1. Manuals
  2. Brands
  3. virtual access Manuals
  4. Wireless Router
  5. GW2021
  6. User manual

virtual access GW2021 User Manual

Virtual access gw2020 series 3g/4g lte/cdma450 wireless router
Hide thumbs Also See for GW2021:
Table of Contents

Advertisement

Quick Links

Download this manual
GW2020 Series User Manual
Issue:
2.3
Date:
08 May 2015

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the GW2021 and is the answer not in the manual?

Questions and answers

Related Manuals for virtual access GW2021

Summary of Contents for virtual access GW2021

  • Page 1 GW2020 Series User Manual Issue: Date: 08 May 2015...

  • Page 2: Table Of Contents

    Powering up the GW2024P ............... 18 2.17 Reset button ..................19 GW2020 Series LED behaviour ..............20 Main LED behaviour................. 20 Ethernet port LED behaviour ..............21 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 2 of 264...
  • Page 3 Configuring a router’s host name ............53 11.4 User management ................... 56 11.4.1 Configuration file: config user ............. 56 11.4.2 UCI export and UCI show commands ........... 58 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 3 of 264...
  • Page 4 Configuring WiFI on a new interface ..........101 16.6 Configuring WiFi in client mode ............... 103 17 Configuring a 3G/4G connection ............... 105 18 Configuring SMS ..................108 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 4 of 264...
  • Page 5 Block access to the internet using MAC ........... 145 22.10.7 Block access to the internet for specific IP on certain times ....145 22.10.8 Restricted forwarding rule ............. 146 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 5 of 264...
  • Page 6 Introduction ..................185 28.2 Terminal Server interfaces ..............185 28.3 Configuring Terminal Server ..............185 28.3.1 Configuring Terminal Server using the web interface ......185 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 6 of 264...
  • Page 7 Exec target ......................216 31.6.5 Example and export ................ 217 32 Configuring SLA reporting on Monitor ............223 32.1 Introduction ..................223 32.2 Configuring SLA reporting ..............223 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 7 of 264...
  • Page 8 Packages ..................256 34.11.2 Asterisk CLI diagnostics ..............257 34.11.3 ISDN LED status ................258 34.12 IPSec diagnostics ................258 34.13 Multi-WAN diagnostics ................ 259 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 8 of 264...
  • Page 9 VRRP diagnostics using the command line interface ......263 34.17 Diagnostics for WiFi AP mode .............. 264 34.18 Diagnostics for WiFi client mode ............264 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 9 of 264...

  • Page 10: Introduction

    1: Introduction _______________________________________________________________________________________________________ 1 Introduction This user manual describes the features and how to configure a Virtual Access GW2020 Series router. The Virtual Access GW2020 Series router is a versatile 3G/4G LTE/CDMA450 wireless router suitable for a variety of business and industrial deployments. The...

  • Page 11: Gw2020 Series Hardware

    • Port 1: ‘/dev/ttySC1’ • Each serial port has a number of configurable settings, such as baud rate, word size, parity, flow control mode, etc. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 11 of 264...

  • Page 12: Serial Ports On The Gw2020 Series

    Name Direction (From GW2020 Series) (From GW2020 Series) Tx/Rx+ In/Out Tx/Rx In/Out 2.3.2 Serial ports on the GW2024P Figure 2: Serial ports on the GW2024P _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 12 of 264...

  • Page 13: Rs232 Pinout For The Gw2024P

    Serial ports on the GW2028 series Figure 3: Serial ports on the GW2028 2.3.3.1 RS232 pin-out for the GW2028 Name Direction TX Data RX Data _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 13 of 264...

  • Page 14: Rs485 Pin-Out For The Gw2028

    PTC. DIN rail 240 – 24V AC transformer, -40°C to +70°C • 2.5.3 GW2028 series DIN rail 100V-240V AC PSU -20°C to +70°C • _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 14 of 264...

  • Page 15: Router Dimensions

    Extended temperature AC PSU GW202X-DC -20°C to 70°C DC power cable GW2024P -40°C to 70°C DIN Rail PSU GW2028 -20°C to 70°C DIN Rail PSU _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 15 of 264...

  • Page 16: Antenna

    1 x rubber right angle antenna. Table 1: GW2020 Series router standard components Optional components include: 1 x lockable SIM cover. 1 x extra antenna Virtual Access supplies a wide range of antennas. Please visit our website: www.virtualaccess.com or contact Virtual Access for more information.

  • Page 17: Gw2024P Components

    2. Hold the SIM 1 card with the chip side facing down and the cut corner front left. 3. Gently push the SIM card into SIM slot 1 until it clicks in. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3...

  • Page 18: Connecting The Sim Lock

    Wire the 24V AC output to the supplied 2 pin terminal connector. Replace the covers on the AC transformer terminal block. Connect the 24V AC output to the GW2024P. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 18 of 264...

  • Page 19: Reset Button

    The router resets to factory configuration. Between 20 seconds and 25 seconds Recovery mode. Over 25 seconds Normal reset Table 5: GW2020 Series router reset behaviour _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 19 of 264...

  • Page 20: Gw2020 Series Led Behaviour

    PPP connected and signal strength <= -89dBm. Signal LEDs PPP connected and signal strength between -89dBm and - 69dBm. PPP connected and signal strength >-69dBm. Table 6: LED behaviour and descriptions _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 20 of 264...

  • Page 21: Ethernet Port Led Behaviour

    (green) Physical Ethernet link detected. No data is being transmitted/received over the link. ACT LED (amber) Flashing Data is being transmitted/ received over the link. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 21 of 264...

  • Page 22: Gw2024P Series Led Behaviour

    PPP connected and signal strength between -89dBm and -69dBm. PPP connected and signal strength >-69dBm *Note: When PPP is not connected, none of the signal LEDs will light regardless of signal strength. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 22 of 264...

  • Page 23: Gw2028 Series Led Behaviour

    During this time, the power LED flashes. Other LEDs display different diagnostic patterns during boot up. Booting Booting is complete when the power LED stops flashing and stays on steady. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 23 of 264...

  • Page 24: Ethernet Port Led Behaviour

    (green) Physical Ethernet link detected No data is being transmitted/received over the link ACT LED (amber) Flashing Data is being transmitted/ received over the link _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 24 of 264...

  • Page 25: Factory Configuration Extraction From Sim Card

    6: Factory configuration extraction from SIM card _______________________________________________________________________________________________________ 6 Factory configuration extraction from SIM card Virtual Access routers have a feature to update the factory configuration from a SIM card. This allows you to change the factory configuration of a router when installing the SIM.

  • Page 26: Accessing The Router

    To access CLI start an SSH client and connect to the router’s 3G or 4G IP interface on port 22: 192.168.100.1/24. Then enter the default username and password. Username: Root Password: Admin _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 26 of 264...

  • Page 27: Upgrading Router Firmware

    8 Upgrading router firmware 8.1 Upgrading firmware using the web interface Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab > Backup/Flash Firmware. Figure 10: The system menu The Flash operations page appears.
  • Page 28 To verify that the router has been upgraded successfully, click Status in the top menu. The Firmware Version shows in the system list. Figure 14: The status page _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 28 of 264...

  • Page 29: Upgrading Firmware Using Cli

    To set the next image to boot to the alternative image, enter: vacmd set next image altimage. For your configuration changes to apply, you must reboot your router. Enter: reboot _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 29 of 264...

  • Page 30: File System

    To show the configuration to run after the next reboot, enter: root@VA_router:~# vacmd show next config To set the configuration to run after the next reboot, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 30 of 264...

  • Page 31: Configuration File Syntax

    Also, it is legal to use double instead of single quotes when typing configuration options. All of the examples below are valid syntax: option example value option 'example' value _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 31 of 264...

  • Page 32: Command Line Utility

    [<config>] import [<config>] changes [<config>] commit [<config>] <config> <section-type> add_list <config>.<section>.<option>=<string> show [<config>[.<section>[.<option>]]] <config>.<section>[.<option>] <config>.<section>[.<option>]=<value> delete <config>[.<section[.<option>]] rename <config>.<section>[.<option>]=<name> revert <config>[.<section>[.<option>]] reorder <config>.<section>=<position> _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 32 of 264...
  • Page 33 Table 1: Commands, target and their descriptions Note: all operations do not act directly on the configuration files. A commit command is required after you have finished your configuration. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 33 of 264...

