Hide thumbs Also See for GW6600:
Table of Contents

Advertisement

Quick Links

GW6600 User Manual
Issue:
2.3
Date:
08 May 2015

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the GW6600 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for virtual access GW6600

  • Page 1 GW6600 User Manual Issue: Date: 08 May 2015...
  • Page 2: Table Of Contents

    Introduction ....................10 Document scope ..................10 GW6600 Series hardware ................11 Hardware specification ................11 2.1.1 GW6600 Series router model variants ..........11 Hardware features .................. 11 GSM technology ..................11 Power supply ..................12 Dimensions .................... 12 Compliance .................... 12 Operating temperature range ..............
  • Page 3 VLANs UCI interface ................68 11.4.1 config port ..................70 11.4.2 config vlan ..................70 11.4.3 Config nat vlan ................. 70 12 Static routes configuration ................. 71 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 3 of 305...
  • Page 4 Disable roaming ................122 19 Configuring IPSec ..................123 19.1 Common settings .................. 123 19.2 Connection settings ................124 19.3 Shunt connection .................. 128 19.4 Secret settings ..................128 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 4 of 305...
  • Page 5 Basic authentication (httpd.conf) ............153 22.4 Securing uHTTPd .................. 154 22.5 SSH server configuration ............... 154 23 Configuring ADSL ..................155 23.1 What is ADSL technology? ..............155 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 5 of 305...
  • Page 6 27.4.1 ALL status ..................188 27.4.2 ALL statistics .................. 189 27.4.3 ALL wiring ..................189 28 Configuring CESoPSN ................191 28.1 What is CESoPSN? ................191 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 6 of 305...
  • Page 7 PIM and IGMP UCI interface ..............234 33 Dynamic Multipoint Virtual Private Network (DMVPN) ......237 33.1 The advantage of using DMVPN .............. 237 33.2 DMVPN scenarios .................. 237 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 7 of 305...
  • Page 8 Configuring SLA for a router via UCI interface ........... 274 36.3 SLA statistics ..................275 37 Diagnostics ....................277 37.1 ADSL diagnostics .................. 277 37.1.1 ADSL PPPoA connections ..............277 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 8 of 305...
  • Page 9 37.16.2 VRRP diagnostics using the command line interface ......304 37.17 Diagnostics for WiFi AP mode .............. 305 37.18 Diagnostics for WiFi client mode ............305 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 9 of 305...
  • Page 10: Introduction

    1: Introduction _______________________________________________________________________________________________________ 1 Introduction Based on the very latest ADSL2+, WiFi and 3G HSPA+ technology, Virtual Access GW600 Series routers address the needs of today’s businesses for managed resilient broadband connectivity. Point of Sale (POS), retail branch office, security monitoring and other key business applications demand managed connectivity that is cost-effective, high performance and resilient to network outage or last mile circuit failure.
  • Page 11: Gw6600 Series Hardware

    2: GW6600 Series hardware _______________________________________________________________________________________________________ 2 GW6600 Series hardware 2.1 Hardware specification 2.1.1 GW6600 Series router model variants Dual CDMA Analogue ISDN Model ADSL2+ WiFi 3G/HSPA+ 4G/LTE Modem Leased Line Socket GW6610    GW66110W 1   ...
  • Page 12: Power Supply

    0°C to +65°C 2.8 Antenna The GW6600 Series router has four SMA connectors for connection of up to four antennas for antenna diversity. Antenna diversity helps improve the quality of a wireless link by mitigating problems associated with multipath interference.
  • Page 13: Inserting The Sim Cards

    RJ45 (yellow) 1 x lockable SIM cover. 1 x 3G antenna 1 x WiFi antenna Extra antennas Virtual Access supplies a wide range of antennas for 3G and WiFi. Please visit our website: www.virtualaccess.com or contact Virtual Access for more information.
  • Page 14: Connecting The Sim Lock

    Powering up Plug the power cable into an electrical socket suitable for the power supply. The GW6600 takes approximately 2 minutes to boot up. During this time, the power LED flashes. Other LEDs display different diagnostic patterns during boot up.
  • Page 15 2: GW6600 Series hardware _______________________________________________________________________________________________________ Between 20 seconds and 30 seconds Recovery mode. Over 30 seconds Normal reset. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 15 of 305...
  • Page 16: Gw6600 Series Led Behaviour

    3 GW6600 Series LED behaviour 3.1 Main LED behaviour The GW6600 Series router has a single colour LED. When the router is powered on, the LED is green. Figure 1: Example of power and config LED activity: power and config are on The possible LED states are: •...
  • Page 17 3: GW6600 Series LED behaviour _______________________________________________________________________________________________________ None PPP not connected or signal strength <= -113dBm. PPP connected and signal strength <= -89dBm. Signal LEDs PPP connected and signal strength between -89dBm and -69dBm. PPP connected and signal strength >-69dBm. V.92 SYN LED Applies to the Not connected.
  • Page 18: Ethernet Port Led Behaviour

    No data is being transmitted/received over the link. ACT LED (amber) Flashing Data is being transmitted/received over the link. Note: LED descriptions apply to all GW6600 Series models. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 18 of 305...
  • Page 19: Factory Configuration Extraction From Sim Card

    4: Factory configuration extraction from SIM card _______________________________________________________________________________________________________ 4 Factory configuration extraction from SIM card Virtual Access routers have a feature to update the factory configuration from a SIM card. This allows you to change the factory configuration of a router when installing the SIM.
  • Page 20: Accessing The Router

    To access CLI start an SSH client and connect to the router’s 3G or 4G IP interface on port 22: 192.168.100.1/24. Then enter the default username and password. Username: Root Password: Admin _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 20 of 305...
  • Page 21: Upgrading Router Firmware

    6 Upgrading router firmware 6.1 Upgrading firmware using the web interface Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab > Backup/Flash Firmware. Figure 4: The system menu The Flash operations page appears.
  • Page 22 To verify that the router has been upgraded successfully, click Status in the top menu. The Firmware Version shows in the system list. Figure 8: The status page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 22 of 305...
  • Page 23: Upgrading Firmware Using Cli

    To set the next image to boot to the alternative image, enter: vacmd set next image altimage. For your configuration changes to apply, you must reboot your router. Enter: reboot _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 23 of 305...
  • Page 24: File System

    To show the configuration to run after the next reboot, enter: root@VA_router:~# vacmd show next config To set the configuration to run after the next reboot, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 24 of 305...
  • Page 25: Configuration File Syntax

    Also, it is legal to use double instead of single quotes when typing configuration options. All of the examples below are valid syntax: option example value option 'example' value _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 25 of 305...
  • Page 26: Command Line Utility

    [<config>] import [<config>] changes [<config>] commit [<config>] <config> <section-type> add_list <config>.<section>.<option>=<string> show [<config>[.<section>[.<option>]]] <config>.<section>[.<option>] <config>.<section>[.<option>]=<value> delete <config>[.<section[.<option>]] rename <config>.<section>[.<option>]=<name> revert <config>[.<section>[.<option>]] reorder <config>.<section>=<position> _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 26 of 305...
  • Page 27 Table 1: Commands, target and their descriptions Note: all operations do not act directly on the configuration files. A commit command is required after you have finished your configuration. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 27 of 305...
  • Page 28: Command Line Utility Examples

    To show an alternate view of a configuration file, enter uci show: root@VA_router:~# uci show system system.main=system system.main.hostname=VA_router system.main.zonename=Europe/Dublin system.main.timezone=GMT0IST,M3.5.0/1,M10.5.0 system.main.cronloglevel=9 system.main.log_ip=0.0.0.0 system.main.log_port=514 system.ntp=timeserver system.ntp.server=0.openwrt.pool.ntp.org 1.openwrt.pool.ntp.org 2.openwrt.pool.ntp.org 3.openwrt.pool.ntp.org _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 28 of 305...
  • Page 29: Configuration Copying And Deleting

    The firmware upgrade system always downloads firmware to “altimage”. 7.1.6 Viewing files To view a text or configuration file in the system, enter the cat command: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 29 of 305...
  • Page 30: Copying Files

    To remove the contents of a specific folder regardless of the current folder, use: root@VA_router:~# rm –f /etc/config1/* To copy the contents of one folder into another, for example config2 into config1, use: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 30 of 305...
  • Page 31: Editing Files

    7.1.10 System information General information about software and configuration used by the router is displayed just after login or is available if you enter the following commands. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 31 of 305...
  • Page 32 VA_ACTIVEIMAGE: image2 VA_ACTIVECONFIG: config1 VA_IMAGE1VER: VIE-16.00.44 VA_IMAGE2VER: VIE-16.00.44 VA_BLDREV: 91a7f87ed61ca919e78f1c8e3cb840264f4887bb VA_REGION: VA_WEBVER: 00.00.00 VA_HWREV: VA_TOPVER: 16.00.44 Shows the general software and configuration details of the router. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 32 of 305...
  • Page 33: Command Line Interface

    These commands will show the full log, end of the log, paged log and continuously. Use Ctrl-C to stop the continuous output. To view a text or configuration file in the system, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 33 of 305...
  • Page 34 2012 var -> /tmp drwxr-xr-x 4 root root 67 Jul 16 2012 www To change current folder, enter: root@VA_router:/# cd /etc/ppp root@VA_router:/etc/ppp# To view scheduled jobs: root@VA_router:/# crontab –l _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 34 of 305...
  • Page 35: Unified Configuration Interface (Uci)

