_id Range 1-255 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 264 of 336...
Page 265: Configuring Vrrp Using Uci
'lan' option init_state 'BACKUP' option router_id '1' option priority '115' option advert_int_sec '2' option password 'secret' option virtual_ipaddr '10.1.10.150/16' option garp_delay_sec '5' option ipsec_connection 'Test' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 265 of 336...
Page 266 To change any of the above values use uci set command. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 266 of 336...
Page 267: Dynamic Multipoint Virtual Private Network (Dmvpn)
New hubs can be added to the network to improve the performances and reliability. Ability to carry multicast and main routing protocols traffic (RIP, OSPF, BGP). • DMVPN can be deployed using Activator, the Virtual Access automated • provisioning system. Simplifies branch communications by enabling direct branch to branch •...
Page 268: Dmvpn Scenarios
Then it initiates VPN IPSec connection to spoke2. When an IPSec tunnel is established, spoke1 and spoke2 can send traffic directly • to each other. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 268 of 336...
Page 269 Note: if an IPSec tunnel fails to be established between the spokes then packets between the spokes are sent via the hub. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 269 of 336...
Page 270: Configuration Packages Used
Selects the IPSec connection, defined in strongSwan, to be used as a template. UCI: dmvpn.common.ipsec_template_name Opt: ipsec_template_name Table 88: Information table for DMVPN general settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 270 of 336...
Page 271 Table 89: Information table for DMVPN hub settings 28.5.3 Configuring an IPSec template for DMVPN using the web interface Configuring an IPSec template is covered in the chapter ‘Configuring IPSec’. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 271 of 336...
Page 272: Dmvpn Diagnostics
Type: local Protocol-Address: 11.11.11.7/32 Alias-Address: 11.11.11.3 Flags: up Interface: gre-GRE Type: local Protocol-Address: 11.11.11.3/32 Flags: up Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 272 of 336...
Page 273 10.68.234.133[10.68.234.133]...89.101.154.151[89.101.154.151] dmvpn_89_101_154_151{1}: REKEYING, TRANSPORT, expires in 55 seconds dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 192.168./32[gre] dmvpn_89_101_154_151{1}: INSTALLED, TRANSPORT, ESP in UDP SPIs: cca7b970_i d874dc90_o dmvpn_89_101_154_151{1}: 10.68.234.133/32[gre] === 89.101.154.151/32[gre] _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 273 of 336...
Page 274 Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 Flags: used up Expires-In: 0:18 Interface: gre-GRE Type: static Protocol-Address: 11.11.11.1/29 NBMA-Address: 89.101.154.151 Flags: up _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 274 of 336...
Page 275: Configuring Terminal Package
Opt: flowcontrol Enabled. Table 91: Information table for terminal settings 29.3 Configuring Terminal package using UCI root@VA_router:~# uci show terminal terminal.ttySC0=terminal terminal.ttySC0.enabled=1 terminal.ttySC0.device=ttySC0 terminal.ttySC0.speed=115200 terminal.ttySC0.type=vt100 terminal.ttySC0.flowcontrol=1 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 275 of 336...
Page 276: Configuring Terminal Server Using Package Options
/etc/inittab ::sysinit:/etc/init.d/rcS S boot ::shutdown:/etc/init.d/rcS K stop ttyLTQ0::askfirst:getty -L 115200 ttyLTQ0 vt100 ttyLTQ1::askfirst:getty -L 115200 ttyLTQ1 vt100 ttySC0::respawn:getty -h -L 115200 ttySC0 vt100 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 276 of 336...
Page 277: Configuring Terminal Server
Configuration page appears. You must configure two main sections: Main Settings and Port Settings. 30.3.1 Configure main settings Figure 142: The terminal server main settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 277 of 336...
Page 278 30.3.2.1 Port settings: general section In this section you can configure general port settings. The settings are usually the same for the central and the remote site. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 278 of 336...
Page 279 Web: Serial Forwarding Timeout (ms) Forwarding timeout in milliseconds (network to serial). UCI: tservd.@port[0]. sfwd_timeout Set to 0 to forward to serial immediately. Opt: sfwd_timeout 20 ms Range 0-10000 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 279 of 336...
Page 280 Note: • The displayed settings vary depending on options selected. DTR <--> DSR signalling is not available on GW2028 router models. • _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 280 of 336...
Page 281 30: Configuring Terminal Server _______________________________________________________________________________________________________ Figure 144: The serial section fields (portmode RS232 and usb serial disabled) _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 281 of 336...
Page 282 In RS232 half-duplex mode, time in milliseconds between raising RTS and enabling the transmitter. For use with externally UCI: tservd.@port[0].rts_timeout connected V.23 modem. Opt: rts_timeout 30ms Range _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 282 of 336...