  • Page 34: Command Line Utility Examples

    To show an alternate view of a configuration file, enter uci show: root@VA_router:~# uci show system system.main=system system.main.hostname=VA_router system.main.zonename=Europe/Dublin system.main.timezone=GMT0IST,M3.5.0/1,M10.5.0 system.main.cronloglevel=9 system.main.log_ip=0.0.0.0 system.main.log_port=514 system.ntp=timeserver system.ntp.server=0.openwrt.pool.ntp.org 1.openwrt.pool.ntp.org 2.openwrt.pool.ntp.org 3.openwrt.pool.ntp.org _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 34 of 264...

  • Page 35: Configuration Copying And Deleting

    The firmware upgrade system always downloads firmware to “altimage”. 9.1.6 Viewing files To view a text or configuration file in the system, enter the cat command: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 35 of 264...

  • Page 36: Copying Files

    To remove the contents of a specific folder regardless of the current folder, use: root@VA_router:~# rm –f /etc/config1/* To copy the contents of one folder into another, for example config2 into config1, use: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 36 of 264...

  • Page 37: Editing Files

    9.1.10 System information General information about software and configuration used by the router is displayed just after login or is available if you enter the following commands. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 37 of 264...
  • Page 38 VA_ACTIVECONFIG: config1 VA_IMAGE1VER: VIE-16.00.44 VA_IMAGE2VER: VIE-16.00.44 VA_BLDREV: 91a7f87ed61ca919e78f1c8e3cb840264f4887bb VA_REGION: VA_WEBVER: 00.00.00 VA_HWREV: VA_TOPVER: 16.00.44 Shows the general software and configuration details of the router. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 38 of 264...

  • Page 39: Command Line Interface

    These commands will show the full log, end of the log, paged log and continuously. Use Ctrl-C to stop the continuous output. To view a text or configuration file in the system, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 39 of 264...
  • Page 40 4 root root 67 Jul 16 2012 www To change current folder, enter: root@VA_router:/# cd /etc/ppp root@VA_router:/etc/ppp# To view scheduled jobs: root@VA_router:/# crontab –l _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 40 of 264...

  • Page 41: Unified Configuration Interface (Uci)

    The uci command is the preferred way of managing the configuration. Currently, you can directly access files, but this is not guaranteed for the future. A simple example of using the uci utility is shown below. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 41 of 264...
  • Page 42 When there are multiple rules next to each other, UCI uses array-like references for them. If there are 8 NTP servers, UCI will let you reference their sections as _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3...
  • Page 43 (don't print error messages) force strict mode (stop on parser errors, default) _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 43 of 264...
  • Page 44 Deletes the given section or option. Renames the given option or section to rename <config>.<section>[.<option>]=<name> the given name. Reverts the given option, section or revert <config>[.<section>[.<option>]] configuration file. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 44 of 264...

  • Page 45: Configuration Files

    In the lines starting with a list keyword, an option with multiple values is defined. All list statements that share the same name, collection in our example, _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 45 of 264...

  • Page 46: Examples

    After changing the port, uhttpd listens on from 80 to 8080 in the file /etc/config/uhttpd, save it. Then enter: root@VA_router:~# uci commit uhttpd then enter: root@VA_router:~# /etc/init.d/uhttpd restart Done. No reboot needed. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 46 of 264...

  • Page 47: Export An Entire Configuration

    [image1|image2|altimage] root@VA_router:~# reboot To retrieve new firmware from Activator, enter: root@VA_router:~# vacmd hdl $$.img altimage root@VA_router:~# vacmd set next image altimage root@VA_router:~# reboot _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 47 of 264...

  • Page 48: Management Configuration Settings

    Activator and Monitor. Activator is a Virtual Access proprietary provisioning system, where specific router configurations and firmware can be stored. Monitor is a Virtual Access proprietary tool, based on SNMP protocol, to monitor wide networks of deployed routers. 11.1...
  • Page 49 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 49 of 264...

  • Page 50: Httpclient - Activator Configuration

    Type Required Default Description Enabled boolean Enables the http client. Specifies the IP address of list FileServer integer none Activator that uses http port 80. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 50 of 264...
  • Page 51 A sample httpclient configuration is shown below. root@VA_router:~# uci show httpclient httpclient.default=core httpclient.default.Enabled=yes httpclient.default.FileServer=10.1.83.36:80 10.1.83.37:80 httpclient.default.SecureFileServer=10.1.83.36:443 10.1.83.37:443 httpclient.default.ActivatorDownloadPath=/Activator/Sessionless/Httpserver. httpclient.default.SecureDownload=no httpclient.default.PresentCertificateEnabled=no httpclient.default.ValidateServerCertificateEnabled=no httpclient.default.CertificateFile=/etc/httpclient.crt httpclient.default.CertificateFormat=PEM httpclient.default.CertificateKey=/etc/httpclient.key root@VA_router:~# uci export httpclient _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 51 of 264...
  • Page 52 Defines the IP address of Monitor. It is monitor_ip string (none) possible to specify multiple addresses to which SNMP heartbeat traps will be sent. A sample Monitor configuration is shown below. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 52 of 264...

  • Page 53: System Settings

    You can set your system setting options in the system section. To configure the router’s hostname, in the top menu, select System -> system. The System page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 53 of 264...
  • Page 54 Klogconloglevel integer console. Only messages with a level lower than this will be printed to the console. Identical to _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 54 of 264...
  • Page 55 If the list is empty, the built in hostnames NTP daemon is not started. A sample system configuration is shown below. root@VA_router:~# uci show system system.main=system system.main.hostname=VA_router system.main.timezone=UTC system.main.log_ip=10.1.83.36 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 55 of 264...

  • Page 56: User Management

    Specifies PAP access permissions Papuser Boolean for the PPP connection. Specifies SRP access permissions srpuser Boolean for the PPP connection. smsuser Boolean Specifies SMS access permissions _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 56 of 264...
  • Page 57 The user must use the new login details. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 57 of 264...

  • Page 58: Uci Export And Uci Show Commands

    'no' option srphash '0:2de6Dk6D4tFo8oVfb2iuY6aRj2cAoPeo2DAdCRcReBUc.9Px56rNmamtaBx7BiQIzNisYFJF VdhH6H0Z/Ys9RzU1SJrMVpmQZkJwqlB1tA.F7O.tf1VkGnXyiTLSCN68iJ.SltDDqeOprmLo/IW 9Ub7.qop44Ml3g6S5QJxpu.N5sLzpSvER.kAFNPR/DmK9D/.3SQzTtEZNYypmkgP9O2ihw/4uDU NIFGMzd3dBs0VdF1AaFWNNqpAx7qP1JC4R5KeM/iGdo7lmKFyOTkvTIZbhXnWTRrQD5Q6nQv.UX QrUmM4t3ztabT3gN.dibG3kNpMWl/DMLMBSghkXu7QosC:1uPbR5BbICQJFx' root@VA_router:~# uci show management_users management_users.@user[0]=user management_users.@user[0].enabled=1 management_users.@user[0].username=test management_users.@user[0].webuser=yes management_users.@user[0].linuxuser=yes management_users.@user[1]=user management_users.@user[1].enabled=1 management_users.@user[1].username=srptest management_users.@user[1].srpuser=1 management_users.@user[1].chapuser=0 management_users.@user[1].webuser=0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 58 of 264...

  • Page 59: Interfaces Configuration

    A minimal interface declaration consists of the following lines: root@VA_router:~# uci show network.wan network.wan=interface network.wan.proto=dhcp network.wan.ifname='eth0.1' config 'interface' 'wan' option 'proto' 'dhcp' option 'ifname' 'eth0.1' Wan is a unique logical interface name. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 59 of 264...