    The uci command is the preferred way of managing the configuration. Currently, you can directly access files, but this is not guaranteed for the future. A simple example of using the uci utility is shown below. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 35 of 305...
  • Page 36 When there are multiple rules next to each other, UCI uses array-like references for them. If there are 8 NTP servers, UCI will let you reference their sections as _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 36 of 305...
  • Page 37 (don't print error messages) force strict mode (stop on parser errors, default) _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 37 of 305...
  • Page 38 Deletes the given section or option. Renames the given option or section to rename <config>.<section>[.<option>]=<name> the given name. Reverts the given option, section or revert <config>[.<section>[.<option>]] configuration file. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 38 of 305...
  • Page 39: Configuration Files

    In the lines starting with a list keyword, an option with multiple values is defined. All list statements that share the same name, collection in our example, _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 39 of 305...
  • Page 40: Examples

    After changing the port, uhttpd listens on from 80 to 8080 in the file /etc/config/uhttpd, save it. Then enter: root@VA_router:~# uci commit uhttpd then enter: root@VA_router:~# /etc/init.d/uhttpd restart Done. No reboot needed. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 40 of 305...
  • Page 41: Export An Entire Configuration

    [image1|image2|altimage] root@VA_router:~# reboot To retrieve new firmware from Activator, enter: root@VA_router:~# vacmd hdl $$.img altimage root@VA_router:~# vacmd set next image altimage root@VA_router:~# reboot _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 41 of 305...
  • Page 42: Management Configuration Settings

    Activator is a Virtual Access proprietary provisioning system, where specific router configurations and firmware can be stored. Monitor is a Virtual Access proprietary tool, based on SNMP protocol, to monitor wide networks of deployed routers. 9.1 Autoload - boot up activation This section contains the settings that specify how the device should behave with respect to Activation when it boots up.
  • Page 43 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 43 of 305...
  • Page 44: Httpclient - Activator Configuration

    Name Type Required Default Description Enabled boolean Enables the http client. Specifies the IP address of list FileServer integer none Activator that uses http port 80. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 44 of 305...
  • Page 45 A sample httpclient configuration is shown below. root@VA_router:~# uci show httpclient httpclient.default=core httpclient.default.Enabled=yes httpclient.default.FileServer=10.1.83.36:80 10.1.83.37:80 httpclient.default.SecureFileServer=10.1.83.36:443 10.1.83.37:443 httpclient.default.ActivatorDownloadPath=/Activator/Sessionless/Httpserver. httpclient.default.SecureDownload=no httpclient.default.PresentCertificateEnabled=no httpclient.default.ValidateServerCertificateEnabled=no httpclient.default.CertificateFile=/etc/httpclient.crt httpclient.default.CertificateFormat=PEM httpclient.default.CertificateKey=/etc/httpclient.key root@VA_router:~# uci export httpclient _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 45 of 305...
  • Page 46 Defines the IP address of Monitor. It is monitor_ip string (none) possible to specify multiple addresses to which SNMP heartbeat traps will be sent. A sample Monitor configuration is shown below. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 46 of 305...
  • Page 47: System Settings

    You can set your system setting options in the system section. To configure the router’s hostname, in the top menu, select System -> system. The System page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 47 of 305...
  • Page 48 Klogconloglevel integer console. Only messages with a level lower than this will be printed to the console. Identical to _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 48 of 305...
  • Page 49 If the list is empty, the built in hostnames NTP daemon is not started. A sample system configuration is shown below. root@VA_router:~# uci show system system.main=system system.main.hostname=VA_router system.main.timezone=UTC system.main.log_ip=10.1.83.36 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 49 of 305...
  • Page 50: User Management

    Specifies PAP access permissions Papuser Boolean for the PPP connection. Specifies SRP access permissions srpuser Boolean for the PPP connection. smsuser Boolean Specifies SMS access permissions _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 50 of 305...
  • Page 51 Note: when a new user is created on the system and given web access, they will no longer be able to login to the router web interface with the default root user details. The user must use the new login details. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 51 of 305...
  • Page 52: Uci Export And Uci Show Commands

    '0' option linuxuser 'no' option srphash '0:2de6Dk6D4tFo8oVfb2iuY6aRj2cAoPeo2DAdCRcReBUc.9Px56rNmamtaBx7BiQIzNisYFJF VdhH6H0Z/Ys9RzU1SJrMVpmQZkJwqlB1tA.F7O.tf1VkGnXyiTLSCN68iJ.SltDDqeOprmLo/IW 9Ub7.qop44Ml3g6S5QJxpu.N5sLzpSvER.kAFNPR/DmK9D/.3SQzTtEZNYypmkgP9O2ihw/4uDU NIFGMzd3dBs0VdF1AaFWNNqpAx7qP1JC4R5KeM/iGdo7lmKFyOTkvTIZbhXnWTRrQD5Q6nQv.UX QrUmM4t3ztabT3gN.dibG3kNpMWl/DMLMBSghkXu7QosC:1uPbR5BbICQJFx' root@VA_router:~# uci show management_users management_users.@user[0]=user management_users.@user[0].enabled=1 management_users.@user[0].username=test management_users.@user[0].webuser=yes management_users.@user[0].linuxuser=yes management_users.@user[1]=user management_users.@user[1].enabled=1 management_users.@user[1].username=srptest management_users.@user[1].srpuser=1 management_users.@user[1].chapuser=0 management_users.@user[1].webuser=0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 52 of 305...
  • Page 53: Interfaces Configuration

    A minimal interface declaration consists of the following lines: root@VA_router:~# uci show network.wan network.wan=interface network.wan.proto=dhcp network.wan.ifname='eth0.1' config 'interface' 'wan' option 'proto' 'dhcp' option 'ifname' 'eth0.1' Wan is a unique logical interface name. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 53 of 305...
  • Page 54: Options Valid For All Protocol Types

    1 for Specifies whether to send Router protocol Solicitations on this interface. static, else monitored Boolean Specifies whether to send Interface status to Monitor. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 54 of 305...
  • Page 55: Protocol "Static

    Protocol "3g" (PPP over EV-DO, CDMA, UMTS or GRPS) Name Type Required Default Description Specifies the modem device node device file path (none) /dev/ttyACM0. service string umts Specifies the 3G service type: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 55 of 305...
  • Page 56: Protocol "L2Tp" (Layer 2 Tunneling Protocol)

    Alias sections also allow combinations like DHCP on the main interface and a static IPv6 address in the alias, for example to deploy IPv6 on WAN while _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 56 of 305...
  • Page 57 (none) IPv6 address (CIDR notation). is set ip6gw ipv6 address (none) IPv6 default gateway. list of ip (none) DNS server(s) _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 57 of 305...
  • Page 58 2: attach to layer 2 interface (br-* if parent is bridge else fallback to layer 1). 1: attach to layer 1 interface (eth*, wlan*). *any interface number, i.e 1, 2. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 58 of 305...
  • Page 59: Dhcp Server And Dns Configuration

    These are the default settings for the common options: root@VA_router:~# uci show dhcp dhcp.@dnsmasq[0]=dnsmasq dhcp.@dnsmasq[0].domainneeded=1 dhcp.@dnsmasq[0].boguspriv=1 dhcp.@dnsmasq[0].filterwin2k=0 dhcp.@dnsmasq[0].localise_queries=1 dhcp.@dnsmasq[0].rebind_protection=1 dhcp.@dnsmasq[0].rebind_localhost=1 dhcp.@dnsmasq[0].local=/lan/ dhcp.@dnsmasq[0].domain=lan dhcp.@dnsmasq[0].expandhosts=1 dhcp.@dnsmasq[0].nonegcache=0 dhcp.@dnsmasq[0].authoritative=1 dhcp.@dnsmasq[0].readethers=1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 59 of 305...
  • Page 60 DHCP leasing. Used if this is the only server in the network. Rejects reverse lookups to Boguspriv boolean private IP ranges where no corresponding entry exists in _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 60 of 305...
  • Page 61 Specifies a list of interfaces to (all list of interface listen on. If unspecified, interface interfaces names dnsmasq will listen to all interfaces except those listed in _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 61 of 305...
  • Page 62 (none) Specifies the TFTP root directory. Enables DNS rebind attack rebind_protection boolean protection by discarding upstream RFC1918 responses. rebind_localhost boolean Allows upstream 127.0.0.0/8 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 62 of 305...
  • Page 63: Dhcp Pools

    150 is the maximum number of addresses that may be leased, in the default configuration 192.168.1.250. 12h specifies the time to live for handed out leases, twelve hours in the example below. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 63 of 305...
  • Page 64 Assigns a network-id (value of to all clients that networkid string interface) obtain an IP address from this pool. Specifies the offset start integer from the network _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 64 of 305...
  • Page 65: Static Leases

    Specifies the IP address to be used for this string (none) host. string (none) Specifies the hardware address of this host. name string (none) Sets the optional hostname to assign. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 65 of 305...
  • Page 66: Vlan Configuration

    VLAN definition Use the VLAN definition section to define VLANs and assign them with VLAN ID, name and required network configurations. Figure 11: The VLAN definition section _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 66 of 305...
  • Page 67: Port Description

    You must use VLAN ID to value/text specify which VLANs or ‘all’ to configure a port as trunk interface. Table 6: The port description fields and their descriptions _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 67 of 305...
  • Page 68: Vlans Uci Interface

    '1' config port option port 'B' option vlans '2' config port option port 'C' option trunk 'yes' option vlans 'all' config nat_vlan 'nat_vlan' option nat_vlanid '1' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 68 of 305...
  • Page 69 Modify these settings by running uci set <parameter> command. The following tables describe the UCI parameters for each section. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 69 of 305...
  • Page 70: Config Port

    11.4.3 Config nat vlan Name Type Required Default Description VLAN ID number. Defines VLAN Numeric Nat vlanid Blank that will be sent across the trunk value untag _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 70 of 305...
  • Page 71: Static Routes Configuration