Page 283 Opt: dtr_control_mode port is closed. DTR always on. DTR always off. DTR controlled by the application ontx In HDLC mode DTR is on during frame transmission. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 283 of 336...
Page 284 UCI: tservd.@port[0].dce_tclk_inv Normal. Opt: dce_tclk_inv Invert. Web: Dual X.21 card DCE RCLK Invert Enables X.21 DCE RCLK signal inversion. UCI: tservd.@port[0].dce_rclk_inv Normal. Opt: dce_rclk_inv Invert. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 284 of 336...
Page 285 In this section you can configure the network side of the Terminal Server. Note: the displayed settings vary depending on options selected. Figure 145: The port settings network fields (TCP server mode) _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 285 of 336...
Page 286 UCI: Set to 0 to use kernel defaults. Only displayed if Transport Mode tservd.@port[0].tcp_user_timeout is TCP. Opt: tcp_user_timeout 20000 20 seconds Range 0-65535 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 286 of 336...
Page 287: Terminal Server Using Uci
Table 95: Information table for port settings network section 30.4 Terminal Server using UCI root@VA_router:~# uci show tservd tservd.main=tservd tservd.main.log_severity=0 tservd.main.debug_rx_tx_enable=1 tservd.main.debug_ev_enable=1 tservd.@port[0]=port tservd.@port[0].devName=/dev/ttySC0 tservd.@port[0].remote_ip1=0.0.0.0 tservd.@port[0].remote_ip2=0.0.0.0 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 287 of 336...
Page 288: Terminal Server Using Package Options
TxBlocked (0) TCP Bytes Rx (0) Tx (0) UDP Datagrams Rx (0) Tx (0) TxErrs (0) UDP Bytes Rx (0) Tx (0) Up (0) Down (0) _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 288 of 336...
Page 289 - clear USB serial card statistics tserv start userial rxlog - start USB serial card rx log tserv show userial rxlog <offs> <length> - show USB serial card rx log _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 289 of 336...
Page 290 - show USB serial card CPLD programming status tserv upgrade userial - initiate upgrade of the USB serial card tserv quit - terminate termserv process _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 290 of 336...
Page 291: Configuring A Gre Interface
DHCP or PPP to dial into the provider network. In the Interface Overview section, click Add new interface. The Create Interface page appears. Figure 146: The create interface page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 291 of 336...
Page 292 IP address, TTL, tunnel key and MTU. Advanced Settings 'Bring up on boot' and 'monitor interface state' settings. Firewall settings Assign a firewall zone to the connection. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 292 of 336...
Page 293 Subnet mask, in CIDR notation, to be applied to the tunnel. Typically '30' for point-to-point tunnels. UCI: network.<if name>.mask_length Opt: mask_length Range 0 - 30 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 293 of 336...
Page 294 UCI: network.<if name>.mtu 1472 Opt: mtu Range Table 97: Information table for GRE 31.2.2 GRE connection: common configuration-advanced settings Figure 148: GRE advanced settings page _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 294 of 336...
Page 295 After you have configured the GRE interface, you must configure a static route to route the desired traffic over the GRE tunnel. To do this, browse to Network->Static Routes. For more information, read the chapter ‘Configuring Static Routes’. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 295 of 336...
Page 296: Gre Configuration Using Command Line
‘172.255.255.100’ option ttl '128' option key '1234' option mtu '1472' option auto ‘1’ To change any of the above values use uci set command. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 296 of 336...
Page 297: Gre Diagnostics
UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1465 errors:0 dropped:0 overruns:0 frame:0 TX packets:1465 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:166202 (162.3 KiB) TX bytes:166202 (162.3 KiB) _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 297 of 336...
Page 298 255.255.255.248 U gre-Tunnel1 172.19.101.3 13.13.13.1 255.255.255.255 UGH gre-Tunnel1 Note: a GRE route will only be displayed in the routing table when the interface is up. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 298 of 336...
Page 299: Configuring Multicasting Using Pim And Igmp Interfaces
To configure PIM through the web interface, in the top menu, select Network -> PIM. The PIM page appears. To access the Global settings, click Add. Figure 150: The global settings interface _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 299 of 336...
Page 300 Enable SSM on given interface. UCI: pimd.interface[x].ssm Disabled. Opt: ssm Enabled. Table 100: Information table for interface settings To save your configuration updates, click Save & Apply. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 300 of 336...
Page 301: Configuring Pim And Igmp Using Uci
'yes' option igmp 'no' Alternatively, enter: uci show pimd root@VA_router:/etc/config1# uci show pimd pimd.pimd=routing pimd.pimd.enabled=yes pimd.@interface[0]=interface pimd.@interface[0].enabled=yes pimd.@interface[0].interface=lan pimd.@interface[0].ssm=yes pimd.@interface[0].igmp=yes pimd.@interface[1]=interface pimd.@interface[1].enabled=yes pimd.@interface[1].interface=wan _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 301 of 336...