  • Page 60: Options Valid For All Protocol Types

    1 for Specifies whether to send Router protocol Solicitations on this interface. static, else monitored Boolean Specifies whether to send Interface status to Monitor. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 60 of 264...

  • Page 61: Protocol "Static

    11.5.5 Protocol "3g" (PPP over EV-DO, CDMA, UMTS or GRPS) Name Type Required Default Description Specifies the modem device node device file path (none) /dev/ttyACM0. service string umts Specifies the 3G service type: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 61 of 264...

  • Page 62: Protocol "L2Tp" (Layer 2 Tunneling Protocol)

    Alias sections also allow combinations like DHCP on the main interface and a static IPv6 address in the alias, for example to deploy IPv6 on WAN while _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 62 of 264...
  • Page 63 (none) IPv6 address (CIDR notation). is set ip6gw ipv6 address (none) IPv6 default gateway. list of ip (none) DNS server(s) _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 63 of 264...
  • Page 64 2: attach to layer 2 interface (br-* if parent is bridge else fallback to layer 1). 1: attach to layer 1 interface (eth*, wlan*). *any interface number, i.e 1, 2. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 64 of 264...

  • Page 65: Dhcp Server And Dns Configuration

    These are the default settings for the common options: root@VA_router:~# uci show dhcp dhcp.@dnsmasq[0]=dnsmasq dhcp.@dnsmasq[0].domainneeded=1 dhcp.@dnsmasq[0].boguspriv=1 dhcp.@dnsmasq[0].filterwin2k=0 dhcp.@dnsmasq[0].localise_queries=1 dhcp.@dnsmasq[0].rebind_protection=1 dhcp.@dnsmasq[0].rebind_localhost=1 dhcp.@dnsmasq[0].local=/lan/ dhcp.@dnsmasq[0].domain=lan dhcp.@dnsmasq[0].expandhosts=1 dhcp.@dnsmasq[0].nonegcache=0 dhcp.@dnsmasq[0].authoritative=1 dhcp.@dnsmasq[0].readethers=1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 65 of 264...
  • Page 66 DHCP leasing. Used if this is the only server in the network. Rejects reverse lookups to Boguspriv boolean private IP ranges where no corresponding entry exists in _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 66 of 264...
  • Page 67 Specifies a list of interfaces to (all list of interface listen on. If unspecified, interface interfaces names dnsmasq will listen to all interfaces except those listed in _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 67 of 264...
  • Page 68 (none) Specifies the TFTP root directory. Enables DNS rebind attack rebind_protection boolean protection by discarding upstream RFC1918 responses. rebind_localhost boolean Allows upstream 127.0.0.0/8 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 68 of 264...

  • Page 69: Dhcp Pools

    150 is the maximum number of addresses that may be leased, in the default configuration 192.168.1.250. 12h specifies the time to live for handed out leases, twelve hours in the example below. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 69 of 264...
  • Page 70 Assigns a network-id (value of to all clients that networkid string interface) obtain an IP address from this pool. Specifies the offset start integer from the network _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 70 of 264...

  • Page 71: Static Leases

    Specifies the IP address to be used for this string (none) host. string (none) Specifies the hardware address of this host. name string (none) Sets the optional hostname to assign. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 71 of 264...

  • Page 72: Vlan Configuration

    Use the VLAN definition section to define VLANs and assign them with VLAN ID, name and required network configurations. Figure 17: The VLAN definition section _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 72 of 264...

  • Page 73: Port Description

    You must use VLAN ID to value/text specify which VLANs or ‘all’ to configure a port as trunk interface. Table 10: The port description fields and their descriptions _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 73 of 264...

  • Page 74: Vlans Uci Interface

    'B' option vlans '2' config port option port 'C' option trunk 'yes' option vlans 'all' config nat_vlan 'nat_vlan' option nat_vlanid '1' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 74 of 264...
  • Page 75 Modify these settings by running uci set <parameter> command. The following tables describe the UCI parameters for each section. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 75 of 264...

  • Page 76: Config Port

    13.4.3 Config nat vlan Name Type Required Default Description VLAN ID number. Defines VLAN Numeric Nat vlanid Blank that will be sent across the trunk value untag _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 76 of 264...

  • Page 77: Static Routes Configuration

    Network gateway. If omitted, the gateway Gateway ip address (none) from the parent interface is taken. If set to 0.0.0.0 no gateway will be specified for the _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 77 of 264...

  • Page 78: Ipv6 Routes

    (none) gateway from the parent interface is taken. metric number Specifies the route metric to use. interface number Defines a specific MTU for this route. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 78 of 264...
  • Page 79 Tells dropbear to listen only Interface string (none) on the specified interface. SSH-2.0- Sets alternative name that Identity string dropbear_2013.60 appears for dropbear version _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 79 of 264...

  • Page 80: Bgp (Border Gateway Protocol)

    Figure 20: BGP global settings page Name Type Required Default Description Check BGP Enabled Unchecked Enables BGP protocol. Router ID Integer None Sets Unique Router ID in format 4 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 80 of 264...

  • Page 81: Optionally Configure Bgp Route Map

    Dropdown IP address Available options are: Menu IP Address, IP Next-Hop, AS-Path, Route Metric, BGP Community Match Value None Format depends on Match Type. In _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 81 of 264...

  • Page 82: Configure Bgp Neighbours

    Click Save & Apply. 15.4 Routes statistics To view routes statistics, in the top menu click Status -> Routes. The routing table appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 82 of 264...

  • Page 83: Bgp Uci Interface

    You can also configure BGP UCI through CLI using the UCI command suite. The configuration file is stored at: /etc/config/bgpd To view the configuration file, use the commands: uci export bgpd uci show bgpd _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 83 of 264...
  • Page 84 '192.168.101.1/32' option set_type 'ip next-hop' option set '150' root@VA_router:~# uci show bgpd bgpd.bgpd=routing bgpd.bgpd.enabled=yes bgpd.bgpd.router_id=3.3.3.3 bgpd.bgpd.asn=1 bgpd.bgpd.network=11.11.11.0/29 192.168.103.1/32 bgpd.@peer[0]=peer bgpd.@peer[0].route_map_in=yes bgpd.@peer[0].ipaddr=11.11.11.1 bgpd.@peer[0].asn=1 bgpd.@peer[0].route_map=ROUTEMAP bgpd.ROUTEMAP=routemap bgpd.ROUTEMAP.order=10 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 84 of 264...
  • Page 85 15: BGP (Border Gateway Protocol) _______________________________________________________________________________________________________ bgpd.ROUTEMAP.permit=yes bgpd.ROUTEMAP.match_type=ip address bgpd.ROUTEMAP.match=192.168.101.1/32 bgpd.ROUTEMAP.set_type=ip next-hop bgpd.ROUTEMAP.set=150 To change any of the above values use uci set command _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 85 of 264...

  • Page 86: Configuring Wifi

    16: Configuring WiFi _______________________________________________________________________________________________________ 16 Configuring WiFi This section explains how to configure WiFi on a Virtual Access router using the web interface or via UCI. 16.1 Configuring WiFi through the web interface WiFi can act as an Access Point (AP) to another device in the network or it can act as a client to an existing AP.
  • Page 87 Selects the interface for WiFi. Scroll to the bottom of the page and click Save. In the top menu, select Network -> WiFi. The Wireless Overview page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 87 of 264...

  • Page 88: Setup Tab

    Drop Available range 0 dBm(1 Transmit Power down 17 dBm (50 mW) mW) – 17dBm(50 mW) menu Scroll down to the Interface Configuration section. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 88 of 264...
  • Page 89 Identification. The name of the menu wireless local area network Drop Access Mode down Selects Access Point mode. Point menu Click Save. Select the Wireless Security tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 89 of 264...