    Network gateway. If omitted, the gateway Gateway ip address (none) from the parent interface is taken. If set to 0.0.0.0 no gateway will be specified for the _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 71 of 305...
  • Page 72: Ipv6 Routes

    (none) gateway from the parent interface is taken. metric number Specifies the route metric to use. interface number Defines a specific MTU for this route. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 72 of 305...
  • Page 73 Tells dropbear to listen only Interface string (none) on the specified interface. SSH-2.0- Sets alternative name that Identity string dropbear_2013.60 appears for dropbear version _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 73 of 305...
  • Page 74: Bgp (Border Gateway Protocol)

    Figure 14: BGP global settings page Name Type Required Default Description Check BGP Enabled Unchecked Enables BGP protocol. Router ID Integer None Sets Unique Router ID in format 4 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 74 of 305...
  • Page 75: Optionally Configure Bgp Route Map

    Match Type Dropdown IP address Available options are: Menu IP Address, IP Next-Hop, AS-Path, Route Metric, BGP Community Match Value None Format depends on Match Type. In _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 75 of 305...
  • Page 76: Configure Bgp Neighbours

    Click Save & Apply. 13.4 Routes statistics To view routes statistics, in the top menu click Status -> Routes. The routing table appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 76 of 305...
  • Page 77: Bgp Uci Interface

    You can also configure BGP UCI through CLI using the UCI command suite. The configuration file is stored at: /etc/config/bgpd To view the configuration file, use the commands: uci export bgpd uci show bgpd _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 77 of 305...
  • Page 78 '192.168.101.1/32' option set_type 'ip next-hop' option set '150' root@VA_router:~# uci show bgpd bgpd.bgpd=routing bgpd.bgpd.enabled=yes bgpd.bgpd.router_id=3.3.3.3 bgpd.bgpd.asn=1 bgpd.bgpd.network=11.11.11.0/29 192.168.103.1/32 bgpd.@peer[0]=peer bgpd.@peer[0].route_map_in=yes bgpd.@peer[0].ipaddr=11.11.11.1 bgpd.@peer[0].asn=1 bgpd.@peer[0].route_map=ROUTEMAP bgpd.ROUTEMAP=routemap bgpd.ROUTEMAP.order=10 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 78 of 305...
  • Page 79 13: BGP (Border Gateway Protocol) _______________________________________________________________________________________________________ bgpd.ROUTEMAP.permit=yes bgpd.ROUTEMAP.match_type=ip address bgpd.ROUTEMAP.match=192.168.101.1/32 bgpd.ROUTEMAP.set_type=ip next-hop bgpd.ROUTEMAP.set=150 To change any of the above values use uci set command _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 79 of 305...
  • Page 80: Configuring Wifi

    14: Configuring WiFi _______________________________________________________________________________________________________ 14 Configuring WiFi This section explains how to configure WiFi on a Virtual Access router using the web interface or via UCI. 14.1 Configuring WiFi through the web interface WiFi can act as an Access Point (AP) to another device in the network or it can act as a client to an existing AP.
  • Page 81 Selects the interface for WiFi. Scroll to the bottom of the page and click Save. In the top menu, select Network -> WiFi. The Wireless Overview page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 81 of 305...
  • Page 82: Setup Tab

    1-11 menu Drop Available range 0 dBm(1 Transmit Power down 17 dBm (50 mW) mW) – 17dBm(50 mW) menu Scroll down to the Interface Configuration section. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 82 of 305...
  • Page 83 Identification. The name of the menu wireless local area network Drop Access Mode down Selects Access Point mode. Point menu Click Save. Select the Wireless Security tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 83 of 305...
  • Page 84: Configuring Wifi In Ap Mode On A New Interface

    In the top menu, select Network -> Wifi. The Wireless Overview page appears. Figure 25: The wireless overview page Click Add to create a new WiFi interface. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 84 of 305...
  • Page 85 Transmit Power down 17 dBm (50 mW) mW) – 17dBm(50 mW) menu In the Interface Configuration section, make sure you have selected the General Setup tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 85 of 305...
  • Page 86 Blank Identification. The name of the menu wireless local area network Drop Access Mode down Selects Access Point mode. Point menu Select the Wireless Security tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 86 of 305...
  • Page 87 Click Edit on the newly created interface. Ensure you have selected the General Setup tab. In the Protocol drop down menu, select Static Address. A ‘Switch Protocol’ button appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 87 of 305...
  • Page 88 Drop Static Protocol down Address menu Numeric IP address assigned to this IPv4 address Value interface Numeric IP netmask assigned to this IPv4 netmask interface Value _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 88 of 305...
  • Page 89: Configuring Wifi In Client Mode

    In the top menu, select Network ->Wifi. The Wireless Overview page appears. Figure 32: The wireless overview page Click Add to create a new WiFi Client interface. The Wireless Network page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 89 of 305...
  • Page 90 Transmit Power down 17 dBm (50 mW) mW) – 17dBm(50 mW) menu In the Interface Configuration section, make sure you have selected the General Setup tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 90 of 305...
  • Page 91 ESSID down Blank Identification. The name of the menu wireless local area network Drop Access Mode down Selects mode. Point menu Select the Wireless Security tab. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 91 of 305...
  • Page 92 In the top menu, select Network -> Interfaces. The Interfaces Overview page appears. Figure 35: The interface overview page showing the newly created interface Click Edit on the newly created interface. The Interfaces - WCLIENT page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 92 of 305...
  • Page 93: Configuring Wifi Via Uci

    14.5.1 Configuring Wi-Fi in AP mode on an existing Ethernet interface The configuration files are stored on: Network file /etc/config/network • • Wireless file /etc/config/wireless To view the configuration file, use the command: uci export network _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 93 of 305...
  • Page 94 'US' config wifi-iface option device 'radio0' option mode 'ap' option disabled '1' option ssid 'Test_AP' option network 'lan' option encryption 'psk' option key 'secretkey' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 94 of 305...
  • Page 95: Configuring Wifi On A New Interface

    14.5.2 Configuring WiFI on a new interface uci export network package network config interface 'newlan' option proto 'static' option ipaddr '192.168.111.1' option netmask '255.255.255.0' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 95 of 305...
  • Page 96 'newlan' option encryption 'psk' option key 'secretkey' To view UCI commands, enter: uci show network network.newlan=interface network.newlan.proto=static network.newlan.ipaddr=192.168.111.1 network.newlan.netmask=255.255.255.0 uci show wireless wireless.radio0=wifi-device wireless.radio0.type=mac80211 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 96 of 305...
  • Page 97: Configuring Wifi In Client Mode

    'mac80211' option channel '11' option phy 'phy0' option hwmode '11ng' option htmode 'HT20' list ht_capab 'SHORT-GI-40' list ht_capab 'TX-STBC' list ht_capab 'RX-STBC1' list ht_capab 'DSSS_CCK-40' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 97 of 305...
  • Page 98 TX-STBC RX-STBC1 DSSS_CCK-40 wireless.radio0.txpower=17 wireless.radio0.country=US wireless.@wifi-iface[0]=wifi-iface wireless.@wifi-iface[0].device=radio0 wireless.@wifi-iface[0].ssid=Remote-AP wireless.@wifi-iface[0].mode=sta wireless.@wifi-iface[0].network=WCLIENT wireless.@wifi-iface[0].encryption=psk2 wireless.@wifi-iface[0].key=testtest _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 98 of 305...
  • Page 99: Configuring A 3G/4G Connection

    The Interfaces Overview page appears. Figure 38: The interfaces overview page. Click Edit on WAN or LAN to make your changes. For WAN connectivity, the Common Configuration page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 99 of 305...
  • Page 100: Settings Tab

    To check for connectivity, return to the top menu, and under Network -> Interfaces, the WAN interface will show receive and transmit packets and an IP address. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 100 of 305...
  • Page 101 15: Configuring a 3G/4G connection _______________________________________________________________________________________________________ Figure 40: The interfaces overview page To view 3G/4G connectivity information, browse to Status -> 3G Stats. Figure 41: The 3G information page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 101 of 305...
  • Page 102: Configuring Sms

    In the Callers section, click Add to add caller numbers. Add in specific caller numbers or use the wildcard symbol * as shown below. Click Enable. Select Respond if you want the router to reply. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 102 of 305...
  • Page 103: Monitoring Sms

    You can send an outgoing message via the command line using the following syntax. sendsms 353872243909 ‘hello’ Figure 45: Output from the syntax sendsms 353872243909 ‘hello _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 103 of 305...
  • Page 104: Configuring Multi-Wan

    - > interfaces or alternatively, run: cat/etc/config/network through CLI. Enter the name of the WAN interface to configure, and then click Add. The new section for configuring specific parameters will appear. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 104 of 305...
  • Page 105 DNS servers by default. ICMP Host(s) list/IP address Configure to any address. Health Monitor Dropdown list 3 secs Sets Ping timeout in seconds. ICMP Timeout _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 105 of 305...
  • Page 106 You can also set up traffic rules, to forward specific traffic out of the right WAN interface, based on source, destination address, protocol or port. This is useful to force traffic on specific interfaces when using multiple WAN interfaces simultaneously. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 106 of 305...
  • Page 107: Multi-Wan Uci Interface

    '3' option health_recovery_retries '5' option priority '2' option manage_state 'yes' option exclusive_group '3g' option ifup_retry_sec '36000' option icmp_hosts 'disable' option signal_threshold '-111' option rscp_threshold '-90' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 107 of 305...
  • Page 108 Disables the Multi-WAN interface. Configures weight for load-balancing. Not Weight relevant when two SIM cards are being used. Sets the period to check health status of Health interval interface. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 108 of 305...
  • Page 109 3G (dBm) before considering the interface as fail. ECIO Threshold Specifies the minimum ECIO signal strength for 3G (dBm) before considering the interface as fail. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 109 of 305...
  • Page 110: Automatic Operator Selection