Page 302 32: Configuring multicasting using PIM and IGMP interfaces _______________________________________________________________________________________________________ pimd.@interface[1].ssm=yes pimd.@interface[1].igmp=no To change any of the above values use uci set command. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 302 of 336...
Page 303: Event System
_______________________________________________________________________________________________________ 33 Event system Virtual Access routers feature an event system. It allows you to forward router events to predefined targets for efficient control and management of devices. This chapter explains how the event system works and how to configure it using UCI commands.
Page 304: Supported Targets
The configuration is composed of a main section and as many forwardings, targets and connection testers as required. 33.7.1 Va_eventd: main section 33.7.1.1 Main using UCI root@VA_router:~# uci show va_eventd va_eventd.main=va_eventd va_eventd.main.enabled=yes va_eventd.main.event_queue_file=/tmp/event_buffer va_eventd.main.event_queue_size=128K _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 304 of 336...
Page 305 To define a forwarding label of Monitor using UCI, enter: va_eventd.Monitor=forwarding In the examples below no forwarding label has been defined. 33.7.3 Forwarding using UCI root@VA_router:~# uci show va_eventd va_eventd.@forwarding[0]=forwarding va_eventd.@forwarding[0].enabled=1 va_eventd.@forwarding[0].className=ethernet _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 305 of 336...
Page 306 UCI: va_eventd.<forwarding Only generate events with the given className and the given label>.eventName eventName. The eventName is optional and can be omitted. Opt: eventName _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 306 of 336...
Page 307 If successful, the event system assumed the connection is valid for a configurable amount of time. 33.7.6.2 Ping connection tester using UCI va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].name=pinger va_eventd.@conn_tester[0].enabled=1 va_eventd.@conn_tester[0].type=ping _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 307 of 336...
Page 308 A link connection tester tests a connection by checking the status of the interface being used. 33.7.6.6 Link connection tester using UCI va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].name=linktest va_eventd.@conn_tester[0].enabled=1 va_eventd.@conn_tester[0].type=link va_eventd.@conn_tester[0].link_iface=eth0 Link connection tester using package options _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 308 of 336...
Page 309 When a syslog target receives an event, it sends it to the configured syslog server. In the examples below no target label has been defined. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 309 of 336...
Page 310 IP Address or FQDN and Port number to send the syslog message label>.target_addr to. If no port is given, 514 is assumed. Format: x.x.x.x:port or FQDN:port Opt: target_addr _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 310 of 336...
Page 311 1 option type email option smtp_addr "smtp.site.com:587" option smtp_user 'john_smith@site.com' option smtp_password 'secret word' option use_tls '0' option tls_starttls '0' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 311 of 336...
Page 312 Source email address. label>.from Opt: from UCI: va_eventd.<target label>.to Destination email address. Opt: to UCI: va_eventd.<target Template to use for the email subject. label>.subject_template Opt: subject_template _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 312 of 336...
Page 313 Enabled. UCI: va_eventd.<target label>.type Must be snmptrap for a snmp target. Opt: type syslog Syslog target email Email target snmptrap SNMP target exec Exec target _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 313 of 336...
Page 314 SNMP target exec Exec target UCI: va_eventd.<target Template of the command to execute. label>.cmd_target Opt: cmd_target Table 110: Information table for exec target settings _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 314 of 336...
Page 315: Event System Diagnostics
| informat | SMS send success: %{p1} | mobile 9 | SMSSendError | warning | SMS send error: %{p1} | mobile 10 | SMSSent | notice | Sent SMS _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 315 of 336...
Page 316 | ipsec 10 | IPSecDPDTimeOut | informat | IPSec IKE %{p1} DPD timed out | wifi 1 | WiFiConnectedToAP | notice | WiFi %{p1} _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 316 of 336...
Page 317 2 | Adjust | informat | NTP adjust by %{p1} | ntp 3 | QueryTimeout | warning | NTP query to %{p1} timed out. Ne.. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 317 of 336...
Page 318 'yes' option className 'l2tp' option eventName 'CannotFindTunnel' option severity 'debug-critical' option target 'syslog' config forwarding option enabled 'yes' option className 'mobile' option severity 'notice-critical' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 318 of 336...
Page 319 'yes' option type 'syslog' option target_addr '192.168.100.254:514' option conn_tester 'mon_server' config target option name 'email' option enabled 'yes' option type 'email' option smtp_addr '89.101.154.148:465' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 319 of 336...