  • Page 90: Configuring Wifi In Ap Mode On A New Interface

    In the top menu, select Network -> Wifi. The Wireless Overview page appears. Figure 31: The wireless overview page Click Add to create a new WiFi interface. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 90 of 264...
  • Page 91 Transmit Power down 17 dBm (50 mW) mW) – 17dBm(50 mW) menu In the Interface Configuration section, make sure you have selected the General Setup tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 91 of 264...
  • Page 92 Identification. The name of the menu wireless local area network Drop Access Mode down Selects Access Point mode. Point menu Select the Wireless Security tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 92 of 264...
  • Page 93 Click Edit on the newly created interface. Ensure you have selected the General Setup tab. In the Protocol drop down menu, select Static Address. A ‘Switch Protocol’ button appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 93 of 264...
  • Page 94 Static Protocol down Address menu Numeric IP address assigned to this IPv4 address Value interface Numeric IP netmask assigned to this IPv4 netmask interface Value _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 94 of 264...

  • Page 95: Configuring Wifi In Client Mode

    In the top menu, select Network ->Wifi. The Wireless Overview page appears. Figure 38: The wireless overview page Click Add to create a new WiFi Client interface. The Wireless Network page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 95 of 264...
  • Page 96 Transmit Power down 17 dBm (50 mW) mW) – 17dBm(50 mW) menu In the Interface Configuration section, make sure you have selected the General Setup tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 96 of 264...
  • Page 97 Blank Identification. The name of the menu wireless local area network Drop Access Mode down Selects mode. Point menu Select the Wireless Security tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 97 of 264...
  • Page 98 Figure 41: The interface overview page showing the newly created interface Click Edit on the newly created interface. The Interfaces - WCLIENT page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 98 of 264...

  • Page 99: Configuring Wifi Via Uci

    The configuration files are stored on: Network file /etc/config/network • • Wireless file /etc/config/wireless To view the configuration file, use the command: uci export network _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 99 of 264...
  • Page 100 'US' config wifi-iface option device 'radio0' option mode 'ap' option disabled '1' option ssid 'Test_AP' option network 'lan' option encryption 'psk' option key 'secretkey' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 100 of 264...

  • Page 101: Configuring Wifi On A New Interface

    16.5.2 Configuring WiFI on a new interface uci export network package network config interface 'newlan' option proto 'static' option ipaddr '192.168.111.1' option netmask '255.255.255.0' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 101 of 264...
  • Page 102 'newlan' option encryption 'psk' option key 'secretkey' To view UCI commands, enter: uci show network network.newlan=interface network.newlan.proto=static network.newlan.ipaddr=192.168.111.1 network.newlan.netmask=255.255.255.0 uci show wireless wireless.radio0=wifi-device wireless.radio0.type=mac80211 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 102 of 264...

  • Page 103: Configuring Wifi In Client Mode

    'mac80211' option channel '11' option phy 'phy0' option hwmode '11ng' option htmode 'HT20' list ht_capab 'SHORT-GI-40' list ht_capab 'TX-STBC' list ht_capab 'RX-STBC1' list ht_capab 'DSSS_CCK-40' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 103 of 264...
  • Page 104 TX-STBC RX-STBC1 DSSS_CCK-40 wireless.radio0.txpower=17 wireless.radio0.country=US wireless.@wifi-iface[0]=wifi-iface wireless.@wifi-iface[0].device=radio0 wireless.@wifi-iface[0].ssid=Remote-AP wireless.@wifi-iface[0].mode=sta wireless.@wifi-iface[0].network=WCLIENT wireless.@wifi-iface[0].encryption=psk2 wireless.@wifi-iface[0].key=testtest _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 104 of 264...

  • Page 105: Configuring A 3G/4G Connection

    The Interfaces Overview page appears. Figure 44: The interfaces overview page. Click Edit on WAN or LAN to make your changes. For WAN connectivity, the Common Configuration page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 105 of 264...

  • Page 106: Settings Tab

    To check for connectivity, return to the top menu, and under Network -> Interfaces, the WAN interface will show receive and transmit packets and an IP address. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 106 of 264...
  • Page 107 17: Configuring a 3G/4G connection _______________________________________________________________________________________________________ Figure 46: The interfaces overview page To view 3G/4G connectivity information, browse to Status -> 3G Stats. Figure 47: The 3G information page _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 107 of 264...

  • Page 108: Configuring Sms

    Add in specific caller numbers or use the wildcard symbol * as shown below. Click Enable. Select Respond if you want the router to reply. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 108 of 264...

  • Page 109: Monitoring Sms

    You can send an outgoing message via the command line using the following syntax. sendsms 353872243909 ‘hello’ Figure 51: Output from the syntax sendsms 353872243909 ‘hello _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 109 of 264...

  • Page 110: Configuring Multi-Wan

    - > interfaces or alternatively, run: cat/etc/config/network through CLI. Enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters will appear. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 110 of 264...
  • Page 111 DNS servers by default. ICMP Host(s) list/IP address Configure to any address. Health Monitor Dropdown list 3 secs Sets Ping timeout in seconds. ICMP Timeout _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 111 of 264...
  • Page 112 You can also set up traffic rules, to forward specific traffic out of the right WAN interface, based on source, destination address, protocol or port. This is useful to force traffic on specific interfaces when using multiple WAN interfaces simultaneously. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 112 of 264...

  • Page 113: Multi-Wan Uci Interface

    '3' option health_recovery_retries '5' option priority '2' option manage_state 'yes' option exclusive_group '3g' option ifup_retry_sec '36000' option icmp_hosts 'disable' option signal_threshold '-111' option rscp_threshold '-90' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 113 of 264...
  • Page 114 Configures weight for load-balancing. Not Weight relevant when two SIM cards are being used. Sets the period to check health status of Health interval interface. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 114 of 264...
  • Page 115 3G (dBm) before considering the interface as fail. ECIO Threshold Specifies the minimum ECIO signal strength for 3G (dBm) before considering the interface as fail. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 115 of 264...

  • Page 116: Automatic Operator Selection

    Introduction to automatic operator selection This section describes how to configure and operate the Automatic Operator Selection feature of a Virtual Access router. When the roaming SIM is connected, the 3G module has the ability to scan available 3G networks. The router, using mobile and multi-WAN packages, finds available networks to create and sort interfaces according to their signal strength.

  • Page 117: Creating Primary Predefined Interface

    Type in the name of the interface in Name of the new interface field. Type the Interface Name in following format: 3g_s<sim-number>_<short- operator-name>. Where <sim-number> is number of roaming SIM (1 or 2) _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 117 of 264...
  • Page 118 Numeric value None SIM Card’s PIN number PAP/CHAP String None Username used to connect to username PAP/CHAP String None Password used to connect to password _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 118 of 264...

  • Page 119: Setting Multi-Wan Options For Primary Predefined Interface

    In the WAN Interfaces section, type in the name of the Multi-WAN Interface. Note: this name should match the name specified in the previous section. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 119 of 264...
  • Page 120 ‘Setting options for Automatically Created interfaces’ section below. Ensure you have selected the Manage Interface State (Up/Down) option. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 120 of 264...

  • Page 121: Setting Options For Automatically Created Interfaces

    20.3.1.3 Setting options for automatically created interfaces From the top menu on the web interface page, select Services ->Mobile Manager. The Mobile Manager page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 121 of 264...
  • Page 122 Figure 61: The mobile manager page Under Basic Settings, click Add. The Basic settings for Mobile Manager page appears. Figure 62: Basic settings field in the mobile manager page _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 122 of 264...
  • Page 123 (when 0) or from two SIMs (1) Under Roaming Template Interface click Add. The Roaming Interface Template page appears. Figure 63: The roaming interface template page _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 123 of 264...
  • Page 124 Sets SIM card PIN number. PAP/CHAP String None Sets username username used to connect to APN. PAP/CHAP String None Sets password password used to connect _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 124 of 264...
  • Page 125 When you have configured your settings, click Save & Apply. In the top menu, select System -> Reboot. The System page appears. Figure 64: The reboot page _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 125 of 264...

  • Page 126: Pmp + Roaming: Pre-Empt Disabled

    In the top menu, select System -> Reboot. The System Reboot page appears. Figure 66: The system reboot page Check the Reboot now check box and then click Reboot. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 126 of 264...

  • Page 127: Roaming: No Pmp Defined

    From the top menu, select Network -> Multi-Wan. The Multi-WAN page appears. Figure 67: The multi-WAN page Scroll to the WAN Interfaces section, and click Delete to delete predefined Interface. Click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 127 of 264...