    Introduction to automatic operator selection This section describes how to configure and operate the Automatic Operator Selection feature of a Virtual Access router. When the roaming SIM is connected, the 3G module has the ability to scan available 3G networks. The router, using mobile and multi-WAN packages, finds available networks to create and sort interfaces according to their signal strength.
  • Page 111: Creating Primary Predefined Interface

    Type in the name of the interface in Name of the new interface field. Type the Interface Name in following format: 3g_s<sim-number>_<short- operator-name>. Where <sim-number> is number of roaming SIM (1 or 2) _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 111 of 305...
  • Page 112 Operator Numeric value None SIM Card’s PIN number PAP/CHAP String None Username used to connect to username PAP/CHAP String None Password used to connect to password _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 112 of 305...
  • Page 113: Setting Multi-Wan Options For Primary Predefined Interface

    Mode In the WAN Interfaces section, type in the name of the Multi-WAN Interface. Note: this name should match the name specified in the previous section. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 113 of 305...
  • Page 114 ‘Setting options for Automatically Created interfaces’ section below. Ensure you have selected the Manage Interface State (Up/Down) option. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 114 of 305...
  • Page 115: Setting Options For Automatically Created Interfaces

    18.3.1.3 Setting options for automatically created interfaces From the top menu on the web interface page, select Services ->Mobile Manager. The Mobile Manager page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 115 of 305...
  • Page 116 Figure 55: The mobile manager page Under Basic Settings, click Add. The Basic settings for Mobile Manager page appears. Figure 56: Basic settings field in the mobile manager page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 116 of 305...
  • Page 117 (when 0) or from two SIMs (1) Under Roaming Template Interface click Add. The Roaming Interface Template page appears. Figure 57: The roaming interface template page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 117 of 305...
  • Page 118 None Sets SIM card PIN number. PAP/CHAP String None Sets username username used to connect to APN. PAP/CHAP String None Sets password password used to connect _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 118 of 305...
  • Page 119 When you have configured your settings, click Save & Apply. In the top menu, select System -> Reboot. The System page appears. Figure 58: The reboot page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 119 of 305...
  • Page 120: Pmp + Roaming: Pre-Empt Disabled

    In the top menu, select System -> Reboot. The System Reboot page appears. Figure 60: The system reboot page Check the Reboot now check box and then click Reboot. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 120 of 305...
  • Page 121: Roaming: No Pmp Defined

    From the top menu, select Network -> Multi-Wan. The Multi-WAN page appears. Figure 61: The multi-WAN page Scroll to the WAN Interfaces section, and click Delete to delete predefined Interface. Click Save & Apply. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 121 of 305...
  • Page 122: Disable Roaming

    '2' option apn ‘foobar’ option username 'root' option password 'admin' option operator 'foobar’ root@VA_router:/etc/config1# Apply the ‘operator’ option to both interfaces where both SIMs are used. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 122 of 305...
  • Page 123: Configuring Ipsec

    ID. Uniqueids boolean Participant IDs normally are unique, so a new (automatically-keyed) connection using the same ID is almost invariably intended to replace an old one. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 123 of 305...
  • Page 124: Connection Settings

    Sets the Subnet of remote LAN. Specifies the IKE algorithm to use. The format is: string encAlgo-authAlgo-DHGroup encAlgo: 3des, aes, serpent, twofish, blowfish aes128-sha1- authAlgo: md5, sha, sha2 modp2048,3des- _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 124 of 305...
  • Page 125 (see rekeymargin). Syntax: timespec: 1d, 2h, 25m, 10s. Specifies how long before rekeymargin string connection expiry or keying- channel expiry should attempt to _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 125 of 305...
  • Page 126 150s dpdtimeout string inactivity. Syntax: timespec: 1d, 2h, 25m, 10s. A typical tunnel configuration is shown below. Strongswan.@connection[0]=connection Strongswan.@connection[0].type=tunnel Strongswan.@connection[0].name=test Strongswan.@connection[0].waniface=wan Strongswan.@connection[0].localid=10.1.1.1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 126 of 305...
  • Page 127 'remotelanmask' "255.255.255.0" option 'ike' "3des-md5-modp1024" option 'esp' "3des-md5" option 'auto' 'start' option 'ikelifetime' "8h" option 'keylife' "1h" option 'rekeymargin' "9m" option 'keyingtries' "3" option 'dpdaction' "hold" _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 127 of 305...
  • Page 128: Shunt Connection

    VPN IPSec policy. 19.4 Secret settings Each tunnel also requires settings for how the local end point of the tunnel proves its identity to the remote end point. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 128 of 305...
  • Page 129 ‘Connection Settings’, is shown below: Strongswan.@secret[0]=secret Strongswan.@secret[0].enabled=yes Strongswan.@secret[0].localaddress=10.1.1.1 Strongswan.@secret[0].remoteaddress=10.2.2.2 Strongswan.@secret[0].secrettype=psk Strongswan.@secret[0].secret=secret config 'secret' option 'enabled' "yes" option 'localaddress' "10.1.1.1" option 'remoteaddress' "10.2.2.2" option 'secrettype' 'psk' option 'secret' "secret" _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 129 of 305...
  • Page 130 'yes' option idtype 'userfqdn' option userfqdn 'testxauth' option remoteaddress '10.2.2.2' option secret 'xauth' option secrettype 'XAUTH' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 130 of 305...
  • Page 131: Configuring Firewall

    The options below are defined within zone sections: Name Type Required Default Description zone name (none) Sets the unique zone name. name network list (none) Defines a list of interfaces attached to this _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 131 of 305...
  • Page 132: Forwarding Sections

    Specifies the traffic destination zone, must dest (none) name refer to one of the defined zone names. Defines protocol family (ipv4, ipv6 or any) to family string generate iptables rules for. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 132 of 305...
  • Page 133: Redirects

    Protocol family (ipv4, ipv6 or any) to family string generate iptables rules for. Disables NAT reflection for this redirect if set reflection boolean to 0 - applicable to DNAT targets. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 133 of 305...
  • Page 134: Rules

    Firewall action (ACCEPT, REJECT, DROP) for target string DROP matched traffic. Protocol family (ipv4, ipv6 or any) to family string generate iptables rules for. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 134 of 305...
  • Page 135: Includes

    IPv6 only rule: config rule option src wan option src_ip fdca:f00:ba3::/64 option target ACCEPT Similarly, such a rule is automatically treated as IPv4 only. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 135 of 305...
  • Page 136: Implications Of Drop Vs. Reject

    (like the IP at which traffic was actually blocked) • client software can recover faster from rejected connection attempts • network debugging easier (routing and firewall issues clearly • distinguishable) _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 136 of 305...
  • Page 137: Note On Connection Tracking

    This example enables machines on the Internet to use SSH to access your router. 20.10.2 Forwarding ports (destination NAT/DNAT) This example forwards http, but not HTTPS, traffic to the web server running on 192.168.1.10: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 137 of 305...
  • Page 138: Source Nat (Snat)

    Internet, but allows it to access a few services by manually forwarding what appear to be a few local services; for example, NTP to the Internet. While DNAT _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 138 of 305...
  • Page 139: True Destination Port Forwarding

    20.10.7 Block access to the internet for specific IP on certain times The following rule blocks all connection attempts to the internet from 192.168.1.27 on weekdays between 21:00pm and 09:00am. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 139 of 305...
  • Page 140: Restricted Forwarding Rule

    192.168.1.100 listening on port 3128. It assumes the router LAN address to be 192.168.1.1 - this is needed to masquerade redirected traffic towards the proxy. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 140 of 305...
  • Page 141: Simple Dmz Rule

    IPSec passthrough This example enables proper forwarding of IPSec traffic through the WAN. # AH protocol config rule option src option dest option proto option target ACCEPT _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 141 of 305...
  • Page 142: Manual Iptables Rules

    Executing the following command will flush all rules and set the policies to ACCEPT on all standard chains: root@VA_router:/# /etc/init.d/firewall stop To manually start the firewall, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 142 of 305...
  • Page 143: Debug Generated Rule Set

    1 (one): root@VA_router:/# FW_TRACE=1 fw reload To direct the output to a file for later inspection, enter: root@VA_router:/# FW_TRACE=1 fw reload 2>/tmp/iptables.lo _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 143 of 305...
  • Page 144: Configuring Snmp

    Another sample agent configuration shown below causes the agent to listen on udp port 161, tcp port 161 and udp port 9161 on only the interface associated with the localhost address. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 144 of 305...
  • Page 145: System

    The following sample specifies that a request from any source using “public” as the community string will be dealt with using the security name “ro”. However, _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 145 of 305...
  • Page 146 “private” group. config 'group' 'public_v1' option group 'public' option version 'v1' option secname 'ro' config 'group' 'public_v2c' option group 'public' option version 'v2c' option secname 'ro' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 146 of 305...
  • Page 147 1: is everything string .iso.org.dod.Internet.mgmt.mib-2: mib2 Any other valid oid The following example defines two views, one for the entire system and another for only mib2. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 147 of 305...
  • Page 148: Access

    “all” view and the “private” group being granted read and write access on the “all” view. config 'access' 'public_access' option group 'public' option context 'none' option version 'any' option level 'noauth' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 148 of 305...
  • Page 149: Snmp Traps

    # for SNMPv2c inform request receiver config informreceiver option host 'IPADDR[:PORT]' option community 'COMMUNITY STRING' An additional option was added to the 'agent' subsection: option authtrapenabled '0|1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 149 of 305...
  • Page 150: Configuring Http Server