Page 320 '192.168.100.254' option agent_addr '192.168.100.1' option conn_tester 'mon_server' config target option name 'logit' option enabled 'yes' option type 'exec' option cmd_template 'logger -t eventer %{eventName}' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 320 of 336...
Page 321: Configuring Sla Reporting On Monitor
To enable all devices under a particular reseller for SLA, under the SLA tab, click ON. The user must have admin privileges for any change to be made. If they do not, they will be informed of this fact. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 321 of 336...
Page 322: Configuring Router Upload Protocol
The graphs initially appear in an hourly format. To expand or reduce the time axis, use the appropriate zoom button. To navigate forwards or backwards chronologically, use the right and left arrow buttons. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 322 of 336...
Page 323 To view raw data, click each graph to produce the following information. Figure 156: Raw data information from each graph To change the range of the graph, click zoom. Figure 157: Altered range of graph information _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 323 of 336...
Page 324 SLA Element drop-down menu. If you have not removed any graphs, this drop-down menu is not available. Figure 159: interface showing the add SLA element drop-down menu _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 324 of 336...
Page 325: Generating A Report
Monitor3 Report Generator background service. These reports can then be found in: C:\Monitor\SlaReporting directory. The available frequency of report options in the drop-down list are: Once off • Hourly • Daily • Weekly • _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 325 of 336...
Page 326 Figure 162: Sample from the select devices page Click Continue and then add SLA report elements. Figure 163: Add report elements in the create statistic report _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 326 of 336...
Page 327 To view a report, in the header menu, select Statistic Reports. From the drop down box, select the relevant report and click Generate. The report appears. Figure 164: Example of a completed report _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 327 of 336...
Page 328: Reporting Device Status To Monitor Using Uci
Monitor. To allow Monitor to track the IP address and ongoing presence of the device, a heartbeat SNMP trap is sent by default every minute. The router is capable of sending SNMP in version 1, 2c and 3. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 328 of 336...
Page 329 Opt: snmp_context_eid UCI: monitor.main. snmp_sec_eid snmpv3 security engine ID. Opt: snmp_sec_eid A sample Monitor configuration is shown below. root@VA_router:~# uci show monitor monitor.main=keepalive monitor.main.enable=yes monitor.main.interval_min=1 monitor.main.dev_reference=mikesamazondev _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 329 of 336...
Page 330 'v2' option enable 'yes' option interval_min '1' list monitor_ip '172.16.250.100' option dev_reference 'TEST' option snmp_version '2c' config keepalive 'v3' option enable 'yes' option interval_min '1' _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 330 of 336...
Page 331 'TEST' option snmp_auth_pass 'vasecret' option snmp_auth_proto 'MD5' option snmp_priv_pass 'vasecret' option snmp_priv_proto 'DES' config interface_stats 'stats' option enabled 'yes' option bin_period '1m' option bin_cache_size '1440 _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 331 of 336...
Page 332: Configuring Sla For A Router
35 Configuring SLA for a router SLA reporting works in two parts: 1. The Virtual Access Monitor system server connects via SSH into the router and schedules the task of uploading statistics to Monitor. 2. The Virtual Access router monitors UDP keepalive packets. It creates and stores statistics in bins.
Page 333 UCI: slad.main.max_bin_count Opt: max_bin_count Table 112: Information table for SLA settings When you have made all your configuration changes, click Save & Apply. _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 333 of 336...
Page 334: Configuring Sla For A Router Using Uci
Viewing SLA statistics using UCI To show all available statistic options, enter: root@VA_router:~# sla sla [current] | [all] | [oldest] | [newest] | [newest N] | [range: YYYMMDDHH-YYYYMMDDHH] _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 334 of 336...
Page 335 To show the newest statistics, enter: root@VA_router: ~# sla newest ---------------------------------------- Bin valid: Start time 01.01.1970 03:32:00 End time 01.01.1970 03:33:00 Pkts In: Pkts Out: Bytes In: _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 335 of 336...
Page 336 Avg Round Trip: 1 ms Min GSM signal quality: -63 dBm Max GSM signal quality: -63 dBm Avg GSM signal quality -63 dBm Availability: 100.00% _____________________________________________________________________________________________________ © Virtual Access 2017 GW7304 Series User Manual Issue: 1.9 Page 336 of 336...

This manual is also suitable for:

Gw7304-3g-dc

virtual access GW7304-3G-AC User Manual

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for virtual access GW7304-3G-AC

Summary of Contents for virtual access GW7304-3G-AC

This manual is also suitable for:

Table of Contents