  • Page 128: Disable Roaming

    ‘foobar’ option username 'root' option password 'admin' option operator 'foobar’ root@VA_router:/etc/config1# Apply the ‘operator’ option to both interfaces where both SIMs are used. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 128 of 264...

  • Page 129: Configuring Ipsec

    Uniqueids boolean Participant IDs normally are unique, so a new (automatically-keyed) connection using the same ID is almost invariably intended to replace an old one. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 129 of 264...

  • Page 130: Connection Settings

    Sets the Subnet of remote LAN. Specifies the IKE algorithm to use. The format is: string encAlgo-authAlgo-DHGroup encAlgo: 3des, aes, serpent, twofish, blowfish aes128-sha1- authAlgo: md5, sha, sha2 modp2048,3des- _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 130 of 264...
  • Page 131 (see rekeymargin). Syntax: timespec: 1d, 2h, 25m, 10s. Specifies how long before rekeymargin string connection expiry or keying- channel expiry should attempt to _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 131 of 264...
  • Page 132 150s dpdtimeout string inactivity. Syntax: timespec: 1d, 2h, 25m, 10s. A typical tunnel configuration is shown below. Strongswan.@connection[0]=connection Strongswan.@connection[0].type=tunnel Strongswan.@connection[0].name=test Strongswan.@connection[0].waniface=wan Strongswan.@connection[0].localid=10.1.1.1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 132 of 264...
  • Page 133 'remotelanmask' "255.255.255.0" option 'ike' "3des-md5-modp1024" option 'esp' "3des-md5" option 'auto' 'start' option 'ikelifetime' "8h" option 'keylife' "1h" option 'rekeymargin' "9m" option 'keyingtries' "3" option 'dpdaction' "hold" _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 133 of 264...

  • Page 134: Shunt Connection

    21.4 Secret settings Each tunnel also requires settings for how the local end point of the tunnel proves its identity to the remote end point. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 134 of 264...
  • Page 135 ‘Connection Settings’, is shown below: Strongswan.@secret[0]=secret Strongswan.@secret[0].enabled=yes Strongswan.@secret[0].localaddress=10.1.1.1 Strongswan.@secret[0].remoteaddress=10.2.2.2 Strongswan.@secret[0].secrettype=psk Strongswan.@secret[0].secret=secret config 'secret' option 'enabled' "yes" option 'localaddress' "10.1.1.1" option 'remoteaddress' "10.2.2.2" option 'secrettype' 'psk' option 'secret' "secret" _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 135 of 264...
  • Page 136 'yes' option idtype 'userfqdn' option userfqdn 'testxauth' option remoteaddress '10.2.2.2' option secret 'xauth' option secrettype 'XAUTH' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 136 of 264...

  • Page 137: Configuring Firewall

    Name Type Required Default Description zone name (none) Sets the unique zone name. name network list (none) Defines a list of interfaces attached to this _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 137 of 264...

  • Page 138: Forwarding Sections

    (none) name refer to one of the defined zone names. Defines protocol family (ipv4, ipv6 or any) to family string generate iptables rules for. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 138 of 264...

  • Page 139: Redirects

    Protocol family (ipv4, ipv6 or any) to family string generate iptables rules for. Disables NAT reflection for this redirect if set reflection boolean to 0 - applicable to DNAT targets. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 139 of 264...

  • Page 140: Rules

    Firewall action (ACCEPT, REJECT, DROP) for target string DROP matched traffic. Protocol family (ipv4, ipv6 or any) to family string generate iptables rules for. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 140 of 264...

  • Page 141: Includes

    IPv6 only rule: config rule option src wan option src_ip fdca:f00:ba3::/64 option target ACCEPT Similarly, such a rule is automatically treated as IPv4 only. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 141 of 264...

  • Page 142: Implications Of Drop Vs. Reject

    (like the IP at which traffic was actually blocked) • client software can recover faster from rejected connection attempts • network debugging easier (routing and firewall issues clearly • distinguishable) _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 142 of 264...

  • Page 143: Note On Connection Tracking

    This example enables machines on the Internet to use SSH to access your router. 22.10.2 Forwarding ports (destination NAT/DNAT) This example forwards http, but not HTTPS, traffic to the web server running on 192.168.1.10: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 143 of 264...

  • Page 144: Source Nat (Snat)

    Internet, but allows it to access a few services by manually forwarding what appear to be a few local services; for example, NTP to the Internet. While DNAT _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 144 of 264...

  • Page 145: True Destination Port Forwarding

    22.10.7 Block access to the internet for specific IP on certain times The following rule blocks all connection attempts to the internet from 192.168.1.27 on weekdays between 21:00pm and 09:00am. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 145 of 264...

  • Page 146: Restricted Forwarding Rule

    192.168.1.100 listening on port 3128. It assumes the router LAN address to be 192.168.1.1 - this is needed to masquerade redirected traffic towards the proxy. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 146 of 264...

  • Page 147: Simple Dmz Rule

    This example enables proper forwarding of IPSec traffic through the WAN. # AH protocol config rule option src option dest option proto option target ACCEPT _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 147 of 264...

  • Page 148: Manual Iptables Rules

    Executing the following command will flush all rules and set the policies to ACCEPT on all standard chains: root@VA_router:/# /etc/init.d/firewall stop To manually start the firewall, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 148 of 264...

  • Page 149: Debug Generated Rule Set

    1 (one): root@VA_router:/# FW_TRACE=1 fw reload To direct the output to a file for later inspection, enter: root@VA_router:/# FW_TRACE=1 fw reload 2>/tmp/iptables.lo _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 149 of 264...

  • Page 150: Configuring Snmp

    Another sample agent configuration shown below causes the agent to listen on udp port 161, tcp port 161 and udp port 9161 on only the interface associated with the localhost address. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 150 of 264...

  • Page 151: System

    The following sample specifies that a request from any source using “public” as the community string will be dealt with using the security name “ro”. However, _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 151 of 264...
  • Page 152 “private” group. config 'group' 'public_v1' option group 'public' option version 'v1' option secname 'ro' config 'group' 'public_v2c' option group 'public' option version 'v2c' option secname 'ro' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 152 of 264...
  • Page 153 1: is everything string .iso.org.dod.Internet.mgmt.mib-2: mib2 Any other valid oid The following example defines two views, one for the entire system and another for only mib2. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 153 of 264...

  • Page 154: Access

    “all” view and the “private” group being granted read and write access on the “all” view. config 'access' 'public_access' option group 'public' option context 'none' option version 'any' option level 'noauth' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 154 of 264...

  • Page 155: Snmp Traps

    # for SNMPv2c inform request receiver config informreceiver option host 'IPADDR[:PORT]' option community 'COMMUNITY STRING' An additional option was added to the 'agent' subsection: option authtrapenabled '0|1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 155 of 264...

  • Page 156: Configuring Http Server

    Defines the prefix for dispatching lua_prefix string (none) requests to the embedded Lua interpreter, relative to the _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 156 of 264...
  • Page 157 Multiple sections of the type uhttpd may exist - the init script will launch one webserver instance per section. A standard uhttpd configuration is shown below. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 157 of 264...

  • Page 158: Https Certificate Settings And Creation

    Size of the generated RSA key in bits. country string ISO country code of the certificate issuer. state string Berlin State of the certificate issuer. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 158 of 264...

  • Page 159: Basic Authentication (Httpd.conf)

    The password can be either in plain text format, MD5 encoded or in the form $p$user where the user refers to an account in /etc/shadow or /etc/passwd. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 159 of 264...

  • Page 160: Securing Uhttpd

    'dropbear' config 'dropbear' option 'PasswordAuth' 'on' option 'RootPasswordAuth' 'on' option 'Port' '22' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 160 of 264...

  • Page 161: Virtual Router Redundancy Protocol (Vrrp)

    To check which software your router is running, SSH to a router and the following information is shown. Figure 68: Example output after accessing the router via SSH _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 161 of 264...