    /cgi-bin support is disabled if this option is missing. Defines the prefix for dispatching lua_prefix string (none) requests to the embedded Lua interpreter, relative to the _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 150 of 305...
  • Page 151 Multiple sections of the type uhttpd may exist - the init script will launch one webserver instance per section. A standard uhttpd configuration is shown below. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 151 of 305...
  • Page 152: Https Certificate Settings And Creation

    1024 Size of the generated RSA key in bits. country string ISO country code of the certificate issuer. state string Berlin State of the certificate issuer. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 152 of 305...
  • Page 153: Basic Authentication (Httpd.conf)

    The password can be either in plain text format, MD5 encoded or in the form $p$user where the user refers to an account in /etc/shadow or /etc/passwd. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 153 of 305...
  • Page 154: Securing Uhttpd

    A sample SSH Server configuration is shown below. root@VA_router:~# uci show dropbear dropbear.@dropbear[0]=dropbear dropbear.@dropbear[0].PasswordAuth=on dropbear.@dropbear[0].RootPasswordAuth=on dropbear.@dropbear[0].Port=22 root@VA_router:~# uci export dropbear package 'dropbear' config 'dropbear' option 'PasswordAuth' 'on' option 'RootPasswordAuth' 'on' option 'Port' '22' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 154 of 305...
  • Page 155: Configuring Adsl

    If you select the Routed PPP service, you can run the PPP over ATM (PPPoA) or over Ethernet (PPPOE). The following diagrams illustrate the topology of these connections. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 155 of 305...
  • Page 156: Configuring Adsl Ppp Connection Via The Web Interface

    In your Internet browser, type in the local IP address of a router, for example, the default IP address 192.168.100.1 and press enter. The Authorization page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 156 of 305...
  • Page 157: Configuring An Adsl Pppoa Connection

    From the top menu select Network -> Interfaces. The Interface Overview page appears. Figure 65: The interfaces overview page Click Add new interface….The Create Interface page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 157 of 305...
  • Page 158 From the PPPoA Encapsulation drop-down menu, select VC-Mux or LLC. In the ATM device number field, leave the default value as 0. In the Virtual Channel Identifier field, type the VCI number. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 158 of 305...
  • Page 159: Configuring An Adsl Pppoeoa Connection

    From the top menu select Network -> Interfaces. The Interfaces Overview page appears. Figure 69: The interfaces overview page Scroll down to the bottom of the page until you see the ATM Bridges section. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 159 of 305...
  • Page 160 Select the Advanced Settings tab. The ATM Bridges page appears. Figure 72: The ATM bridges advanced settings tab Leave the default ATM device number and the Bridge unit number set to 0. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 160 of 305...
  • Page 161 In the PAP/CHAP username field, type the CHAP username. In the PAP/CHAP password field, type the password. Optionally in Access Concentrator field, type the AC name. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 161 of 305...
  • Page 162: Configuring An Adsl Bridge Connection With Static Ip

    From the top menu select Network -> Interfaces. The Interfaces Overview page appears. Figure 76: The interfaces overview page Scroll down to the bottom of the page until you see the ATM Bridges section. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 162 of 305...
  • Page 163 Select the Advanced Settings tab. The ATM Bridges page appears. Figure 79: The ATM bridges advanced settings tab Leave the default ATM device number and the Bridge unit number set to 0. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 163 of 305...
  • Page 164 Click Submit. The Interfaces – [name of new interface] page appears. Figure 81: Part of new interface configuration page In the IPv4 address field, type the IP address. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 164 of 305...
  • Page 165: Configuring Adsl Via Uci

    Enabled 'yes' config interface 'ADSL' option proto 'pppoa' option encaps 'vc' option atmdev '0' option vci '35' option vpi '0' option username 'test5@pppoa.com' option password 'test5' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 165 of 305...
  • Page 166: Configuring An Adsl Pppoeoa Connection Via Uci

    'nas0' option username 'test5@pppoe.com' option password 'test5' option ac 'test' option service 'test' option defaultroute '0' config atm-bridge option unit '0' option atmdev '0' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 166 of 305...
  • Page 167 Network file /etc/config/network To view the configuration file, type the command: uci export network config adsl-device 'adsl' option fwannex 'a' option annex 'a' option enabled 'yes' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 167 of 305...
  • Page 168 '255.255.255.192' to view uci commands, type: uci show network network.adsl.fwannex=a network.adsl.annex=a network.adsl.enabled=yes network.@atm-bridge[0]=atm-bridge network.@atm-bridge[0].unit=0 network.@atm-bridge[0].atmdev=0 network.@atm-bridge[0].payload=bridged network.@atm-bridge[0].vpi=8 network.@atm-bridge[0].vci=39 network.@atm-bridge[0].encaps=llc network.Management=interface network.Management.proto=static network.Management.ifname=nas0 network.Management.monitored=0 network.Management.ipaddr= 10.33.4.7 network.Management.netmask=255.255.255.192 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 168 of 305...
  • Page 169: Virtual Router Redundancy Protocol (Vrrp)

    To check which software your router is running, SSH to a router and the following information is shown. Figure 83: Example output after accessing the router via SSH _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 169 of 305...
  • Page 170: Vrrp Web Interface

    VRRP web interface To configure VRRP through the web interface, in the top menu, select Network - > VRRP. The VRRP page appears. Figure 86: The VRRP page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 170 of 305...
  • Page 171 Globally enables VRRP on the router. Under the VRRP Group Configuration title, click Add. Figure 88: The VRRP group configuration section Check the Group enabled option check box. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 171 of 305...
  • Page 172 Sets the virtual IP address and mask in Virtual IP String Blank prefix format. For example, ’11.1.1.99/24’. All co-operating VRRP _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 172 of 305...
  • Page 173: Configuring Vrrp Using Uci

    'lan' option init_state 'BACKUP' option router_id '1' option priority '115' option advert_int_sec '2' option password 'secret' option virtual_ipaddr '10.1.10.150/16' option garp_delay_sec '5' option ipsec_connection 'Test' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 173 of 305...
  • Page 174 Blank down/up when VRRP entering BACKUP/MASTER state Table 2: Config interface fields and their descriptions To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 174 of 305...
  • Page 175: Dial Modem

    25: Dial modem _______________________________________________________________________________________________________ 25 Dial modem Virtual Access GW6630 Series routers are optionally fitted with a V.90 modem. The table below shows standards that are supported. Data modem V.90 V.34 V.32bis V.32 V.29 V.22bis V.22 V.22 Fast Connect V.23 V.21...
  • Page 176: Configuring The Modem As A Dial Out Interface Via Uci Interface

    'test' option password 'test1' option number '1234' To view UCI commands, use the following commands: uci show network network.dialout5=interface network.dialout5.proto=ppp network.dialout5.auto=0 network.dialout5.device=/dev/ttyCX0 network.dialout5.noipdefault=1 network.dialout5.peerdns=0 network.dialout5.nopersist=1 network.dialout5.defaultroute=0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 176 of 305...
  • Page 177: Configuring The Modem As A Dial In Interface Via Uci

    '"" ATA CONNECT 38400' option data_only '1' option rings '1' option speed '9600' option debug '9' To view the configuration files, enter: uci show mgetty mgetty.main=mgetty _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 177 of 305...
  • Page 178: Dial In Interface Settings

    '172.168.101.1' option noipdefault '1' option defaultroute '0' option remote_auth_options 'require_eap' To view the configuration files, enter: uci show network network.dialin=interface network.dialin.proto=ppp network.dialin.auto=0 network.dialin.peerdns=1 network.dialin.remote_ipaddr=172.168.101.2 network.dialin.local_ipaddr=172.168.101.1 network.dialin.noipdefault=1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 178 of 305...
  • Page 179: Management User Settings

    '0' option smsuser '0' option linuxuser '0' To view the configuration files, enter: uci show managment_users managment_users.@user[0]=user managment_users.@user[0].enabled=1 managment_users.@user[0].username=test managment_users.@user[0].password=test managment_users.@user[0].srpuser=1 managment_users.@user[0].chapuser=0 managment_users.@user[0].webuser=0 managment_users.@user[0].smsuser=0 managment_users.@user[0].linuxuser=0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 179 of 305...
  • Page 180: Isdn Pseudowire

    Note: success of the pseudowire relies on the network’s ability to transfer the data without loss between the Virtual Access router and the provider. IP packet loss will result in momentary corruption of data, typically around 20 milliseconds in length.
  • Page 181: Pseudowire Functionality

    MSNs. LCR configuration files are stored at: /etc/config/lcr root@VA_router:~# uci export lcr package lcr config lcr 'main' option enable '1' list msn '384720' list msn '384721' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 181 of 305...
  • Page 182: Configuring Asterisk Using Uci

    Specifies the password to present to the provider to password identify this site. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 182 of 305...
  • Page 183: Isdn Pseudowire In Client And Provider Role (Back-To-Back)

    ISDN hardware. Specifies the MSN number that the ISDN user equipment is configured to respond to. You can configure multiple MSN’s as list entries. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 183 of 305...
  • Page 184: Configuring Asterisk Using Uci

    Specifies the password to present to the provider password to identify this site. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 184 of 305...
  • Page 185 '384740' list msn '384741' ~# uci export asterisk package asterisk config provider option host '10.1.183.20' option hostport '5060' option username 'usernameForUnit40' option secret 'secretForUnit40' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 185 of 305...
  • Page 186 'usernameForUnit20' option secret 'secretForUnit20' option msn '384720' config client option username 'usernameForUnit20' #typically same as above option secret 'secretForUnit20' #typically same as above option msn '384721' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 186 of 305...
  • Page 187: Analogue Leased Line Interface