  • Page 162: Vrrp Web Interface

    To configure VRRP through the web interface, in the top menu, select Network - > VRRP. The VRRP page appears. Figure 71: The VRRP page _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 162 of 264...
  • Page 163 Globally enables VRRP on the router. Under the VRRP Group Configuration title, click Add. Figure 73: The VRRP group configuration section Check the Group enabled option check box. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 163 of 264...
  • Page 164 Sets the virtual IP address and mask in Virtual IP String Blank prefix format. For example, ’11.1.1.99/24’. All co-operating VRRP _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 164 of 264...

  • Page 165: Configuring Vrrp Using Uci

    'lan' option init_state 'BACKUP' option router_id '1' option priority '115' option advert_int_sec '2' option password 'secret' option virtual_ipaddr '10.1.10.150/16' option garp_delay_sec '5' option ipsec_connection 'Test' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 165 of 264...
  • Page 166 VRRP entering BACKUP/MASTER state Table 2: Config interface fields and their descriptions To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 166 of 264...

  • Page 167: Multicasting Using Pim And Igmp Interfaces

    Configuring PIM and IGMP via the web interface To configure PIM through the web interface, in the top menu, select Network -> PIM. The PIM page appears. Figure 75: The PIM page _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 167 of 264...
  • Page 168 Enable IGMP Checkbox Unchecked Enable IGMP on given interface. Enable SSM Checkbox Unchecked Enable SSM on given interface. Table 16: The PIM global settings description _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 168 of 264...

  • Page 169: Pim And Igmp Uci Interface

    'yes' option interface 'wan' option ssm 'yes' option igmp 'no' root@VA_router:/etc/config1# uci show pimd pimd.pimd=routing pimd.pimd.enabled=yes pimd.@interface[0]=interface pimd.@interface[0].enabled=yes pimd.@interface[0].interface=lan pimd.@interface[0].ssm=yes pimd.@interface[0].igmp=yes pimd.@interface[1]=interface _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 169 of 264...
  • Page 170 Boolean Enable PIM SSM on interface igmp Boolean Enable IGMP on interface To change any of the above values use uci set command _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 170 of 264...

  • Page 171: Dynamic Multipoint Virtual Private Network (Dmvpn)

    New HUBs can be added to the network to improve the performances and reliability. Ability to carry multicast and main routing protocols traffic (RIP, OSPF, • BGP). DMVPN can be deployed using Activator, the Virtual Access automated • provisioning system. Simplifies branch communications by enabling direct branch to branch •...
  • Page 172 When an IPsec tunnel is established, Spoke1 and Spoke2 can send traffic • directly to each other. Scenario 2: Spoke1 is in a private (NAT-ed) network, Spoke2 and hub are in public network _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 172 of 264...

  • Page 173: Configuring Dmvpn Via The Web Interface

    Spokes are sent via the hub. 27.3 Configuring DMVPN via the web interface Before configuring DMVPN, you must first configure a GRE interface. Read the previous section,’GRE interfaces’. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 173 of 264...

  • Page 174: Configuring Ipsec For Dmvpn

    In the top menu click Services -> IPSec. The strongSwan IPSec VPN page appears. Figure 80: The strongSwan IPSec VPN page Click the first Add button. The strongSwan status now shows an Enabled field that is checked. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 174 of 264...
  • Page 175 Table 17: strongSwan IPSec VPN fields and their descriptions In the Unique IDs drop down menu, select Yes. The Connections settings fields appear. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 175 of 264...
  • Page 176 27: Dynamic Multipoint Virtual Private Network (DMVPN) _______________________________________________________________________________________________________ Figure 82: The strongSwan IPSec VPN page _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 176 of 264...
  • Page 177 DHGroup: modp1024, modp1536 modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 aes128- Specifies the esp algorithm to use. Dropdown ESP algorithm sha1, Menu The format is: 3des-sha1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 177 of 264...
  • Page 178 Valid values are none, clear, hold and restart. None Disables dead peer Dropdown DPD Action None detection. Menu Clear Clears down the tunnel if a peer does not respond. Reconnects _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 178 of 264...
  • Page 179 In the DPD Delay field, type a DPD delay value. In the DPD Timeout field, type a relevant value. At the bottom of the Secrets section, click Add. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 179 of 264...

  • Page 180: Dmvpn Hub Settings

    In the top menu, select Network -> DMVPN. The DMVPN page appears. Figure 84: The DMVPN page Under DMVPN General, click Add. The following page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 180 of 264...

  • Page 181: Uci Interface

    UCI interface 27.5.1 IPSec configuration using CLI You can configure IPSec (strongSwan package) through CLI using the UCI command suite. Configuration files are stored at: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 181 of 264...
  • Page 182 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 182 of 264...

  • Page 183: Configuring Dmvpn Using Cli

    'yes' option secrettype 'psk' option secret 'secret' 27.6 Configuring DMVPN using CLI You can configure DMVPN through CLI using the UCI command suite. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 183 of 264...
  • Page 184 'test' uci show dmvpn dmvpn.common=general-settings dmvpn.common.enabled=yes dmvpn.common.ipsec_template_name=DMVPN dmvpn.@interface[0]=interface dmvpn.@interface[0].holding_time=60 dmvpn.@interface[0].gre_interface=GRE dmvpn.@interface[0].gre_endpoint_ip=11.11.11.1 dmvpn.@interface[0].gre_endpoint_mask_length=29 dmvpn.@interface[0].nhs_ip=192.168.100.1 dmvpn.@interface[0].cisco_auth=test To change any of the above values, use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 184 of 264...

  • Page 185: Terminal Server

    28.3.1.1 Main settings Figure 86: The terminal server main settings page In the Main Settings section, click the Enable check box to enable the Terminal Server. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 185 of 264...

  • Page 186: Port Settings

    The Port Settings section is divided into 3 sub-sections: • General Serial • Network • 28.3.1.3 Port settings: general section Figure 87: The General tab fields part 1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 186 of 264...
  • Page 187 Enable HDLC Enables HDLC Pseudowire over UDP Pseudowire over Checkbox Disabled support (based on RFC4618), if set UDP (RFC4618) to 1, also set udpMode 1. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 187 of 264...

  • Page 188: Port Settings: Serial Section

    0=disabled. Table 21: The general fields descriptions 28.3.1.4 Port settings: serial section Figure 89: The serial tab fields part 1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 188 of 264...
  • Page 189 Keep serial port Keep serial port always open (if Checkbox always open option not present, default is 0). RS232 Half Duplex Checkbox 1=half duplex mode; 0=full duplex _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 189 of 264...

  • Page 190: Port Settings: Network Section

    Table 22: The general fields descriptions 28.3.1.5 Port settings: network section Figure 91: The Network tab fields part 1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 190 of 264...
  • Page 191 TCP User timeout value in established state. Set to 0 to use kernel defaults (about 15-20 minutes). TCP nodelay Checkbox Disabled 1=disable TCP nagle algorithm; _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 191 of 264...

  • Page 192: Configuring Terminal Server Using Uci

    1 Following the global section there are four port specific sections. Below is an example configuration with the embedded comments explaining each parameter. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 192 of 264...
  • Page 193 # keep serial port always open (if option not present, default is 0) option tty_always_open 0 # Forwarding timeout in milliseconds (serial to network) option fwd_timeout 30 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 193 of 264...
  • Page 194 # serial flow control mode (0=none, 1=RTS CTS, 2=XONXOFF) option fc_mode 0 # time in milliseconds to start re-connecting after setting DTR low option disc_time_ms 5000 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 194 of 264...
  • Page 195 # Interval in seconds between TCP keep alive probes option tcp_keepalive_interval 5 # Time in seconds to wait for reponse to a TCP keep alive probe option tcp_keepalive_timeout 2 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 195 of 264...
  • Page 196 # 1=use USB serial card. if portmode is x.21 it is used in synchronous mode, if portmode is 'rs232' it is used in asynchronous mode _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 196 of 264...
  • Page 197 0 # Used for USB serial card. Number of bit positions to delay output of the data from detecting clock edge option sync_txdata_dly 0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 197 of 264...
  • Page 198 '1' # when used with V.23 modem driver, (set portmode 'v23') V.23 modem's RTS to CTS delay in milliseconds option v23_rts_to_cts_delay '20' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 198 of 264...
  • Page 199 # Configures serial transmit log size in bytes and enables transmit data logging. 0=disabled option serialTxLogSize 0 # Configures serial receive log size in bytes and enables receive data logging. 0=disabled option serialRxLogSize 0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 199 of 264...
  • Page 200 # Forwarding buffer size (serial to network) option fwd_buffer_size 256 # Receive control characters that cause buffer to be forwarded option rcc_string '' # serial device speed in baud _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 200 of 264...
  • Page 201 # UDP port for UDP mode option udpPort 0 Each Terminal Server port must be associated with a specific serial port device. For example, you can configure port 1 as: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 201 of 264...

  • Page 202: Terminal Server Operation

    If the Terminal Server is running, this command will show the status of each session. If the Terminal Server is not loaded it will return an error. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 202 of 264...

  • Page 203: Stopping Terminal Server

    To stop Terminal Server, enter one of the following: /usr/bin/tserv quit Kill PID. You can obtain the PID by running: ps | grep tser _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 203 of 264...

  • Page 204: Gre Interfaces

    Figure 95: The create interface page Type in the name of the new interface, then in the Protocol of the new interface drop-down list, select GRE. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 204 of 264...
  • Page 205 GRE. Specifies which interface is going Dropdown Local Interface Blank to be linked with the GRE tunnel list interface. Numeric Sets Time-To-Live value on the _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 205 of 264...

  • Page 206: Gre Uci Interface

    '24' option local_interface '3g-wan' option ttl '128' option key '1234' option mtu '1472' ~# uci show network network.tunnel1=interface network.tunnel1.proto=gre network.tunnel1.ipaddr=172.255.255.2 network.tunnel1.mask_length=24 network.tunnel1.local_interface=3g-wan network.tunnel1.ttl=128 network.tunnel1.key=1234 network.tunnel1.mtu=1472 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 206 of 264...
  • Page 207 PDUs value using this interface. Table 25: Config interface fields and their descriptions To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 207 of 264...

  • Page 208: Configuring A Cosem Hdlc Bridge

    The electricity meters are often connected to the communication equipment by a serial port, usually RS485. The COSEM HDLC Bridge is a software function within the Virtual Access equipment that bridges HDLC frames between a TCP connection and a serial port.

  • Page 209: Checking The Status Of Cosem Hdlc Bridge

    If COSEM HDLC Bridge is running, this command will show the status of each session. If the process is not loaded it will return an error. To reset the statistic counters, enter: cosemdcmd clear stats _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 209 of 264...

  • Page 210: Event System

    31: Event system _______________________________________________________________________________________________________ 31 Event system Virtual Access routers feature an event system. The event system allows you to configure the router’s information for efficient control and management of devices. This section explains how the event system works and how to configure it using via UCI.

  • Page 211: Supported Connection Testers

    The configuration is composed of a main section and as many forwardings, targets and connection testers as required. 31.6.1 Main section config va_eventd main option enabled yes option event_queue_file '/tmp/event_buffer' option event_queue_size 128K _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 211 of 264...

  • Page 212: Forwardings

    31.6.3 Connection testers There are two types of connection testers: ping connection tester, and • • link connection tester. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 212 of 264...

  • Page 213: Ping Connection Tester

    A link connection tester tests a connection by checking the status of the interface being used. config conn_tester option name t1 option enabled 1 option type link option link_iface eth0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 213 of 264...

  • Page 214: Supported Targets

    514 is assumed Name of the connection tester to conn_tester String None use for this target Table 33: Event system – syslog target settings description _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 214 of 264...

  • Page 215: Email Target

    Enable starttls support tls_forcessl3 Boolean Force SSLv3 for TLS timeout_sec Time in secs Email send timeout Email from Source email address address Email Destination email address address _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 215 of 264...

  • Page 216: Snmp Target

    Table 35: Event system – snmp target settings description 31.6.4.4 Exec target When an exec target receives an event, it executes a shell command. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 216 of 264...

  • Page 217: Example And Export

    To view the configuration file, enter: uci export va_eventd root@test:~# uci export va_eventd package va_eventd config va_eventd 'main' option enabled 'yes' option event_queue_file '/tmp/event_buffer' option event_queue_size '128K' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 217 of 264...
  • Page 218 'ping' option ping_dest_addr '192.168.100.254' option ping_source 'eth0' option ping_success_duration_sec '10' config conn_tester option name 'smtp_server' option enabled '1' option type 'link' option link_iface 'eth0' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 218 of 264...
  • Page 219 'yes' option type 'snmptrap' option community 'public' option target_addr '192.168.100.254' option agent_addr '192.168.100.1' option conn_tester 'mon_server' config target option name 'logit' option enabled 'yes' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 219 of 264...
  • Page 220 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 220 of 264...
  • Page 221 %{eventName}!!! va_eventd.@target[1].body_template=%{eventName} (%{class}.%{subclass}) happened! va_eventd.@target[1].conn_tester=smtp_server va_eventd.@target[2]=target va_eventd.@target[2].name=snmp va_eventd.@target[2].enabled=yes va_eventd.@target[2].type=snmptrap va_eventd.@target[2].community=public va_eventd.@target[2].target_addr=192.168.100.254 va_eventd.@target[2].agent_addr=192.168.100.1 va_eventd.@target[2].conn_tester=mon_server _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 221 of 264...
  • Page 222 31: Event system _______________________________________________________________________________________________________ va_eventd.@target[3]=target va_eventd.@target[3].name=logit va_eventd.@target[3].enabled=yes va_eventd.@target[3].type=exec va_eventd.@target[3].cmd_template=logger -t eventer %{eventName} _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 222 of 264...

  • Page 223: Configuring Sla Reporting On Monitor

    Introduction This section describes how to configure and view SLA reporting on Monitor, the Virtual Access monitoring system. It also explains how to configure scheduler task that is placed on the router to upload SLA statistics. The Virtual Access Monitor system provides: centralised access to router connectivity status, •...
  • Page 224 Select roll Scope rollup period Year up scope Month Week Hour Minute Second Select Range of scope Year range scope Month Week Hour Minute Second _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 224 of 264...
  • Page 225 When you have entered all the parameters you require, click Add data set. Repeat the process for Avg Connection strength, Avg Packetloss and Avg Latency. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 225 of 264...

  • Page 226: Adding An Sla Report

    When you have configured a content template, you can add an SLA report. In the top menu, click SLA Reporting -> REPORTS. Then click Create. The Add SLA Report page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 226 of 264...
  • Page 227 Content template that report is based on Table 38: Parameters for adding an SLA report The figure below shows an example of a SLA report with two devices. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 227 of 264...

  • Page 228: Viewing An Sla Report

    Select the relevant report in the drop down menu and select a date. Figure 104: The generate SLA report page Click Generate and the report will open. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 228 of 264...

  • Page 229: Viewing Automated Sla Reports

    To view these reports access any router assigned to the report. Select the relevant report. A list of downloadable PDFs appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 229 of 264...

  • Page 230: Configuring Router Upload Protocol

    TFTP Server Address and then enter the TFTP Server Port number to match. Figure 107: The upload protocol parameters _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 230 of 264...

  • Page 231: Configuring Sla For A Router

    _______________________________________________________________________________________________________ 33 Configuring SLA for a router SLA reporting works in two parts: The Virtual Access Monitor system server connects via SSH into the router • and schedules the task of uploading statistics to Monitor. The Virtual Access router monitors UDP keepalive packets. It creates and •...
  • Page 232 Check Enable none Enables SLAD daemon. Roundtrip Specifies the time in milliseconds that a integer None Timeout (ms) packet is not replied before this timeout _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 232 of 264...

  • Page 233: Configuring Sla For A Router Via Uci Interface

    'yes' option roundtrip_timeout_msec '5000' option interface 'lan' option destination_host_ip_address '10.1.1.2' option destination_udp_port '53' option bin_restart_period_msec '3600000' option max_bin_count '73' uci show slad slad.main=slad _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 233 of 264...