    The ALL interface provides you with the possibility to adjust the gain and attenuation. The diagram below shows the signal flow and the options available to control it. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 187 of 305...
  • Page 188: All Interface

    Figure 91: Gain and attenuation flow 27.4 ALL interface The ALL interface has the device name ‘ttyLC0’. 27.4.1 ALL status To view the status of the ALL interface, enter: va5420_status /dev/ttyLCO _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 188 of 305...
  • Page 189: All Statistics

    'main' option log_severity '5' option enable '1' config port 'Port1' ….. option rx_jitter_buffer_enabled ‘1’ 27.4.3 ALL wiring 2-wire RJ-11 RJ-45 2 RED (TIP) 5 tx/rx _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 189 of 305...
  • Page 190 6 TIP 3 GREEN (RING) 3 RING 4 BLACK (RING1) 4 RING1 RJ45 SMG 1 not connected 2 not connected 7 Not connected 8 not connected _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 190 of 305...
  • Page 191: Configuring Cesopsn

    'main' option log_severity '5' option enable '1' Name Type Required Default Description enable boolean Yes: enables CESoPSN services. yes|no No: disables CESoPSN services. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 191 of 305...
  • Page 192: Port Settings

    Enables the port. devname String ttyXHFC Selects the serial interface to be used with this port. ‘ttyLC0’: ALL interface ‘ttyXHFC0’: first Dual X.21 port ‘ttyXHFC1’:second Dual X.21 port _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 192 of 305...
  • Page 193 Selects the interface rate. The rate has to be a multiple of 64000. For the ALL 64000…204800 interface only 64000 is supported. Interface specific port settings are described in the following sub-chapters. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 193 of 305...
  • Page 194: All Interface Settings

    Boolean Enables an analogue 6.02dB output loss ue_loss_enabl (attenuation) all_rx_attenu Boolean Enables the analogue input attenuator ator_enabled (3.8dB) 28.3.2 Dual X.21 interface settings Not currently available. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 194 of 305...
  • Page 195: Dynamic Multipoint Virtual Private Network (Dmvpn)

    New HUBs can be added to the network to improve the performances and reliability. Ability to carry multicast and main routing protocols traffic (RIP, OSPF, • BGP). DMVPN can be deployed using Activator, the Virtual Access automated • provisioning system. Simplifies branch communications by enabling direct branch to branch •...
  • Page 196 When an IPsec tunnel is established, Spoke1 and Spoke2 can send traffic • directly to each other. Scenario 2: Spoke1 is in a private (NAT-ed) network, Spoke2 and hub are in public network _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 196 of 305...
  • Page 197: Configuring Dmvpn Via The Web Interface

    Spokes are sent via the hub. 29.3 Configuring DMVPN via the web interface Before configuring DMVPN, you must first configure a GRE interface. Read the previous section,’GRE interfaces’. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 197 of 305...
  • Page 198: Configuring Ipsec For Dmvpn

    This section explains how to configure VPN IPSec specifically for DMVPN. For more information on general VPN IPSec configuration, read ‘Configuring IPSec’ in the GW6600 User Manual. Access the router’s web Interface by typing 192.168.100.1 into your browser. Type in the username: root Type in the password: admin.
  • Page 199 None menu enabled Table 13: strongSwan IPSec VPN fields and their descriptions In the Unique IDs drop down menu, select Yes. The Connections settings fields appear. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 199 of 305...
  • Page 200 29: Dynamic Multipoint Virtual Private Network (DMVPN) _______________________________________________________________________________________________________ Figure 97: The strongSwan IPSec VPN page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 200 of 305...
  • Page 201 3des-sha1- DHGroup: modp1024, modp1536 modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 aes128- Specifies the esp algorithm to use. Dropdown ESP algorithm sha1, Menu The format is: 3des-sha1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 201 of 305...
  • Page 202 Valid values are none, clear, hold and restart. None Disables dead peer Dropdown DPD Action None detection. Menu Clear Clears down the tunnel if a peer does not respond. Reconnects _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 202 of 305...
  • Page 203 In the DPD Delay field, type a DPD delay value. In the DPD Timeout field, type a relevant value. At the bottom of the Secrets section, click Add. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 203 of 305...
  • Page 204: Dmvpn Hub Settings

    In the top menu, select Network -> DMVPN. The DMVPN page appears. Figure 99: The DMVPN page Under DMVPN General, click Add. The following page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 204 of 305...
  • Page 205: Uci Interface

    29.5 UCI interface 29.5.1 IPSec configuration using CLI You can configure IPSec (strongSwan package) through CLI using the UCI command suite. Configuration files are stored at: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 205 of 305...
  • Page 206 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 206 of 305...
  • Page 207: Configuring Dmvpn Using Cli

    'yes' option secrettype 'psk' option secret 'secret' 29.6 Configuring DMVPN using CLI You can configure DMVPN through CLI using the UCI command suite. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 207 of 305...
  • Page 208 'test' uci show dmvpn dmvpn.common=general-settings dmvpn.common.enabled=yes dmvpn.common.ipsec_template_name=DMVPN dmvpn.@interface[0]=interface dmvpn.@interface[0].holding_time=60 dmvpn.@interface[0].gre_interface=GRE dmvpn.@interface[0].gre_endpoint_ip=11.11.11.1 dmvpn.@interface[0].gre_endpoint_mask_length=29 dmvpn.@interface[0].nhs_ip=192.168.100.1 dmvpn.@interface[0].cisco_auth=test To change any of the above values, use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 208 of 305...
  • Page 209: Terminal Server

    30.3.1.1 Main settings Figure 101: The terminal server main settings page In the Main Settings section, click the Enable check box to enable the Terminal Server. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 209 of 305...
  • Page 210: Port Settings

    The Port Settings section is divided into 3 sub-sections: • General Serial • Network • 30.3.1.3 Port settings: general section Figure 102: The General tab fields part 1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 210 of 305...
  • Page 211 (RFC2217). Enable HDLC Enables HDLC Pseudowire over UDP Pseudowire over Checkbox Disabled support (based on RFC4618), if set UDP (RFC4618) to 1, also set udpMode 1. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 211 of 305...
  • Page 212: Port Settings: Serial Section

    0=disabled. Table 17: The general fields descriptions 30.3.1.4 Port settings: serial section Figure 104: The serial tab fields part 1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 212 of 305...
  • Page 213 Keep serial port Keep serial port always open (if Checkbox always open option not present, default is 0). RS232 Half Duplex Checkbox 1=half duplex mode; 0=full duplex _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 213 of 305...
  • Page 214: Port Settings: Network Section

    Table 22: The general fields descriptions 30.3.1.5 Port settings: network section Figure 106: The Network tab fields part 1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 214 of 305...
  • Page 215 TCP User timeout value in established state. Set to 0 to use kernel defaults (about 15-20 minutes). TCP nodelay Checkbox Disabled 1=disable TCP nagle algorithm; _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 215 of 305...
  • Page 216: Configuring Terminal Server Using Uci

    # enables detailed debug logging (state transitions, data transfer etc) option debug_ev_enable 1 Following the global section there are four port specific sections. Below is an example configuration with the embedded comments explaining each parameter. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 216 of 305...
  • Page 217 # keep serial port always open (if option not present, default is 0) option tty_always_open 0 # Forwarding timeout in milliseconds (serial to network) option fwd_timeout 30 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 217 of 305...
  • Page 218 # serial flow control mode (0=none, 1=RTS CTS, 2=XONXOFF) option fc_mode 0 # time in milliseconds to start re-connecting after setting DTR low option disc_time_ms 5000 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 218 of 305...
  • Page 219 # Interval in seconds between TCP keep alive probes option tcp_keepalive_interval 5 # Time in seconds to wait for reponse to a TCP keep alive probe option tcp_keepalive_timeout 2 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 219 of 305...
  • Page 220 '0' # 1=use USB serial card. if portmode is x.21 it is used in synchronous mode, if portmode is 'rs232' it is used in asynchronous mode _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 220 of 305...
  • Page 221 0 # Used for USB serial card. Number of bit positions to delay output of the data from detecting clock edge option sync_txdata_dly 0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 221 of 305...
  • Page 222 '1' # when used with V.23 modem driver, (set portmode 'v23') V.23 modem's RTS to CTS delay in milliseconds option v23_rts_to_cts_delay '20' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 222 of 305...
  • Page 223 # Configures serial transmit log size in bytes and enables transmit data logging. 0=disabled option serialTxLogSize 0 # Configures serial receive log size in bytes and enables receive data logging. 0=disabled option serialRxLogSize 0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 223 of 305...
  • Page 224 # Forwarding buffer size (serial to network) option fwd_buffer_size 256 # Receive control characters that cause buffer to be forwarded option rcc_string '' # serial device speed in baud _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 224 of 305...
  • Page 225 # UDP port for UDP mode option udpPort 0 Each Terminal Server port must be associated with a specific serial port device. For example, you can configure port 1 as: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 225 of 305...
  • Page 226: Terminal Server Operation

    If the Terminal Server is running, this command will show the status of each session. If the Terminal Server is not loaded it will return an error. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 226 of 305...
  • Page 227: Stopping Terminal Server

    To stop Terminal Server, enter one of the following: /usr/bin/tserv quit Kill PID. You can obtain the PID by running: ps | grep tser _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 227 of 305...
  • Page 228: Gre Interfaces

    Figure 110: The create interface page Type in the name of the new interface, then in the Protocol of the new interface drop-down list, select GRE. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 228 of 305...
  • Page 229 GRE. Specifies which interface is going Dropdown Local Interface Blank to be linked with the GRE tunnel list interface. Numeric Sets Time-To-Live value on the _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 229 of 305...
  • Page 230: Gre Uci Interface