  • Page 234: Sla Statistics

    Type the command sla current to show current statistics. Figure 112: Output from the command line sla current Type the command sla newest to show the newest statistics. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 234 of 264...
  • Page 235 33:Configuring SLA for a router _______________________________________________________________________________________________________ Figure 113: Output from the command line sla newest _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 235 of 264...

  • Page 236: Diagnostics

    34.1.2 ADSL PPPoEoA connections To check the status of an ADSL line, in the top menu, select Status -> ADSL Status. The ADSL Status page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 236 of 264...

  • Page 237: Adsl Bridge Connections

    To check the status of an ADSL line, in the top menu, select Status -> ADSL Status. The ADSL Status page appears. Figure 118: The ADSL status page _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 237 of 264...

  • Page 238: All Diagnostics

    RECEIVE STATS rx bytes 566988 rx overruns rx discards V.23 MODE STATS rx bytes tx bytes rx samples tx samples rx carrier on tx carrier on _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 238 of 264...

  • Page 239: Automatic Operator Selection Diagnostics Via The Web Interface

    To check the status of the interface you are currently using, in the top menu, click Status. The Interface Status page appears. Scroll down to the bottom of the page to view Multi-WAN Stats. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 239 of 264...

  • Page 240: Automatic Operator Selection Diagnostics Via Uci

    To check interfaces created in the multi-WAN package, enter: cat /var/const_state/multiwan Figure 122: Output from the command: cat /var/const_stat/multiwan To check interfaces created in the network package, enter: cat /var/const_state/network _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 240 of 264...
  • Page 241 34: Diagnostics _______________________________________________________________________________________________________ To check the status of the interface you are currently using, enter: cat /var/const_state_/mobile Figure 123: Output from the command cat /vat/const_state_/mobile _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 241 of 264...

  • Page 242: Cesopsn Diagnostics

    - clear statistics 34.5.1 cesop show config To show the currently running configuration, enter: root@VA_router:~# cesop show config Main Config ----------- enable nodaemon debug_enabled log_severity schedule_mode _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 242 of 264...
  • Page 243 : ttyLC0 bypass local_loopback rate : 64000 ext_clock fifo_irq_level bit_reverse dte_tt_inv dce_tclk_inv dce_rclk_inv x21_clk_invert x21_data_delay x21_use_vco all_four_wire_mode all_pcm_encoding : alaw all_rx_attenuator_enabled all_rx_analogue_gain_enabled _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 243 of 264...

  • Page 244: Cesop Show Status

    89298337 txLBit txRBit txMBits txTdmPayload [D5][D5]... 34.5.3 cesop show stats To view statistical information about the CESoPSN service, enter cesop show stats. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 244 of 264...

  • Page 245: Cesop Clear Stats

    0 rxTdmLenErrs 0 txTdmLenErrs 0 Clock recovery statistics ------------------------- packetLossCount clockChanges 34.5.4 cesop clear stats To reset the statistical counters, enter cesop clear stats _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 245 of 264...

  • Page 246: Dmvpn Diagnostics

    There are two hub statuses ‘hub’ and ‘dead hub’. Table 39: NBMA peers columns and their descriptions You can check IPSec status using uci commands. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 246 of 264...
  • Page 247 Protocol-Address: 11.11.11.3/32 Flags: up Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 Flags: used up Expires-In: 0:18 Interface: gre-GRE Type: static Protocol-Address: 11.11.11.1/29 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 247 of 264...

  • Page 248: File System Diagnostics

    Normally it is not necessary to store any other files in flash. One exception, for example, is a banner file for logins. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 248 of 264...

  • Page 249: Firewall Diagnostics

    ' wan_interface' option masq '1' option mtu_fix '1' option forward 'ACCEPT' option output 'ACCEPT' option family 'any' option conntrack '0' option input 'ACCEPT' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 249 of 264...
  • Page 250 'ipv4' list icmp_type 'echo-request' config rule option name 'SNMP-trap' option src 'wan_interface' option proto 'udp' option dest_port '162' option target 'ACCEPT' option family 'ipv4' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 250 of 264...
  • Page 251 'Allow-ICMPv6-Forward' option src 'wan_interface' option proto 'icmp' option dest '*' option target 'ACCEPT' option family 'ipv6' option limit '1000/sec' list icmp_type 'echo-request' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 251 of 264...

  • Page 252: Ip Tables

    To see the rules as they are executed, run the fw command with the FW_TRACE environment variable set to 1: root@VA_router:~# FW_TRACE=1 fw reload To direct the output to a file for later inspection, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 252 of 264...

  • Page 253: Gps Diagnostic Commands

    Bcast:192.168.100.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:c8ff:fe12:1215/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6645 errors:0 dropped:0 overruns:0 frame:0 TX packets:523 errors:0 dropped:0 overruns:0 carrier:0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 253 of 264...

  • Page 254: Route Status

    A route will only be displayed in the routing table when the interface is up. 34.10.3 Mobile status To display information and status of mobile interfaces like 4G or CDMA, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 254 of 264...

  • Page 255: Adsl Status

    Rev B mobile.3g_1_1_2.cdma_srvmode_code=5 mobile.3g_1_1_2.cdma_total_drc=0.0 kbps mobile.3g_1_1_2.cdma_carr_cnt=2 mobile.3g_1_1_2.cdma_rx0=78 mobile.3g_1_1_2.sig_dbm=nan mobile.3g_1_1_2.cdma_rx1=105 34.10.4 ADSL status The ADSL chipset has its own subset of commands. root@VA_router:~# /etc/init.d/dsl_control Syntax: /etc/init.d/dsl_control [command] _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 255 of 264...

  • Page 256: Isdn Pseudowire Diagnostics

    To view configuration of the LCR package, enter: root@VA_router:~# uci export lcr package lcr config lcr 'main' option enable '1' list msn '384740' list msn '384741' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 256 of 264...

  • Page 257: Asterisk Cli Diagnostics

    5060 Unmonitored 1 sip peers [Monitored: 0 online, 0 offline Unmonitored: 1 online, 0 offline] To view current call diagnostics when in asterisk CLI, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 257 of 264...

  • Page 258: Isdn Led Status

    Audio channel is up (dial tone or call in progress) ISDN bottom Audio channel is inactive 34.12 IPSec diagnostics Virtual Access routers use the strongSwan package for IPSec. To view IPSEC configuration on the router, enter: root@VA_router:~# uci export strongswan To restart strongSwan, enter: root@VA_router:~# etc/init.d/strongswan restart...

  • Page 259: Multi-Wan Diagnostics

    '0' option ifup_retry_sec '300' option ifup_timeout_sec '40' config interface 'Ethernet' option health_interval '10' option icmp_hosts 'dns' option timeout '3' option health_fail_retries '3' option health_recovery_retries '5' _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 259 of 264...

  • Page 260: Pad Diagnostics

    The modules will write events to the log if they are configured to do so. To see the event that are already logged, type the following at the command prompt: logread. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 260 of 264...

  • Page 261: Debugging Guidelines

    To check if the modules are running, follow the instructions modules running? described in the PAD section. For more details refer to the ‘Terminal Server’ section in this manual. _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 261 of 264...

  • Page 262: Terminal Server Diagnostics

    <Port> [length], Port=port cfg index (0 to 3), length=length to show tserv show debug - show debug info _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 262 of 264...

  • Page 263: Vrrp Diagnostics

    Figure 126: The VRRP status settings 34.16.2 VRRP diagnostics using the command line interface To view VRRP using the CLI interface, SSH into the router and enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 263 of 264...

  • Page 264: Diagnostics For Wifi Ap Mode

    To check for connectivity, in the top menu, select Network -> Interfaces. The WCLIENT interface will show receive and transmit packets and an IP address. Figure 128: The interface overview page showing WClient stats _______________________________________________________________________________________________________ © Virtual Access 2015 GW2020 Series User Manual Issue: 2.3 Page 264 of 264...

This manual is also suitable for:

Gw2024pGw2022Gw2027Gw2028Gw2023Gw2024

Table of Contents