    '24' option local_interface '3g-wan' option ttl '128' option key '1234' option mtu '1472' ~# uci show network network.tunnel1=interface network.tunnel1.proto=gre network.tunnel1.ipaddr=172.255.255.2 network.tunnel1.mask_length=24 network.tunnel1.local_interface=3g-wan network.tunnel1.ttl=128 network.tunnel1.key=1234 network.tunnel1.mtu=1472 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 230 of 305...
  • Page 231 PDUs value using this interface. Table 21: Config interface fields and their descriptions To change any of the above values use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 231 of 305...
  • Page 232: Multicasting Using Pim And Igmp Interfaces

    Configuring PIM and IGMP via the web interface To configure PIM through the web interface, in the top menu, select Network -> PIM. The PIM page appears. Figure 112: The PIM page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 232 of 305...
  • Page 233 Enable IGMP Checkbox Unchecked Enable IGMP on given interface. Enable SSM Checkbox Unchecked Enable SSM on given interface. Table 23: The PIM global settings description _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 233 of 305...
  • Page 234: Pim And Igmp Uci Interface

    'yes' option interface 'wan' option ssm 'yes' option igmp 'no' root@VA_router:/etc/config1# uci show pimd pimd.pimd=routing pimd.pimd.enabled=yes pimd.@interface[0]=interface pimd.@interface[0].enabled=yes pimd.@interface[0].interface=lan pimd.@interface[0].ssm=yes pimd.@interface[0].igmp=yes pimd.@interface[1]=interface _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 234 of 305...
  • Page 235: Name Type

    Boolean Enable PIM SSM on interface igmp Boolean Enable IGMP on interface To change any of the above values use uci set command _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 235 of 305...
  • Page 236: The Advantage Of Using Dmvpn

    New HUBs can be added to the network to improve the performances and reliability. Ability to carry multicast and main routing protocols traffic (RIP, OSPF, • BGP). DMVPN can be deployed using Activator, the Virtual Access automated • provisioning system. Simplifies branch communications by enabling direct branch to branch •...
  • Page 237: Dynamic Multipoint Virtual Private Network (Dmvpn)

    When an IPsec tunnel is established, Spoke1 and Spoke2 can send traffic • directly to each other. Scenario 2: Spoke1 is in a private (NAT-ed) network, Spoke2 and hub are in public network _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 237 of 305...
  • Page 238 Spokes are sent via the hub. 33.3 Configuring DMVPN via the web interface Before configuring DMVPN, you must first configure a GRE interface. Read the previous section,’GRE interfaces’. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 238 of 305...
  • Page 239: Configuring Dmvpn Via The Web Interface

    This section explains how to configure VPN IPSec specifically for DMVPN. For more information on general VPN IPSec configuration, read ‘Configuring IPSec’ in the GW6600 User Manual. Access the router’s web Interface by typing 192.168.100.1 into your browser. Type in the username: root Type in the password: admin.
  • Page 240: Configuring Ipsec For Dmvpn

    None menu enabled Table 17: strongSwan IPSec VPN fields and their descriptions In the Unique IDs drop down menu, select Yes. The Connections settings fields appear. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 240 of 305...
  • Page 241 27: Dynamic Multipoint Virtual Private Network (DMVPN) _______________________________________________________________________________________________________ Figure 82: The strongSwan IPSec VPN page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 241 of 305...
  • Page 242 3des-sha1- DHGroup: modp1024, modp1536 modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 aes128- Specifies the esp algorithm to use. Dropdown ESP algorithm sha1, Menu The format is: 3des-sha1 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 242 of 305...
  • Page 243 Valid values are none, clear, hold and restart. None Disables dead peer Dropdown DPD Action None detection. Menu Clear Clears down the tunnel if a peer does not respond. Reconnects _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 243 of 305...
  • Page 244 In the DPD Delay field, type a DPD delay value. In the DPD Timeout field, type a relevant value. At the bottom of the Secrets section, click Add. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 244 of 305...
  • Page 245 In the top menu, select Network -> DMVPN. The DMVPN page appears. Figure 84: The DMVPN page Under DMVPN General, click Add. The following page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 245 of 305...
  • Page 246: Dmvpn Hub Settings

    33.5 UCI interface 33.5.1 IPSec configuration using CLI You can configure IPSec (strongSwan package) through CLI using the UCI command suite. Configuration files are stored at: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 246 of 305...
  • Page 247 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 247 of 305...
  • Page 248: Configuring Dmvpn Using Cli

    'yes' option secrettype 'psk' option secret 'secret' 33.6 Configuring DMVPN using CLI You can configure DMVPN through CLI using the UCI command suite. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 248 of 305...
  • Page 249 'test' uci show dmvpn dmvpn.common=general-settings dmvpn.common.enabled=yes dmvpn.common.ipsec_template_name=DMVPN dmvpn.@interface[0]=interface dmvpn.@interface[0].holding_time=60 dmvpn.@interface[0].gre_interface=GRE dmvpn.@interface[0].gre_endpoint_ip=11.11.11.1 dmvpn.@interface[0].gre_endpoint_mask_length=29 dmvpn.@interface[0].nhs_ip=192.168.100.1 dmvpn.@interface[0].cisco_auth=test To change any of the above values, use uci set command. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 249 of 305...
  • Page 250 32: Multicasting using PIM and IGMP interfaces _______________________________________________________________________________________________________ _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 250 of 305...
  • Page 251: Event System

    34: Event system _______________________________________________________________________________________________________ 34 Event system Virtual Access routers feature an event system. The event system allows you to configure the router’s information for efficient control and management of devices. This section explains how the event system works and how to configure it using via UCI.
  • Page 252: Supported Connection Testers

    The configuration is composed of a main section and as many forwardings, targets and connection testers as required. 34.6.1 Main section config va_eventd main option enabled yes option event_queue_file '/tmp/event_buffer' option event_queue_size 128K _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 252 of 305...
  • Page 253: Forwardings

    34.6.3 Connection testers There are two types of connection testers: ping connection tester, and • • link connection tester. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 253 of 305...
  • Page 254: Ping Connection Tester

    A link connection tester tests a connection by checking the status of the interface being used. config conn_tester option name t1 option enabled 1 option type link option link_iface eth0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 254 of 305...
  • Page 255: Supported Targets

    514 is assumed Name of the connection tester to conn_tester String None use for this target Table 33: Event system – syslog target settings description _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 255 of 305...
  • Page 256: Email Target

    Enable starttls support tls_forcessl3 Boolean Force SSLv3 for TLS timeout_sec Time in secs Email send timeout Email from Source email address address Email Destination email address address _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 256 of 305...
  • Page 257: Snmp Target

    Table 35: Event system – snmp target settings description 34.6.4.4 Exec target When an exec target receives an event, it executes a shell command. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 257 of 305...
  • Page 258: Example And Export

    To view the configuration file, enter: uci export va_eventd root@test:~# uci export va_eventd package va_eventd config va_eventd 'main' option enabled 'yes' option event_queue_file '/tmp/event_buffer' option event_queue_size '128K' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 258 of 305...
  • Page 259 'ping' option ping_dest_addr '192.168.100.254' option ping_source 'eth0' option ping_success_duration_sec '10' config conn_tester option name 'smtp_server' option enabled '1' option type 'link' option link_iface 'eth0' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 259 of 305...
  • Page 260 'yes' option type 'snmptrap' option community 'public' option target_addr '192.168.100.254' option agent_addr '192.168.100.1' option conn_tester 'mon_server' config target option name 'logit' option enabled 'yes' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 260 of 305...
  • Page 261 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 261 of 305...
  • Page 262 %{eventName}!!! va_eventd.@target[1].body_template=%{eventName} (%{class}.%{subclass}) happened! va_eventd.@target[1].conn_tester=smtp_server va_eventd.@target[2]=target va_eventd.@target[2].name=snmp va_eventd.@target[2].enabled=yes va_eventd.@target[2].type=snmptrap va_eventd.@target[2].community=public va_eventd.@target[2].target_addr=192.168.100.254 va_eventd.@target[2].agent_addr=192.168.100.1 va_eventd.@target[2].conn_tester=mon_server _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 262 of 305...
  • Page 263 34: Event system _______________________________________________________________________________________________________ va_eventd.@target[3]=target va_eventd.@target[3].name=logit va_eventd.@target[3].enabled=yes va_eventd.@target[3].type=exec va_eventd.@target[3].cmd_template=logger -t eventer %{eventName} _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 263 of 305...
  • Page 264: Configuring Sla Reporting On Monitor

    Introduction This section describes how to configure and view SLA reporting on Monitor, the Virtual Access monitoring system. It also explains how to configure scheduler task that is placed on the router to upload SLA statistics. The Virtual Access Monitor system provides: centralised access to router connectivity status, •...
  • Page 265 Max Connection Strength Select roll Scope rollup period Year up scope Month Week Hour Minute Second Select Range of scope Year range scope Month Week Hour Minute Second _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 265 of 305...
  • Page 266 Figure 125: Example of Avg latency parameters When you have entered all the parameters you require, click Add data set. Repeat the process for Avg Connection strength, Avg Packetloss and Avg Latency. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 266 of 305...
  • Page 267: Adding An Sla Report

    When you have configured a content template, you can add an SLA report. In the top menu, click SLA Reporting -> REPORTS. Then click Create. The Add SLA Report page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 267 of 305...
  • Page 268 Content template that report is based on Table 38: Parameters for adding an SLA report The figure below shows an example of a SLA report with two devices. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 268 of 305...
  • Page 269: Viewing An Sla Report

    Select the relevant report in the drop down menu and select a date. Figure 129: The generate SLA report page Click Generate and the report will open. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 269 of 305...
  • Page 270: Viewing Automated Sla Reports

    To view these reports access any router assigned to the report. Select the relevant report. A list of downloadable PDFs appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 270 of 305...
  • Page 271: Configuring Router Upload Protocol

    TFTP Server Address and then enter the TFTP Server Port number to match. Figure 132: The upload protocol parameters _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 271 of 305...
  • Page 272: Configuring Sla For A Router

    _______________________________________________________________________________________________________ 36 Configuring SLA for a router SLA reporting works in two parts: The Virtual Access Monitor system server connects via SSH into the router • and schedules the task of uploading statistics to Monitor. The Virtual Access router monitors UDP keepalive packets. It creates and •...
  • Page 273 Description Check Enable none Enables SLAD daemon. Roundtrip Specifies the time in milliseconds that a integer None Timeout (ms) packet is not replied before this timeout _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 273 of 305...
  • Page 274: Configuring Sla For A Router Via Uci Interface

    'main' option enable 'yes' option roundtrip_timeout_msec '5000' option interface 'lan' option destination_host_ip_address '10.1.1.2' option destination_udp_port '53' option bin_restart_period_msec '3600000' option max_bin_count '73' uci show slad slad.main=slad _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 274 of 305...
  • Page 275: Sla Statistics

    Type the command sla current to show current statistics. Figure 137: Output from the command line sla current Type the command sla newest to show the newest statistics. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 275 of 305...
  • Page 276 36:Configuring SLA for a router _______________________________________________________________________________________________________ Figure 138: Output from the command line sla newest _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 276 of 305...
  • Page 277: Diagnostics

    37.1.2 ADSL PPPoEoA connections To check the status of an ADSL line, in the top menu, select Status -> ADSL Status. The ADSL Status page appears. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 277 of 305...
  • Page 278: Adsl Bridge Connections

    To check the status of an ADSL line, in the top menu, select Status -> ADSL Status. The ADSL Status page appears. Figure 143: The ADSL status page _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 278 of 305...
  • Page 279: All Diagnostics

    RECEIVE STATS rx bytes 566988 rx overruns rx discards V.23 MODE STATS rx bytes tx bytes rx samples tx samples rx carrier on tx carrier on _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 279 of 305...
  • Page 280: Automatic Operator Selection Diagnostics Via The Web Interface

    To check the status of the interface you are currently using, in the top menu, click Status. The Interface Status page appears. Scroll down to the bottom of the page to view Multi-WAN Stats. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 280 of 305...
  • Page 281: Automatic Operator Selection Diagnostics Via Uci

    To check interfaces created in the multi-WAN package, enter: cat /var/const_state/multiwan Figure 147: Output from the command: cat /var/const_stat/multiwan To check interfaces created in the network package, enter: cat /var/const_state/network _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 281 of 305...
  • Page 282 37: Diagnostics _______________________________________________________________________________________________________ To check the status of the interface you are currently using, enter: cat /var/const_state_/mobile Figure 148: Output from the command cat /vat/const_state_/mobile _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 282 of 305...
  • Page 283: Cesopsn Diagnostics

    - clear statistics 37.5.1 cesop show config To show the currently running configuration, enter: root@VA_router:~# cesop show config Main Config ----------- enable nodaemon debug_enabled log_severity schedule_mode _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 283 of 305...
  • Page 284 : 24 app_bit_reverse app_rx_shift devname : ttyLC0 bypass local_loopback rate : 64000 ext_clock fifo_irq_level bit_reverse dte_tt_inv dce_tclk_inv dce_rclk_inv x21_clk_invert x21_data_delay x21_use_vco all_four_wire_mode all_pcm_encoding : alaw all_rx_attenuator_enabled all_rx_analogue_gain_enabled _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 284 of 305...
  • Page 285: Cesop Show Status

    [D5][D5]... txPayloadType txSegmentSize txSsrc 89298337 txLBit txRBit txMBits txTdmPayload [D5][D5]... 37.5.3 cesop show stats To view statistical information about the CESoPSN service, enter cesop show stats. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 285 of 305...
  • Page 286: Cesop Clear Stats

    0 rxOutOfOrder 0 rxTdmLenErrs 0 txTdmLenErrs 0 Clock recovery statistics ------------------------- packetLossCount clockChanges 37.5.4 cesop clear stats To reset the statistical counters, enter cesop clear stats _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 286 of 305...
  • Page 287: Dmvpn Diagnostics

    There are two hub statuses ‘hub’ and ‘dead hub’. Table 39: NBMA peers columns and their descriptions You can check IPSec status using uci commands. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 287 of 305...
  • Page 288 Type: local Protocol-Address: 11.11.11.3/32 Flags: up Interface: gre-GRE Type: cached Protocol-Address: 11.11.11.2/32 NBMA-Address: 178.237.115.129 NBMA-NAT-OA-Address: 172.20.38.129 Flags: used up Expires-In: 0:18 Interface: gre-GRE Type: static Protocol-Address: 11.11.11.1/29 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 288 of 305...
  • Page 289: File System Diagnostics

    Normally it is not necessary to store any other files in flash. One exception, for example, is a banner file for logins. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 289 of 305...
  • Page 290: Firewall Diagnostics

    'wan_interface' option network ' wan_interface' option masq '1' option mtu_fix '1' option forward 'ACCEPT' option output 'ACCEPT' option family 'any' option conntrack '0' option input 'ACCEPT' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 290 of 305...
  • Page 291 'ipv4' list icmp_type 'echo-request' config rule option name 'SNMP-trap' option src 'wan_interface' option proto 'udp' option dest_port '162' option target 'ACCEPT' option family 'ipv4' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 291 of 305...
  • Page 292 'Allow-ICMPv6-Forward' option src 'wan_interface' option proto 'icmp' option dest '*' option target 'ACCEPT' option family 'ipv6' option limit '1000/sec' list icmp_type 'echo-request' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 292 of 305...
  • Page 293: Ip Tables

    To see the rules as they are executed, run the fw command with the FW_TRACE environment variable set to 1: root@VA_router:~# FW_TRACE=1 fw reload To direct the output to a file for later inspection, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 293 of 305...
  • Page 294: Gps Diagnostic Commands

    Bcast:192.168.100.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:c8ff:fe12:1215/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6645 errors:0 dropped:0 overruns:0 frame:0 TX packets:523 errors:0 dropped:0 overruns:0 carrier:0 _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 294 of 305...
  • Page 295: Route Status

    A route will only be displayed in the routing table when the interface is up. 37.10.3 Mobile status To display information and status of mobile interfaces like 4G or CDMA, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 295 of 305...
  • Page 296: Adsl Status

    Rev B mobile.3g_1_1_2.cdma_srvmode_code=5 mobile.3g_1_1_2.cdma_total_drc=0.0 kbps mobile.3g_1_1_2.cdma_carr_cnt=2 mobile.3g_1_1_2.cdma_rx0=78 mobile.3g_1_1_2.sig_dbm=nan mobile.3g_1_1_2.cdma_rx1=105 37.10.4 ADSL status The ADSL chipset has its own subset of commands. root@VA_router:~# /etc/init.d/dsl_control Syntax: /etc/init.d/dsl_control [command] _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 296 of 305...
  • Page 297: Isdn Pseudowire Diagnostics

    To view configuration of the LCR package, enter: root@VA_router:~# uci export lcr package lcr config lcr 'main' option enable '1' list msn '384740' list msn '384741' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 297 of 305...
  • Page 298: Asterisk Cli Diagnostics

    10.1.23.15 5060 Unmonitored 1 sip peers [Monitored: 0 online, 0 offline Unmonitored: 1 online, 0 offline] To view current call diagnostics when in asterisk CLI, enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 298 of 305...
  • Page 299: Isdn Led Status

    Audio channel is up (dial tone or call in progress) ISDN bottom Audio channel is inactive 37.12 IPSec diagnostics Virtual Access routers use the strongSwan package for IPSec. To view IPSEC configuration on the router, enter: root@VA_router:~# uci export strongswan To restart strongSwan, enter: root@VA_router:~# etc/init.d/strongswan restart...
  • Page 300: Multi-Wan Diagnostics

    '0' option ifup_retry_sec '300' option ifup_timeout_sec '40' config interface 'Ethernet' option health_interval '10' option icmp_hosts 'dns' option timeout '3' option health_fail_retries '3' option health_recovery_retries '5' _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 300 of 305...
  • Page 301: Pad Diagnostics

    The modules will write events to the log if they are configured to do so. To see the event that are already logged, type the following at the command prompt: logread. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 301 of 305...
  • Page 302: Debugging Guidelines

    To check if the modules are running, follow the instructions modules running? described in the PAD section. For more details refer to the ‘Terminal Server’ section in this manual. _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 302 of 305...
  • Page 303: Terminal Server Diagnostics

    <Port> [length], Port=port cfg index (0 to 3), length=length to show tserv show serial rxlog-asc <Port> [length], Port=port cfg index (0 to 3), length=length to show tserv show debug - show debug info _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 303 of 305...
  • Page 304: Vrrp Diagnostics

    Figure 151: The VRRP status settings 37.16.2 VRRP diagnostics using the command line interface To view VRRP using the CLI interface, SSH into the router and enter: _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 304 of 305...
  • Page 305: Diagnostics For Wifi Ap Mode

    To check for connectivity, in the top menu, select Network -> Interfaces. The WCLIENT interface will show receive and transmit packets and an IP address. Figure 153: The interface overview page showing WClient stats _______________________________________________________________________________________________________ © Virtual Access 2015 GW6600 User Manual Issue: 2.3 Page 305 of 305...

Table of Contents